#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
-#include "dh_locl.h"
-
-# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
+#include "dh_local.h"
/*-
* Check that p and g are suitable enough
if (!BN_is_one(t1))
*ret |= DH_NOT_SUITABLE_GENERATOR;
}
- r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ r = BN_check_prime(dh->q, ctx, NULL);
if (r < 0)
goto err;
if (!r)
*ret |= DH_CHECK_INVALID_J_VALUE;
}
- r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ r = BN_check_prime(dh->p, ctx, NULL);
if (r < 0)
goto err;
if (!r)
else if (!dh->q) {
if (!BN_rshift1(t1, dh->p))
goto err;
- r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ r = BN_check_prime(t1, ctx, NULL);
if (r < 0)
goto err;
if (!r)
{
int errflags = 0;
- (void)DH_check(dh, &errflags);
+ if (!DH_check_pub_key(dh, pub_key, &errflags))
+ return 0;
if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);