Fixes related to separation of DH and DHX types

Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
author: Shane Lontis <shane.lontis@oracle.com> 2021-04-15 18:25:17 +1000
committer: Tomas Mraz <tomas@openssl.org> 2021-04-26 19:52:11 +0200
commit: f1ffaaeece5efb7d2f4859a59e3164edf9b4b769 (patch)
tree: a125dfda9f44ef0702f8bae025ccec829eb33652 /crypto/ffc
parent: 6c9bc258d2e9e7b500236a1c696da1f384f0b907 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c
index 17888e9291..e9f597c46c 100644
--- a/crypto/ffc/ffc_dh.c
+++ b/crypto/ffc/ffc_dh.c
@@ -113,9 +113,7 @@ const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p,
         if (BN_cmp(p, dh_named_groups[i].p) == 0
             && BN_cmp(g, dh_named_groups[i].g) == 0
             /* Verify q is correct if it exists */
-            && ((q != NULL && BN_cmp(q, dh_named_groups[i].q) == 0)
-                /* Do not match RFC 5114 groups without q */
-                || (q == NULL && dh_named_groups[i].uid > 3)))
+            && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0))
             return &dh_named_groups[i];
     }
     return NULL;
author	Shane Lontis <shane.lontis@oracle.com>	2021-04-15 18:25:17 +1000
committer	Tomas Mraz <tomas@openssl.org>	2021-04-26 19:52:11 +0200
commit	f1ffaaeece5efb7d2f4859a59e3164edf9b4b769 (patch)
tree	a125dfda9f44ef0702f8bae025ccec829eb33652 /crypto/ffc
parent	6c9bc258d2e9e7b500236a1c696da1f384f0b907 (diff)