OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

1 files changed, 6 insertions, 4 deletions

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 95ce9cfad0..7e5cfd8bfc 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -61,7 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-/* Check that p is a strong prime and
+/* Check that p is a safe prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
  * where
  * for 2, p mod 24 == 11
@@ -88,11 +88,13 @@ int DH_check(DH *dh, int *ret)
                 l=BN_mod_word(dh->p,24);
                 if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
                 }
-/*      else if (BN_is_word(dh->g,DH_GENERATOR_3))
+#if 0
+        else if (BN_is_word(dh->g,DH_GENERATOR_3))
                 {
                 l=BN_mod_word(dh->p,12);
                 if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-                }*/
+                }
+#endif
         else if (BN_is_word(dh->g,DH_GENERATOR_5))
                 {
                 l=BN_mod_word(dh->p,10);
@@ -108,7 +110,7 @@ int DH_check(DH *dh, int *ret)
                 {
                 if (!BN_rshift1(q,dh->p)) goto err;
                 if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
-                        *ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
                 }
         ok=1;
 err: