diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-10 15:52:36 +0200 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 20:03:27 +0200 |
| commit | a38c878c2e5e05016bc9faa8d0828eb96efba1c2 (patch) | |
| tree | 18485904f5e8438f97b9a4f0bac4292b527255a7 /apps | |
| parent | Documentation: add provider-base(7), describing the base functions (diff) | |
| download | openssl-a38c878c2e5e05016bc9faa8d0828eb96efba1c2.tar.xz openssl-a38c878c2e5e05016bc9faa8d0828eb96efba1c2.zip | |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9363)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dhparam.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/dhparam.c b/apps/dhparam.c index b13a34ad9b..7cd69b9270 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -37,7 +37,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_C, OPT_2, OPT_5, + OPT_DSAPARAM, OPT_C, OPT_2, OPT_3, OPT_5, OPT_R_ENUM } OPTION_CHOICE; @@ -55,6 +55,7 @@ const OPTIONS dhparam_options[] = { OPT_R_OPTIONS, {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, + {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, # ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', @@ -125,6 +126,9 @@ int dhparam_main(int argc, char **argv) case OPT_2: g = 2; break; + case OPT_3: + g = 3; + break; case OPT_5: g = 5; break; |