mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
45bf87a0b9
openssl/crypto/dh
History
Matt Caswell b128abc343 Prevent small subgroup attacks on DH/DHE 
Historically OpenSSL only ever generated DH parameters based on "safe"
primes. More recently (in version 1.0.2) support was provided for
generating X9.42 style parameter files such as those required for RFC
5114 support. The primes used in such files may not be "safe". Where an
application is using DH configured with parameters based on primes that
are not "safe" then an attacker could use this fact to find a peer's
private DH exponent. This attack requires that the attacker complete
multiple handshakes in which the peer uses the same DH exponent.

A simple mitigation is to ensure that y^q (mod p) == 1

CVE-2016-0701

Issue reported by Antonio Sanso.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 14:41:19 +00:00
..
dh192.pem
dh512.pem
dh1024.pem
dh2048.pem
dh4096.pem
dh_ameth.c make EVP_PKEY opaque 2016-01-20 03:24:59 +00:00
dh_asn1.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_check.c Prevent small subgroup attacks on DH/DHE 2016-01-28 14:41:19 +00:00
dh_depr.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_err.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_gen.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_kdf.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_key.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_lib.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_pmeth.c Rename some BUF_xxx to OPENSSL_xxx 2015-12-16 16:14:49 -05:00
dh_prn.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
dh_rfc5114.c
example
generate
Makefile.in Remove update tags 2016-01-20 09:09:14 -05:00