generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Block DH key gen for small key sizes too.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2007-08-18 02:46:11 +00:00
parent 7016b1952e
commit 0fd9322af1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fips/dh/fips_dh_key.c
View File

@ -112,6 +112,12 @@ static int generate_key(DH *dh)
BN_MONT_CTX *mont=NULL; BN_MONT_CTX *mont=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL;
if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
{
DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
}
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;