diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-18 02:46:11 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-18 02:46:11 +0000 |
| commit | 0fd9322af1051da5123bda6eaaef42b14cce901b (patch) | |
| tree | c6f5a6f1720b02089ab8a78ee08446ae50695bf8 | |
| parent | 7016b1952eb095be9ffff2e2d5876ab8418ff7ed (diff) | |
| download | openssl-new-0fd9322af1051da5123bda6eaaef42b14cce901b.tar.gz | |
Block DH key gen for small key sizes too.
| -rw-r--r-- | fips/dh/fips_dh_key.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fips/dh/fips_dh_key.c b/fips/dh/fips_dh_key.c index 390f6d9a11..0cb4eb21e5 100644 --- a/fips/dh/fips_dh_key.c +++ b/fips/dh/fips_dh_key.c @@ -112,6 +112,12 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; + if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; |