projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add multiple fixes for ffc key generation using invalid p,q,g parameters.
[openssl.git] / crypto / dh / dh_key.c
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 5d2acca25ce1d2dbf93ce2369d0e0b07686c85b5..3b4da19cd20aeaba887abdce5782cf5f715e55d2 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -287,6 +287,10 @@ static int generate_key(DH *dh)
             } else
 #endif
             {
+                /* Do a partial check for invalid p, q, g */
+                if (!ffc_params_simple_validate(dh->libctx, &dh->params,
+                                                FFC_PARAM_TYPE_DH))
+                    goto err;
                 /*
                  * For FFC FIPS 186-4 keygen
                  * security strength s = 112,
Unnamed repository; edit this file 'description' to name the repository.