Whoops, we were copying instead of comparing at the end of trying to

[oweals/openssl.git] / crypto / dh / dh_check.c

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index f0373f7d6878a01ba12720a4f5068c888770eaad..10217c83dc13aa4adeb3865de502510ec75cee45 100644 (file)
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -104,12 +104,12 @@ int DH_check(const DH *dh, int *ret)
        else
                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-       if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+       if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
                *ret|=DH_CHECK_P_NOT_PRIME;
        else
                {
                if (!BN_rshift1(q,dh->p)) goto err;
-               if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+               if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
                }
        ok=1;
@@ -118,3 +118,25 @@ err:
        if (q != NULL) BN_free(q);
        return(ok);
        }
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+       {
+       int ok=0;
+       BIGNUM *q=NULL;
+
+       *ret=0;
+       q=BN_new();
+       if (q == NULL) goto err;
+       BN_set_word(q,1);
+       if (BN_cmp(pub_key,q)<=0)
+               *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+       BN_copy(q,dh->p);
+       BN_sub_word(q,1);
+       if (BN_cmp(pub_key,q)>=0)
+               *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+       ok = 1;
+err:
+       if (q != NULL) BN_free(q);
+       return(ok);
+       }