diff options
author | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:21:38 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-06-13 12:21:38 +0200 |
commit | d09435a9d2adb0d0cafa0b1f9f6cfe326346cbc6 (patch) | |
tree | 946278cd836aa6af639675f4eb5ec7378d783dd8 /app/openssl/crypto/dh/dh_key.c | |
parent | 5d47fde84a03acb1201f8650c55dc0cd981df679 (diff) | |
parent | 3a71bc9e4aa4296f460e2e3c55de74c9852477ad (diff) |
Merge branch 'develop' into release-0.5.2
Diffstat (limited to 'app/openssl/crypto/dh/dh_key.c')
-rw-r--r-- | app/openssl/crypto/dh/dh_key.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/app/openssl/crypto/dh/dh_key.c b/app/openssl/crypto/dh/dh_key.c index e7db4403..89a74db4 100644 --- a/app/openssl/crypto/dh/dh_key.c +++ b/app/openssl/crypto/dh/dh_key.c @@ -73,11 +73,27 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif return dh->meth->generate_key(dh); } int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif return dh->meth->compute_key(key, pub_key, dh); } @@ -138,8 +154,21 @@ static int generate_key(DH *dh) if (generate_new_key) { - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ - if (!BN_rand(priv_key, l, 0, 0)) goto err; + if (dh->q) + { + do + { + if (!BN_rand_range(priv_key, dh->q)) + goto err; + } + while (BN_is_zero(priv_key) || BN_is_one(priv_key)); + } + else + { + /* secret exponent length */ + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; + if (!BN_rand(priv_key, l, 0, 0)) goto err; + } } { |