diff options
author | Bert Belder <bertbelder@gmail.com> | 2012-09-11 14:56:42 +0200 |
---|---|---|
committer | Bert Belder <bertbelder@gmail.com> | 2012-09-12 00:40:55 +0200 |
commit | b61ae54e18c9f6ada7e746052ef6b39272b18a15 (patch) | |
tree | 44b55a37ef67dd3a85684e44f55b4f698fcfa81c /deps/openssl/openssl/crypto/dh/dh_key.c | |
parent | c8c638a84195e5571f4ece881375909e1f4b82a8 (diff) | |
download | android-node-v8-b61ae54e18c9f6ada7e746052ef6b39272b18a15.tar.gz android-node-v8-b61ae54e18c9f6ada7e746052ef6b39272b18a15.tar.bz2 android-node-v8-b61ae54e18c9f6ada7e746052ef6b39272b18a15.zip |
openssl: upgrade to vanilla openssl 1.0.1c
Diffstat (limited to 'deps/openssl/openssl/crypto/dh/dh_key.c')
-rw-r--r-- | deps/openssl/openssl/crypto/dh/dh_key.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c index e7db440342..89a74db4e6 100644 --- a/deps/openssl/openssl/crypto/dh/dh_key.c +++ b/deps/openssl/openssl/crypto/dh/dh_key.c @@ -73,11 +73,27 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif return dh->meth->generate_key(dh); } int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) + && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif return dh->meth->compute_key(key, pub_key, dh); } @@ -138,8 +154,21 @@ static int generate_key(DH *dh) if (generate_new_key) { - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ - if (!BN_rand(priv_key, l, 0, 0)) goto err; + if (dh->q) + { + do + { + if (!BN_rand_range(priv_key, dh->q)) + goto err; + } + while (BN_is_zero(priv_key) || BN_is_one(priv_key)); + } + else + { + /* secret exponent length */ + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; + if (!BN_rand(priv_key, l, 0, 0)) goto err; + } } { |