X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fdh%2Fdh_check.c;h=10217c83dc13aa4adeb3865de502510ec75cee45;hb=673c55a2fe62000a0b7f0345ed16d91e1d28427a;hp=95ce9cfad012f9e531d298496b8244c6e3f7c705;hpb=ec577822f95a8bca0023c5c77cef1a4916822d4a;p=oweals%2Fopenssl.git

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 95ce9cfad0..10217c83dc 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -61,7 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-/* Check that p is a strong prime and
+/* Check that p is a safe prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
  * where
  * for 2, p mod 24 == 11
@@ -70,7 +70,7 @@
  * should hold.
  */
 
-int DH_check(DH *dh, int *ret)
+int DH_check(const DH *dh, int *ret)
 	{
 	int ok=0;
 	BN_CTX *ctx=NULL;
@@ -88,11 +88,13 @@ int DH_check(DH *dh, int *ret)
 		l=BN_mod_word(dh->p,24);
 		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
 		}
-/*	else if (BN_is_word(dh->g,DH_GENERATOR_3))
+#if 0
+	else if (BN_is_word(dh->g,DH_GENERATOR_3))
 		{
 		l=BN_mod_word(dh->p,12);
 		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}*/
+		}
+#endif
 	else if (BN_is_word(dh->g,DH_GENERATOR_5))
 		{
 		l=BN_mod_word(dh->p,10);
@@ -102,13 +104,13 @@ int DH_check(DH *dh, int *ret)
 	else
 		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-	if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
 		*ret|=DH_CHECK_P_NOT_PRIME;
 	else
 		{
 		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
-			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+		if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
+			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
 		}
 	ok=1;
 err:
@@ -116,3 +118,25 @@ err:
 	if (q != NULL) BN_free(q);
 	return(ok);
 	}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+	{
+	int ok=0;
+	BIGNUM *q=NULL;
+
+	*ret=0;
+	q=BN_new();
+	if (q == NULL) goto err;
+	BN_set_word(q,1);
+	if (BN_cmp(pub_key,q)<=0)
+		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+	BN_copy(q,dh->p);
+	BN_sub_word(q,1);
+	if (BN_cmp(pub_key,q)>=0)
+		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+	ok = 1;
+err:
+	if (q != NULL) BN_free(q);
+	return(ok);
+	}