X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fdh%2Fdh_check.c;h=70f083603f4575a4bb6800c5b3af82694cd27466;hb=62f49b90d7e88d3c36fc1f5e4d677997aeb97b0a;hp=373110d263b0cd6a2c3d00f9591517cb724b9a56;hpb=feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0;p=oweals%2Fopenssl.git

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 373110d263..70f083603f 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -10,9 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dh_locl.h"
-
-# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
+#include "dh_local.h"
 
 /*-
  * Check that p and g are suitable enough
@@ -137,7 +135,7 @@ int DH_check(const DH *dh, int *ret)
             if (!BN_is_one(t1))
                 *ret |= DH_NOT_SUITABLE_GENERATOR;
         }
-        r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+        r = BN_check_prime(dh->q, ctx, NULL);
         if (r < 0)
             goto err;
         if (!r)
@@ -151,7 +149,7 @@ int DH_check(const DH *dh, int *ret)
             *ret |= DH_CHECK_INVALID_J_VALUE;
     }
 
-    r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+    r = BN_check_prime(dh->p, ctx, NULL);
     if (r < 0)
         goto err;
     if (!r)
@@ -159,7 +157,7 @@ int DH_check(const DH *dh, int *ret)
     else if (!dh->q) {
         if (!BN_rshift1(t1, dh->p))
             goto err;
-        r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+        r = BN_check_prime(t1, ctx, NULL);
         if (r < 0)
             goto err;
         if (!r)
@@ -176,7 +174,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
 {
     int errflags = 0;
 
-    (void)DH_check(dh, &errflags);
+    if (!DH_check_pub_key(dh, pub_key, &errflags))
+        return 0;
 
     if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
         DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);