Skip to content

Commit

Permalink
Only check DH key validity when loading a private key. (#9071) (#9319)
Browse files Browse the repository at this point in the history
Fixes #9063

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
  • Loading branch information
jtougas and alex authored Jul 31, 2023
1 parent bfa4d95 commit 774a4a1
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions src/rust/src/backend/dh.rs
Original file line number Diff line number Diff line change
Expand Up @@ -102,16 +102,7 @@ fn dh_parameters_from_numbers(
.transpose()?;
let g = utils::py_int_to_bn(py, numbers.getattr(pyo3::intern!(py, "g"))?)?;

let dh = openssl::dh::Dh::from_pqg(p, q, g)?;
if !dh.check_key()? {
return Err(CryptographyError::from(
pyo3::exceptions::PyValueError::new_err(
"DH private numbers did not pass safety checks.",
),
));
}

Ok(dh)
Ok(openssl::dh::Dh::from_pqg(p, q, g)?)
}

#[pyo3::prelude::pyfunction]
Expand All @@ -127,7 +118,16 @@ fn from_private_numbers(
let pub_key = utils::py_int_to_bn(py, public_numbers.getattr(pyo3::intern!(py, "y"))?)?;
let priv_key = utils::py_int_to_bn(py, numbers.getattr(pyo3::intern!(py, "x"))?)?;

let pkey = openssl::pkey::PKey::from_dh(dh.set_key(pub_key, priv_key)?)?;
let dh = dh.set_key(pub_key, priv_key)?;
if !dh.check_key()? {
return Err(CryptographyError::from(
pyo3::exceptions::PyValueError::new_err(
"DH private numbers did not pass safety checks.",
),
));
}

let pkey = openssl::pkey::PKey::from_dh(dh)?;
Ok(DHPrivateKey { pkey })
}

Expand Down

0 comments on commit 774a4a1

Please # to comment.