diff options
author | Hubert Kario <hkario@redhat.com> | 2020-06-05 20:21:55 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-06-09 12:15:48 +0200 |
commit | 7646610b6a2c53ae50ed453c88291c23630e7850 (patch) | |
tree | f7654090fa435eddd3bbc9bf06d772cc621cab29 /include | |
parent | 78215852066d214ded6695a27c997eb0d651c31f (diff) | |
download | openssl-7646610b6a2c53ae50ed453c88291c23630e7850.zip openssl-7646610b6a2c53ae50ed453c88291c23630e7850.tar.gz openssl-7646610b6a2c53ae50ed453c88291c23630e7850.tar.bz2 |
use safe primes in ssl_get_auto_dh()
DH_get_1024_160() and DH_get_2048_224() return parameters from
RFC5114. Those parameters include primes with known small subgroups,
making them unsafe. Change the code to use parameters from
RFC 2409 and RFC 3526 instead (group 2 and 14 respectively).
This patch also adds automatic selection of 4096 bit params for 4096 bit
RSA keys
Signed-off-by: Hubert Kario <hkario@redhat.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12061)
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions