diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-03-10 13:11:21 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-03-14 10:06:37 +0100 |
| commit | 01b18775676115945956f4de0eb0cafedaf027ab (patch) | |
| tree | 35e03ea107b4c7cfc90c549645259d935b0f906c /providers | |
| parent | 2a9219514263454896bdda800b4b811843338bc7 (diff) | |
| download | openssl-new-01b18775676115945956f4de0eb0cafedaf027ab.tar.gz | |
DH: Make padding always on when X9.42 KDF is used
Fixes #17834
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17859)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/exchange/dh_exch.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 55780b0a68..49186f8b5f 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -141,7 +141,7 @@ static int dh_set_peer(void *vpdhctx, void *vdh) static int dh_plain_derive(void *vpdhctx, unsigned char *secret, size_t *secretlen, - size_t outlen) + size_t outlen, unsigned int pad) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; int ret; @@ -164,7 +164,7 @@ static int dh_plain_derive(void *vpdhctx, } DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); - if (pdhctx->pad) + if (pad) ret = DH_compute_key_padded(secret, pub_key, pdhctx->dh); else ret = DH_compute_key(secret, pub_key, pdhctx->dh); @@ -192,13 +192,13 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } - if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0)) + if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0, 1)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } - if (!dh_plain_derive(pdhctx, stmp, &stmplen, stmplen)) + if (!dh_plain_derive(pdhctx, stmp, &stmplen, stmplen, 1)) goto err; /* Do KDF stuff */ @@ -229,7 +229,8 @@ static int dh_derive(void *vpdhctx, unsigned char *secret, switch (pdhctx->kdf_type) { case PROV_DH_KDF_NONE: - return dh_plain_derive(pdhctx, secret, psecretlen, outlen); + return dh_plain_derive(pdhctx, secret, psecretlen, outlen, + pdhctx->pad); case PROV_DH_KDF_X9_42_ASN1: return dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); default: |