Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14189)
if (BN_cmp(p, dh_named_groups[i].p) == 0
&& BN_cmp(g, dh_named_groups[i].g) == 0
/* Verify q is correct if it exists */
- && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0))
+ && ((q != NULL && BN_cmp(q, dh_named_groups[i].q) == 0)
+ /* Do not match RFC 5114 groups without q */
+ || (q == NULL && dh_named_groups[i].uid > 3)))
return &dh_named_groups[i];
}
return NULL;