From d37fd0cf83006be24730857179afad77f14c47ee Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Mon, 29 Nov 2021 19:41:03 +0000 Subject: Provide a version of DH_check_params() for internal use. Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing --- lib/libcrypto/dh/dh_check.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/libcrypto/dh/dh_check.c b/lib/libcrypto/dh/dh_check.c index a8227d31ca6..d0524fd631b 100644 --- a/lib/libcrypto/dh/dh_check.c +++ b/lib/libcrypto/dh/dh_check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */ +/* $OpenBSD: dh_check.c,v 1.18 2021/11/29 19:41:02 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,6 +61,48 @@ #include #include +int +DH_check_params(const DH *dh, int *flags) +{ + BN_CTX *ctx = NULL; + BIGNUM *max_g; + int ok = 0; + + *flags = 0; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + if ((max_g = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_is_odd(dh->p)) + *flags |= DH_CHECK_P_NOT_PRIME; + + /* + * Check that 1 < dh->g < p - 1 + */ + + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + /* max_g = p - 1 */ + if (BN_copy(max_g, dh->p) == NULL) + goto err; + if (!BN_sub_word(max_g, 1)) + goto err; + /* check that g < max_g */ + if (BN_cmp(dh->g, max_g) >= 0) + *flags |= DH_NOT_SUITABLE_GENERATOR; + + ok = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ok; +} + /* * Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator -- cgit v1.2.3