diff options
author | Richard Levitte <levitte@openssl.org> | 2023-10-20 09:18:19 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-11-06 07:53:22 +0000 |
commit | ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 (patch) | |
tree | cbf073a8775686b0e3f94c6ef0f69e1a55a0e934 /config.com | |
parent | 6cde903a369250719fd177727de97a7aebdd7bc6 (diff) |
Make DH_check_pub_key() and DH_generate_key() safer yet
We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.
This change adds all the missing excessive size checks of P and Q.
It's to be noted that behaviours surrounding excessively sized P and Q
differ. DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q. This behaviour is mimicked in
DH_check_pub_key().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22518)
Diffstat (limited to 'config.com')
0 files changed, 0 insertions, 0 deletions