summaryrefslogtreecommitdiffstats
path: root/providers/implementations/exchange/dh_exch.c
diff options
context:
space:
mode:
Diffstat (limited to 'providers/implementations/exchange/dh_exch.c')
-rw-r--r--providers/implementations/exchange/dh_exch.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 87eb17dd60..0ecc6c7a4c 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -108,6 +108,21 @@ static int dh_init(void *vpdhctx, void *vdh, const OSSL_PARAM params[])
return dh_set_ctx_params(pdhctx, params) && ossl_dh_check_key(vdh);
}
+/* The 2 parties must share the same domain parameters */
+static int dh_match_params(DH *priv, DH *peer)
+{
+ int ret;
+ FFC_PARAMS *dhparams_priv = ossl_dh_get0_params(priv);
+ FFC_PARAMS *dhparams_peer = ossl_dh_get0_params(peer);
+
+ ret = dhparams_priv != NULL
+ && dhparams_peer != NULL
+ && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, 1);
+ if (!ret)
+ ERR_raise(ERR_LIB_PROV, PROV_R_MISMATCHING_DOMAIN_PARAMETERS);
+ return ret;
+}
+
static int dh_set_peer(void *vpdhctx, void *vdh)
{
PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx;
@@ -115,6 +130,7 @@ static int dh_set_peer(void *vpdhctx, void *vdh)
if (!ossl_prov_is_running()
|| pdhctx == NULL
|| vdh == NULL
+ || !dh_match_params(vdh, pdhctx->dh)
|| !DH_up_ref(vdh))
return 0;
DH_free(pdhctx->dhpeer);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 19:28:16 +0000