feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add guard around the public key check for DH to skip it when we have

Browse Source 
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
This commit is contained in:
John Safranek
2021-05-07 11:48:21 -07:00
committed by Daniel Pouzzner
parent aeb8f5bb51
commit c31ed64eb5
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wolfcrypt/src/dh.c
View File

@ -1362,8 +1362,10 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
if (ret == 0)
ret = GeneratePublicDh(key, priv, *privSz, pub, pubSz);
#if defined(WOLFSSL_SP_MATH) || defined(HAVE_FFDHE)
if (ret == 0)
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
#endif
if (ret == 0)
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz);