projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 00d9654) | patch
Better check of DH parameters in TLS data
authorRichard Levitte <levitte@openssl.org>
Fri, 30 Dec 2016 20:57:28 +0000 (21:57 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Jan 2017 10:54:36 +0000 (10:54 +0000)
commita39aa18644d3338087a827c6555b18bc857346fe
tree76de6f9b8fa690fb4fcfd6d023236ac57ced30b8tree | snapshot
parent00d965474b22b54e4275232bc71ee0c699c5cd21commit | diff
Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

    check that p is odd
    check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
crypto/dh/dh_check.c diff | blob | history
include/openssl/dh.h diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
util/libcrypto.num diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.