diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-10 15:52:36 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 20:03:27 +0200 |
commit | a38c878c2e5e05016bc9faa8d0828eb96efba1c2 (patch) | |
tree | 18485904f5e8438f97b9a4f0bac4292b527255a7 /CHANGES | |
parent | d4c69c69d171edb17b4d609c15891a9599809ed0 (diff) | |
download | openssl-a38c878c2e5e05016bc9faa8d0828eb96efba1c2.tar.gz |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -9,6 +9,12 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Changed DH parameters to generate the order q subgroup instead of 2q. + Previously generated DH parameters are still accepted by DH_check + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + [Bernd Edlinger] + *) Added a new FUNCerr() macro that takes a function name. The macro SYSerr() is deprecated. [Rich Salz] |