diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-18 17:26:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-22 17:58:28 +0200 |
commit | c1b279a9786f50e932a4527e900fc1a6df36e5f1 (patch) | |
tree | 1a0a0c25ee712b663dd75db268c8d82ac6f4bff1 | |
parent | 31cb70bdbc477c03fe217e5adaae89cd7cab6e18 (diff) | |
download | gnutls-c1b279a9786f50e932a4527e900fc1a6df36e5f1.tar.gz |
Added better sanity checks in Diffie-Hellman key exchange.
Conflicts:
lib/gnutls_dh.c
-rw-r--r-- | lib/gnutls_dh.c | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index 2c6a6c32a2..1dc8d662e0 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -94,21 +94,46 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime) bigint_t gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime) { - bigint_t k; + bigint_t k, ff, ret; int bits; + + ff = _gnutls_mpi_mod(f, prime); + _gnutls_mpi_add_ui(ff, ff, 1); + + /* check if f==0,1,p-1. + * or (ff=f+1) equivalently ff==1,2,p */ + if ((_gnutls_mpi_cmp_ui(ff, 2) == 0) || (_gnutls_mpi_cmp_ui(ff, 1) == 0) || + (_gnutls_mpi_cmp(ff,prime) == 0)) + { + gnutls_assert(); + ret = NULL; + goto cleanup; + } bits = _gnutls_mpi_get_nbits (prime); if (bits <= 0 || bits > MAX_BITS) { gnutls_assert (); - return NULL; + ret = NULL; + goto cleanup; } k = _gnutls_mpi_alloc_like (prime); if (k == NULL) - return NULL; + { + gnutls_assert(); + ret = NULL; + goto cleanup; + } + _gnutls_mpi_powm (k, f, x, prime); - return k; + + ret = k; + +cleanup: + _gnutls_mpi_release (&ff); + + return ret; } /*- |