diff options
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_check.c | 4 | ||||
-rw-r--r-- | crypto/dh/dh_gen.c | 15 | ||||
-rw-r--r-- | crypto/dh/dh_pmeth.c | 17 |
3 files changed, 12 insertions, 24 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 9dd595ae12..a223121cd0 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -62,8 +62,8 @@ int DH_check_params(const DH *dh, int *ret) * (2b) FFC domain params conform to FIPS-186-4 explicit domain param * validity tests. */ - return ffc_params_FIPS186_4_validate(&dh->params, FFC_PARAM_TYPE_DH, NULL, - FFC_PARAMS_VALIDATE_ALL, ret, NULL); + return ffc_params_FIPS186_4_validate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH, ret, NULL); } #else int DH_check_params(const DH *dh, int *ret) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 8c1518ad9b..52f3151bc8 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -35,28 +35,21 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); #endif /* FIPS_MODULE */ -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, - int qbits, EVP_MD *md, BN_GENCB *cb) +int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb) { int ret, res; - if (qbits <= 0) { - if (md != NULL) - qbits = EVP_MD_size(md) * 8; - else - qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH : - SHA_DIGEST_LENGTH) * 8; - } #ifndef FIPS_MODULE if (type == DH_PARAMGEN_TYPE_FIPS_186_2) ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); else #endif ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); if (ret > 0) dh->dirty_cnt++; return ret; diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 23527acf04..39b79ffb36 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -286,7 +286,6 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx, int res; int prime_len = dctx->prime_len; int subprime_len = dctx->subprime_len; - const EVP_MD *md = dctx->md; if (dctx->paramgen_type > DH_PARAMGEN_TYPE_FIPS_186_4) return NULL; @@ -300,26 +299,22 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx, else subprime_len = 160; } - if (md == NULL) { - if (prime_len >= 2048) - md = EVP_sha256(); - else - md = EVP_sha1(); - } + + if (dctx->md != NULL) + ffc_set_digest(&ret->params, EVP_MD_name(dctx->md), NULL); + # ifndef FIPS_MODULE if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2) rv = ffc_params_FIPS186_2_generate(libctx, &ret->params, FFC_PARAM_TYPE_DH, - prime_len, subprime_len, md, &res, - pcb); + prime_len, subprime_len, &res, pcb); else # endif /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) rv = ffc_params_FIPS186_4_generate(libctx, &ret->params, FFC_PARAM_TYPE_DH, - prime_len, subprime_len, md, &res, - pcb); + prime_len, subprime_len, &res, pcb); if (rv <= 0) { DH_free(ret); return NULL; |