Add domain parameter match check for DH and ECDH key exchange.

Fixes #14808 Validation checks were moved into EVP_PKEY_derive_set_peer() which broke an external negative test. Originally the old code was semi working by checking the peers public key was in the range of other parties p. It was not actually ever checking that the domain parameters were consistent between the 2 parties. It now checks the parameters match as well as validating the peers public key. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14823)
author: Shane Lontis <shane.lontis@oracle.com> 2021-04-12 09:06:24 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-04-14 16:01:13 +1000
commit: 46eee7104d77f9d303e06a398febdc60fd014d33 (patch)
tree: d826be79497504683f836f4c6a9d7c0b6a91f3d0 /crypto
parent: 0d5bbaaae2c65ddf7a30596b61617304e0950d9c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index ee17b68405..eed0b71ada 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1007,6 +1007,7 @@ PROV_R_IN_ERROR_STATE:192:in error state
 PROV_R_KEY_SETUP_FAILED:101:key setup failed
 PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
 PROV_R_LENGTH_TOO_LARGE:202:length too large
+PROV_R_MISMATCHING_DOMAIN_PARAMETERS:203:mismatching domain parameters
 PROV_R_MISSING_CEK_ALG:144:missing cek alg
 PROV_R_MISSING_CIPHER:155:missing cipher
 PROV_R_MISSING_CONFIG_DATA:213:missing config data
author	Shane Lontis <shane.lontis@oracle.com>	2021-04-12 09:06:24 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-04-14 16:01:13 +1000
commit	46eee7104d77f9d303e06a398febdc60fd014d33 (patch)
tree	d826be79497504683f836f4c6a9d7c0b6a91f3d0 /crypto
parent	0d5bbaaae2c65ddf7a30596b61617304e0950d9c (diff)