diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
commit | 83c3410b94ae3c845142fdfb55e245273846ecf0 (patch) | |
tree | 615ddefe67a58243808f0ae245c58eb39ec710fa /crypto/dh/dh_gen.c | |
parent | 20818e00fd718d961ce861e384de768be1bca36f (diff) | |
download | openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.zip openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.tar.gz openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.tar.bz2 |
FIPS DH changes: selftest checks and key range checks.
Diffstat (limited to 'crypto/dh/dh_gen.c')
-rw-r--r-- | crypto/dh/dh_gen.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index cfd5b11..82e5600 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -65,6 +65,9 @@ #include "cryptlib.h" #include <openssl/bn.h> #include <openssl/dh.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); @@ -106,6 +109,20 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB int g,ok= -1; BN_CTX *ctx=NULL; +#ifdef OPENSSL_FIPS + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); + return 0; + } + + if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) + { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } +#endif + ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); |