Blame SOURCES/openssl-fips-0.9.8e-dh-check.patch
|
 |
5820f5 |
diff -up openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check openssl-fips-0.9.8e/fips/dh/fips_dh_key.c
|
|
|
5820f5 |
--- openssl-fips-0.9.8e/fips/dh/fips_dh_key.c.dh-check 2007-08-21 16:44:13.000000000 +0200
|
|
|
5820f5 |
+++ openssl-fips-0.9.8e/fips/dh/fips_dh_key.c 2011-05-04 12:30:34.000000000 +0200
|
|
|
5820f5 |
@@ -189,6 +189,7 @@ static int compute_key(unsigned char *ke
|
|
|
5820f5 |
BN_MONT_CTX *mont=NULL;
|
|
|
5820f5 |
BIGNUM *tmp;
|
|
|
5820f5 |
int ret= -1;
|
|
|
5820f5 |
+ int check_result;
|
|
|
5820f5 |
|
|
|
5820f5 |
ctx = BN_CTX_new();
|
|
|
5820f5 |
if (ctx == NULL) goto err;
|
|
|
5820f5 |
@@ -227,6 +228,12 @@ static int compute_key(unsigned char *ke
|
|
|
5820f5 |
goto err;
|
|
|
5820f5 |
}
|
|
|
5820f5 |
|
|
|
5820f5 |
+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
|
|
|
5820f5 |
+ goto err;
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
+
|
|
|
5820f5 |
if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
|
|
|
5820f5 |
{
|
|
|
5820f5 |
DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
|
|
|
5820f5 |
@@ -235,8 +242,11 @@ static int compute_key(unsigned char *ke
|
|
|
5820f5 |
|
|
|
5820f5 |
ret=BN_bn2bin(tmp,key);
|
|
|
5820f5 |
err:
|
|
|
5820f5 |
- BN_CTX_end(ctx);
|
|
|
5820f5 |
- BN_CTX_free(ctx);
|
|
|
5820f5 |
+ if (ctx != NULL)
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ BN_CTX_end(ctx);
|
|
|
5820f5 |
+ BN_CTX_free(ctx);
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
return(ret);
|
|
|
5820f5 |
}
|
|
|
5820f5 |
|