diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
commit | 83c3410b94ae3c845142fdfb55e245273846ecf0 (patch) | |
tree | 615ddefe67a58243808f0ae245c58eb39ec710fa /crypto/dh/dh_key.c | |
parent | 20818e00fd718d961ce861e384de768be1bca36f (diff) | |
download | openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.tar.gz |
FIPS DH changes: selftest checks and key range checks.
Diffstat (limited to 'crypto/dh/dh_key.c')
-rw-r--r-- | crypto/dh/dh_key.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e7db440342..99c722bf03 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,6 +61,9 @@ #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/dh.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); @@ -107,6 +110,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); + return 0; + } +#endif + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -185,6 +196,14 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } +#ifdef OPENSSL_FIPS + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } +#endif + ctx = BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -251,6 +270,9 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); } |