OLD | NEW |
1 /* crypto/dh/dh_check.c */ | 1 /* crypto/dh/dh_check.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 | 63 |
64 /* Check that p is a safe prime and | 64 /* Check that p is a safe prime and |
65 * if g is 2, 3 or 5, check that it is a suitable generator | 65 * if g is 2, 3 or 5, check that it is a suitable generator |
66 * where | 66 * where |
67 * for 2, p mod 24 == 11 | 67 * for 2, p mod 24 == 11 |
68 * for 3, p mod 12 == 5 | 68 * for 3, p mod 12 == 5 |
69 * for 5, p mod 10 == 3 or 7 | 69 * for 5, p mod 10 == 3 or 7 |
70 * should hold. | 70 * should hold. |
71 */ | 71 */ |
72 | 72 |
73 #ifndef OPENSSL_FIPS | |
74 | |
75 int DH_check(const DH *dh, int *ret) | 73 int DH_check(const DH *dh, int *ret) |
76 { | 74 { |
77 int ok=0; | 75 int ok=0; |
78 BN_CTX *ctx=NULL; | 76 BN_CTX *ctx=NULL; |
79 BN_ULONG l; | 77 BN_ULONG l; |
80 BIGNUM *q=NULL; | 78 BIGNUM *q=NULL; |
81 | 79 |
82 *ret=0; | 80 *ret=0; |
83 ctx=BN_CTX_new(); | 81 ctx=BN_CTX_new(); |
84 if (ctx == NULL) goto err; | 82 if (ctx == NULL) goto err; |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
123 | 121 |
124 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) | 122 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) |
125 { | 123 { |
126 int ok=0; | 124 int ok=0; |
127 BIGNUM *q=NULL; | 125 BIGNUM *q=NULL; |
128 | 126 |
129 *ret=0; | 127 *ret=0; |
130 q=BN_new(); | 128 q=BN_new(); |
131 if (q == NULL) goto err; | 129 if (q == NULL) goto err; |
132 BN_set_word(q,1); | 130 BN_set_word(q,1); |
133 » if (BN_cmp(pub_key,q) <= 0) | 131 » if (BN_cmp(pub_key,q)<=0) |
134 *ret|=DH_CHECK_PUBKEY_TOO_SMALL; | 132 *ret|=DH_CHECK_PUBKEY_TOO_SMALL; |
135 BN_copy(q,dh->p); | 133 BN_copy(q,dh->p); |
136 BN_sub_word(q,1); | 134 BN_sub_word(q,1); |
137 » if (BN_cmp(pub_key,q) >= 0) | 135 » if (BN_cmp(pub_key,q)>=0) |
138 *ret|=DH_CHECK_PUBKEY_TOO_LARGE; | 136 *ret|=DH_CHECK_PUBKEY_TOO_LARGE; |
139 | 137 |
140 ok = 1; | 138 ok = 1; |
141 err: | 139 err: |
142 if (q != NULL) BN_free(q); | 140 if (q != NULL) BN_free(q); |
143 return(ok); | 141 return(ok); |
144 } | 142 } |
145 | |
146 #endif | |
OLD | NEW |