|
|
|
@ -35,7 +35,7 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
|
|
|
|
|
|
|
|
|
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
|
|
|
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
|
|
|
|
@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
|
|
|
|
|
@@ -354,8 +367,21 @@ static int generate_key(DH *dh)
|
|
|
|
|
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
@ -50,9 +50,7 @@ diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
|
|
|
|
dh->priv_key = priv_key;
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+ if (ossl_dh_check_pairwise(dh) <= 0) {
|
|
|
|
|
+ dh->pub_key = dh->priv_key = NULL;
|
|
|
|
|
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ abort();
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|