import OpenSSL 1.0.0e

author: djm <> 2011-11-03 02:32:21 +0000
committer: djm <> 2011-11-03 02:32:21 +0000
commit: 074782d395f8a140cd5120b87574dcd928bacd24 (patch)
tree: 79374ba6e81c08ba6e78220557d6f6e9ca03f7b7 /src/lib/libcrypto/jpake
parent: f6ca1ae73bb9eabfb510df2cffc2599db98d35a9 (diff)
download: openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.gz
openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.bz2
openbsd-074782d395f8a140cd5120b87574dcd928bacd24.zip
3 files changed, 34 insertions, 1 deletions
diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c
index 086d9f47e0..8e4b633ccc 100644
--- a/src/lib/libcrypto/jpake/jpake.c
+++ b/src/lib/libcrypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
    return 1;
    }
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+        return 0;
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+    return res;
+    }
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
    {
+    if(!is_legal(received->p1.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+        return 0;
+        }
+    if(!is_legal(received->p2.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+        return 0;
+        }
   /* verify their ZKP(xc) */
    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
        {
diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h
index 693ea188cb..fd143b4d9b 100644
--- a/src/lib/libcrypto/jpake/jpake.h
+++ b/src/lib/libcrypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP                               100
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c
index 1b95067967..a9a9dee75c 100644
--- a/src/lib/libcrypto/jpake/jpake_err.c
+++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 static ERR_STRING_DATA JPAKE_str_reasons[]=
        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
author	djm <>	2011-11-03 02:32:21 +0000
committer	djm <>	2011-11-03 02:32:21 +0000
commit	074782d395f8a140cd5120b87574dcd928bacd24 (patch)
tree	79374ba6e81c08ba6e78220557d6f6e9ca03f7b7 /src/lib/libcrypto/jpake
parent	f6ca1ae73bb9eabfb510df2cffc2599db98d35a9 (diff)
download	openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.gz openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.bz2 openbsd-074782d395f8a140cd5120b87574dcd928bacd24.zip

diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c index 086d9f47e0..8e4b633ccc 100644 --- a/src/lib/libcrypto/jpake/jpake.c +++ b/src/lib/libcrypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 send, JPAKE_CTX ctx)
282	return 1;	282	return 1;
283	}	283	}
284		284
		285	/* g^x is a legal value */
		286	static int is_legal(const BIGNUM gx, const JPAKE_CTX ctx)
		287	{
		288	BIGNUM *t;
		289	int res;
		290
		291	if(BN_is_negative(gx) \|\| BN_is_zero(gx) \|\| BN_cmp(gx, ctx->p.p) >= 0)
		292	return 0;
		293
		294	t = BN_new();
		295	BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
		296	res = BN_is_one(t);
		297	BN_free(t);
		298
		299	return res;
		300	}
		301
285	int JPAKE_STEP1_process(JPAKE_CTX ctx, const JPAKE_STEP1 received)	302	int JPAKE_STEP1_process(JPAKE_CTX ctx, const JPAKE_STEP1 received)
286	{	303	{
		304	if(!is_legal(received->p1.gx, ctx))
		305	{
		306	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
		307	return 0;
		308	}
		309
		310	if(!is_legal(received->p2.gx, ctx))
		311	{
		312	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
		313	return 0;
		314	}
		315
287	/* verify their ZKP(xc) */	316	/* verify their ZKP(xc) */
288	if(!verify_zkp(&received->p1, ctx->p.g, ctx))	317	if(!verify_zkp(&received->p1, ctx->p.g, ctx))
289	{	318	{


diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h index 693ea188cb..fd143b4d9b 100644 --- a/src/lib/libcrypto/jpake/jpake.h +++ b/src/lib/libcrypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
115	#define JPAKE_F_VERIFY_ZKP 100	115	#define JPAKE_F_VERIFY_ZKP 100
116		116
117	/* Reason codes. */	117	/* Reason codes. */
		118	#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
		119	#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
118	#define JPAKE_R_G_TO_THE_X4_IS_ONE 105	120	#define JPAKE_R_G_TO_THE_X4_IS_ONE 105
119	#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106	121	#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
120	#define JPAKE_R_HASH_OF_KEY_MISMATCH 107	122	#define JPAKE_R_HASH_OF_KEY_MISMATCH 107


diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c index 1b95067967..a9a9dee75c 100644 --- a/src/lib/libcrypto/jpake/jpake_err.c +++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
1	/* crypto/jpake/jpake_err.c */	1	/* crypto/jpake/jpake_err.c */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
4	*	4	*
5	* Redistribution and use in source and binary forms, with or without	5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions	6	* modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
80		80
81	static ERR_STRING_DATA JPAKE_str_reasons[]=	81	static ERR_STRING_DATA JPAKE_str_reasons[]=
82	{	82	{
		83	{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
		84	{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
83	{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"},	85	{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"},
84	{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},	86	{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
85	{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},	87	{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},