diff options
| author | Matt Caswell <matt@openssl.org> | 2021-02-09 16:12:09 +0100 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-02-15 05:17:36 +0100 |
| commit | aee73562d17499f2660c14f8c150459097680a1d (patch) | |
| tree | 5a5007540ad8e528f635f7b5e28de62a1119642a /providers | |
| parent | RSA: avoid dereferencing possibly-NULL parameter in initializers (diff) | |
| download | openssl-aee73562d17499f2660c14f8c150459097680a1d.tar.xz openssl-aee73562d17499f2660c14f8c150459097680a1d.zip | |
Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_check_params_ex()
performs a lightweight check. In 1.1.1 EVP_PKEY_param_check() would call
DH_check_ex() for DH keys. For backwards compatibility we should continue
with that behaviour.
Fixes #13501
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/dh_kmgmt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 1d674a14bf..1691f66f44 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -378,7 +378,7 @@ static int dh_validate(const void *keydata, int selection) ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && DH_check_params_ex(dh); + ok = ok && DH_check_ex(dh); if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && dh_validate_public(dh); |