OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips/dh/ fips_dh_key...

  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
18-Aug-2007 04:46:12
  Branch: OpenSSL-fips-0_9_8-stable        Handle:
2007081803461100

  Modified files:           (Branch:
OpenSSL-fips-0_9_8-stable)
    openssl/fips/dh         fips_dh_key.c

  Log:
    Block DH key gen for small key sizes too.

  Summary:
    Revision    Changes     Path
    1.1.4.3     +6  -0      openssl/fips/dh/fips_dh_key.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/fips/dh/fips_dh_key.c
 
============================================================
================
  $ cvs diff -u -r1.1.4.2 -r1.1.4.3 fips_dh_key.c
  --- openssl/fips/dh/fips_dh_key.c	15 Aug 2007 13:35:36
-0000	1.1.4.2
  +++ openssl/fips/dh/fips_dh_key.c	18 Aug 2007 02:46:11
-0000	1.1.4.3
   -112,6 +112,12 
   	BN_MONT_CTX *mont=NULL;
   	BIGNUM *pub_key=NULL,*priv_key=NULL;
   
  +	if (FIPS_mode() && (BN_num_bits(dh->p) <
OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
  +		{
  +		DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
  +		goto err;
  +		}
  +
   	ctx = BN_CTX_new();
   	if (ctx == NULL) goto err;
   
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org