diff options
Diffstat (limited to 'providers/implementations/exchange/dh_exch.c')
-rw-r--r-- | providers/implementations/exchange/dh_exch.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 87eb17dd60..0ecc6c7a4c 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -108,6 +108,21 @@ static int dh_init(void *vpdhctx, void *vdh, const OSSL_PARAM params[]) return dh_set_ctx_params(pdhctx, params) && ossl_dh_check_key(vdh); } +/* The 2 parties must share the same domain parameters */ +static int dh_match_params(DH *priv, DH *peer) +{ + int ret; + FFC_PARAMS *dhparams_priv = ossl_dh_get0_params(priv); + FFC_PARAMS *dhparams_peer = ossl_dh_get0_params(peer); + + ret = dhparams_priv != NULL + && dhparams_peer != NULL + && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, 1); + if (!ret) + ERR_raise(ERR_LIB_PROV, PROV_R_MISMATCHING_DOMAIN_PARAMETERS); + return ret; +} + static int dh_set_peer(void *vpdhctx, void *vdh) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; @@ -115,6 +130,7 @@ static int dh_set_peer(void *vpdhctx, void *vdh) if (!ossl_prov_is_running() || pdhctx == NULL || vdh == NULL + || !dh_match_params(vdh, pdhctx->dh) || !DH_up_ref(vdh)) return 0; DH_free(pdhctx->dhpeer); |