diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-02-15 15:26:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-02-16 10:12:02 +0000 |
commit | c9e955dd50f30f46555ff837b0bbae63433cef40 (patch) | |
tree | 724f45ebbbe51dfd59ab7866a280cf5bdb3c5142 /crypto/ffc | |
parent | 62829f9f26bf248f29be9604870bbe46f946927a (diff) |
Do not match RFC 5114 groups without q as it is significant
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14189)
Diffstat (limited to 'crypto/ffc')
-rw-r--r-- | crypto/ffc/ffc_dh.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c index 313466b0ea..948c61d988 100644 --- a/crypto/ffc/ffc_dh.c +++ b/crypto/ffc/ffc_dh.c @@ -110,7 +110,9 @@ const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, if (BN_cmp(p, dh_named_groups[i].p) == 0 && BN_cmp(g, dh_named_groups[i].g) == 0 /* Verify q is correct if it exists */ - && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0)) + && ((q != NULL && BN_cmp(q, dh_named_groups[i].q) == 0) + /* Do not match RFC 5114 groups without q */ + || (q == NULL && dh_named_groups[i].uid > 3))) return &dh_named_groups[i]; } return NULL; |