From 1f9dc86b557dd259b636882836885d8e6714735e Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Mon, 9 Sep 2019 09:59:54 +0200 Subject: Change DH_generate_parameters back to order 2q subgroup For for G=2 and 5 DH_generate_parameters will continue to generate the order 2q subgroup for compatibility with previous versions. For G=3 DH_generate_parameters generates an order q subgroup, but it will not pass the check in DH_check with previous OpenSSL versions. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9820) --- crypto/dh/dh_gen.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'crypto') diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 1262d4e155..d293835eb2 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -53,6 +53,10 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, * for 2, p mod 24 == 23 * for 3, p mod 12 == 11 * for 5, p mod 60 == 59 + * + * However for compatibilty with previous versions we use: + * for 2, p mod 24 == 11 + * for 5, p mod 60 == 23 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -83,13 +87,13 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, if (generator == DH_GENERATOR_2) { if (!BN_set_word(t1, 24)) goto err; - if (!BN_set_word(t2, 23)) + if (!BN_set_word(t2, 11)) goto err; g = 2; } else if (generator == DH_GENERATOR_5) { if (!BN_set_word(t1, 60)) goto err; - if (!BN_set_word(t2, 59)) + if (!BN_set_word(t2, 23)) goto err; g = 5; } else { -- cgit v1.2.3