diff options
author | jkim <jkim@FreeBSD.org> | 2016-01-28 18:41:59 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2016-01-28 18:41:59 +0000 |
commit | 71cece53f20ad0348c8e6a83b032a4bcfa42cdcf (patch) | |
tree | 7af4d87a03d869e528631ede778e4423dd6a281a /crypto/dh/dh_check.c | |
parent | afd52a5fc90e70242dbb0e7d29987c976eb993e0 (diff) | |
download | FreeBSD-src-71cece53f20ad0348c8e6a83b032a4bcfa42cdcf.zip FreeBSD-src-71cece53f20ad0348c8e6a83b032a4bcfa42cdcf.tar.gz |
Import OpenSSL 1.0.2f.
Diffstat (limited to 'crypto/dh/dh_check.c')
-rw-r--r-- | crypto/dh/dh_check.c | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 347467c..5adedc0 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret) int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) { int ok = 0; - BIGNUM *q = NULL; + BIGNUM *tmp = NULL; + BN_CTX *ctx = NULL; *ret = 0; - q = BN_new(); - if (q == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) goto err; - BN_set_word(q, 1); - if (BN_cmp(pub_key, q) <= 0) + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + BN_set_word(tmp, 1); + if (BN_cmp(pub_key, tmp) <= 0) *ret |= DH_CHECK_PUBKEY_TOO_SMALL; - BN_copy(q, dh->p); - BN_sub_word(q, 1); - if (BN_cmp(pub_key, q) >= 0) + BN_copy(tmp, dh->p); + BN_sub_word(tmp, 1); + if (BN_cmp(pub_key, tmp) >= 0) *ret |= DH_CHECK_PUBKEY_TOO_LARGE; + if (dh->q != NULL) { + /* Check pub_key^q == 1 mod p */ + if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(tmp)) + *ret |= DH_CHECK_PUBKEY_INVALID; + } + ok = 1; err: - if (q != NULL) - BN_free(q); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return (ok); } |