diff options
Diffstat (limited to 'src/lib/libcrypto/dh/dh_key.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_key.c | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 3a39f7c8ca..e7db440342 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -62,8 +62,6 @@ | |||
| 62 | #include <openssl/rand.h> | 62 | #include <openssl/rand.h> |
| 63 | #include <openssl/dh.h> | 63 | #include <openssl/dh.h> |
| 64 | 64 | ||
| 65 | #ifndef OPENSSL_FIPS | ||
| 66 | |||
| 67 | static int generate_key(DH *dh); | 65 | static int generate_key(DH *dh); |
| 68 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); | 66 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); |
| 69 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | 67 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, |
| @@ -91,6 +89,7 @@ dh_bn_mod_exp, | |||
| 91 | dh_init, | 89 | dh_init, |
| 92 | dh_finish, | 90 | dh_finish, |
| 93 | 0, | 91 | 0, |
| 92 | NULL, | ||
| 94 | NULL | 93 | NULL |
| 95 | }; | 94 | }; |
| 96 | 95 | ||
| @@ -131,8 +130,7 @@ static int generate_key(DH *dh) | |||
| 131 | 130 | ||
| 132 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | 131 | if (dh->flags & DH_FLAG_CACHE_MONT_P) |
| 133 | { | 132 | { |
| 134 | mont = BN_MONT_CTX_set_locked( | 133 | mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, |
| 135 | (BN_MONT_CTX **)&dh->method_mont_p, | ||
| 136 | CRYPTO_LOCK_DH, dh->p, ctx); | 134 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 137 | if (!mont) | 135 | if (!mont) |
| 138 | goto err; | 136 | goto err; |
| @@ -152,7 +150,7 @@ static int generate_key(DH *dh) | |||
| 152 | { | 150 | { |
| 153 | BN_init(&local_prk); | 151 | BN_init(&local_prk); |
| 154 | prk = &local_prk; | 152 | prk = &local_prk; |
| 155 | BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); | 153 | BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); |
| 156 | } | 154 | } |
| 157 | else | 155 | else |
| 158 | prk = priv_key; | 156 | prk = priv_key; |
| @@ -165,7 +163,7 @@ static int generate_key(DH *dh) | |||
| 165 | ok=1; | 163 | ok=1; |
| 166 | err: | 164 | err: |
| 167 | if (ok != 1) | 165 | if (ok != 1) |
| 168 | DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); | 166 | DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); |
| 169 | 167 | ||
| 170 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); | 168 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); |
| 171 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); | 169 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); |
| @@ -175,10 +173,17 @@ err: | |||
| 175 | 173 | ||
| 176 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | 174 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) |
| 177 | { | 175 | { |
| 178 | BN_CTX *ctx; | 176 | BN_CTX *ctx=NULL; |
| 179 | BN_MONT_CTX *mont=NULL; | 177 | BN_MONT_CTX *mont=NULL; |
| 180 | BIGNUM *tmp; | 178 | BIGNUM *tmp; |
| 181 | int ret= -1; | 179 | int ret= -1; |
| 180 | int check_result; | ||
| 181 | |||
| 182 | if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) | ||
| 183 | { | ||
| 184 | DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); | ||
| 185 | goto err; | ||
| 186 | } | ||
| 182 | 187 | ||
| 183 | ctx = BN_CTX_new(); | 188 | ctx = BN_CTX_new(); |
| 184 | if (ctx == NULL) goto err; | 189 | if (ctx == NULL) goto err; |
| @@ -187,27 +192,32 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 187 | 192 | ||
| 188 | if (dh->priv_key == NULL) | 193 | if (dh->priv_key == NULL) |
| 189 | { | 194 | { |
| 190 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); | 195 | DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); |
| 191 | goto err; | 196 | goto err; |
| 192 | } | 197 | } |
| 193 | 198 | ||
| 194 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | 199 | if (dh->flags & DH_FLAG_CACHE_MONT_P) |
| 195 | { | 200 | { |
| 196 | mont = BN_MONT_CTX_set_locked( | 201 | mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, |
| 197 | (BN_MONT_CTX **)&dh->method_mont_p, | ||
| 198 | CRYPTO_LOCK_DH, dh->p, ctx); | 202 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 199 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) | 203 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) |
| 200 | { | 204 | { |
| 201 | /* XXX */ | 205 | /* XXX */ |
| 202 | BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); | 206 | BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); |
| 203 | } | 207 | } |
| 204 | if (!mont) | 208 | if (!mont) |
| 205 | goto err; | 209 | goto err; |
| 206 | } | 210 | } |
| 207 | 211 | ||
| 212 | if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) | ||
| 213 | { | ||
| 214 | DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); | ||
| 215 | goto err; | ||
| 216 | } | ||
| 217 | |||
| 208 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) | 218 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) |
| 209 | { | 219 | { |
| 210 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); | 220 | DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); |
| 211 | goto err; | 221 | goto err; |
| 212 | } | 222 | } |
| 213 | 223 | ||
| @@ -248,8 +258,6 @@ static int dh_init(DH *dh) | |||
| 248 | static int dh_finish(DH *dh) | 258 | static int dh_finish(DH *dh) |
| 249 | { | 259 | { |
| 250 | if(dh->method_mont_p) | 260 | if(dh->method_mont_p) |
| 251 | BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); | 261 | BN_MONT_CTX_free(dh->method_mont_p); |
| 252 | return(1); | 262 | return(1); |
| 253 | } | 263 | } |
| 254 | |||
| 255 | #endif | ||