diff options
author | Ben Laurie <ben@openssl.org> | 2005-08-21 16:00:17 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2005-08-21 16:00:17 +0000 |
commit | bf3d6c0c9b58e6a78fa3ac0a60d68ef4fc0aa215 (patch) | |
tree | 7431a83a1487ff2ee8e13430ff3c52f58eb715b2 /crypto/dh | |
parent | b8e8ccdc791e035473c710649fb3e67847c365ff (diff) |
Make D-H safer, include well-known primes.
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh.h | 6 | ||||
-rw-r--r-- | crypto/dh/dh_check.c | 22 | ||||
-rw-r--r-- | crypto/dh/dh_err.c | 1 | ||||
-rw-r--r-- | crypto/dh/dh_key.c | 7 |
4 files changed, 36 insertions, 0 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index d1559fd4f8..7871882e35 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -145,6 +145,10 @@ struct dh_st #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + /* primes p where (p-1)/2 is prime too are called "safe"; we define this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME @@ -183,6 +187,7 @@ DH * DH_generate_parameters(int prime_len,int generator, int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); @@ -216,6 +221,7 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 #define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_INVALID_PUBKEY 102 #ifdef __cplusplus } diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index bfc9c3ad76..10217c83dc 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -118,3 +118,25 @@ err: if (q != NULL) BN_free(q); return(ok); } + +int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + { + int ok=0; + BIGNUM *q=NULL; + + *ret=0; + q=BN_new(); + if (q == NULL) goto err; + BN_set_word(q,1); + if (BN_cmp(pub_key,q)<=0) + *ret|=DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q,dh->p); + BN_sub_word(q,1); + if (BN_cmp(pub_key,q)>=0) + *ret|=DH_CHECK_PUBKEY_TOO_LARGE; + + ok = 1; +err: + if (q != NULL) BN_free(q); + return(ok); + } diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index edce2c7036..ea67fb71a0 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -84,6 +84,7 @@ static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, {0,NULL} }; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 39eefe387e..cc17c8851b 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -177,6 +177,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *tmp; int ret= -1; + int check_result; ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -202,6 +203,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); + goto err; + } + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); |