diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-11-29 18:32:05 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-11-29 18:32:05 +0000 |
commit | 300b1d76fe27541c662ca606a6a201b2718e0c65 (patch) | |
tree | 8666b058ac74eeda00568cf1f17f76341436ac01 /crypto/jpake/jpake.c | |
parent | ae3fff50343705e9324d4a91af41ec843de9f3ed (diff) | |
download | openssl-300b1d76fe27541c662ca606a6a201b2718e0c65.zip openssl-300b1d76fe27541c662ca606a6a201b2718e0c65.tar.gz openssl-300b1d76fe27541c662ca606a6a201b2718e0c65.tar.bz2 |
apply J-PKAKE fix to HEAD (original by Ben)
Diffstat (limited to 'crypto/jpake/jpake.c')
-rw-r--r-- | crypto/jpake/jpake.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 086d9f4..8e4b633 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } +/* g^x is a legal value */ +static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) + { + BIGNUM *t; + int res; + + if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) + return 0; + + t = BN_new(); + BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); + res = BN_is_one(t); + BN_free(t); + + return res; + } + int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { + if(!is_legal(received->p1.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); + return 0; + } + + if(!is_legal(received->p2.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); + return 0; + } + /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { |