From 6682afe886786a228aa128c03babf1fe1b1adf5c Mon Sep 17 00:00:00 2001 From: lan1120 Date: Thu, 7 Dec 2023 10:19:20 +0800 Subject: [PATCH] fix logging in DH_check_pub_key Signed-off-by: lan1120 --- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_key.c | 2 +- include/openssl/dherr.h | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 779cfbcd91..e7b99f2488 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -201,7 +201,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) /* Don't do any checks at all with an excessively large modulus */ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { - DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE); + DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE); *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID; return 0; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4c4c4b9874..49ef1fc938 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -208,7 +208,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) int ret = -1; int check_result; - if (dh->q != NULL + if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE); goto err; diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index d66c35aa8e..1d3084f10f 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -54,6 +54,7 @@ int ERR_load_DH_strings(void); # define DH_F_PKEY_DH_DERIVE 112 # define DH_F_PKEY_DH_INIT 125 # define DH_F_PKEY_DH_KEYGEN 113 +# define DH_F_DH_CHECK_PUB_KEY 127 /* * DH reason codes. -- Gitee