diff options
author | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-03-30 14:41:01 +0900 |
---|---|---|
committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-04-15 00:36:13 +0900 |
commit | e4872d7405c60da50692e3c4cd5a9df2e96a5680 (patch) | |
tree | 2ccc49f465ec7364702c99f6aa190c8c60de16ef /deps/openssl/openssl/crypto/dh/dh_check.c | |
parent | 50e9fc197d57ecd7b3c23ae85d66b59fedf4ea82 (diff) | |
download | android-node-v8-e4872d7405c60da50692e3c4cd5a9df2e96a5680.tar.gz android-node-v8-e4872d7405c60da50692e3c4cd5a9df2e96a5680.tar.bz2 android-node-v8-e4872d7405c60da50692e3c4cd5a9df2e96a5680.zip |
deps: upgrade openssl to 1.0.2a
This just replaces all sources in deps/openssl/openssl to originals in
https://www.openssl.org/source/openssl-1.0.2a.tar.gz
Fixes: https://github.com/iojs/io.js/issues/589
PR-URL: https://github.com/iojs/io.js/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'deps/openssl/openssl/crypto/dh/dh_check.c')
-rw-r--r-- | deps/openssl/openssl/crypto/dh/dh_check.c | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/deps/openssl/openssl/crypto/dh/dh_check.c b/deps/openssl/openssl/crypto/dh/dh_check.c index c39ed97ba6..347467c6a4 100644 --- a/deps/openssl/openssl/crypto/dh/dh_check.c +++ b/deps/openssl/openssl/crypto/dh/dh_check.c @@ -76,17 +76,43 @@ int DH_check(const DH *dh, int *ret) int ok = 0; BN_CTX *ctx = NULL; BN_ULONG l; - BIGNUM *q = NULL; + BIGNUM *t1 = NULL, *t2 = NULL; *ret = 0; ctx = BN_CTX_new(); if (ctx == NULL) goto err; - q = BN_new(); - if (q == NULL) + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + if (t1 == NULL) + goto err; + t2 = BN_CTX_get(ctx); + if (t2 == NULL) goto err; - if (BN_is_word(dh->g, DH_GENERATOR_2)) { + if (dh->q) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else { + /* Check g^q == 1 mod p */ + if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(t1)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } + if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q i.e. q divides p - 1 */ + if (!BN_div(t1, t2, dh->p, dh->q, ctx)) + goto err; + if (!BN_is_one(t2)) + *ret |= DH_CHECK_INVALID_Q_VALUE; + if (dh->j && BN_cmp(dh->j, t1)) + *ret |= DH_CHECK_INVALID_J_VALUE; + + } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { l = BN_mod_word(dh->p, 24); if (l != 11) *ret |= DH_NOT_SUITABLE_GENERATOR; @@ -107,18 +133,18 @@ int DH_check(const DH *dh, int *ret) if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) *ret |= DH_CHECK_P_NOT_PRIME; - else { - if (!BN_rshift1(q, dh->p)) + else if (!dh->q) { + if (!BN_rshift1(t1, dh->p)) goto err; - if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) + if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } ok = 1; err: - if (ctx != NULL) + if (ctx != NULL) { + BN_CTX_end(ctx); BN_CTX_free(ctx); - if (q != NULL) - BN_free(q); + } return (ok); } |