diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-10 15:52:36 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-24 14:59:52 +0200 |
commit | ddd16c2fe988ed9fdd5118c2f2617745438fd675 (patch) | |
tree | 08eb4554b256062b40bbc9885edf2153c2b87fcf /CHANGES | |
parent | 8e747338593f3bafe9798226cddf4edf36bc2de9 (diff) |
Change DH parameters to generate the order q subgroup instead of 2q
This avoids leaking bit 0 of the private key.
Backport-of: #9363
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9435)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -9,6 +9,12 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Changed DH parameters to generate the order q subgroup instead of 2q. + Previously generated DH parameters are still accepted by DH_check + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + [Bernd Edlinger] + *) Revert the DEVRANDOM_WAIT feature for Linux systems The DEVRANDOM_WAIT feature added a select() call to wait for the |