aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/crypto/dh/dh_check.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/crypto/dh/dh_check.c')
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c
index a7e9920efb0f..058aec75bcd9 100644
--- a/crypto/openssl/crypto/dh/dh_check.c
+++ b/crypto/openssl/crypto/dh/dh_check.c
@@ -70,8 +70,6 @@
* should hold.
*/
-#ifndef OPENSSL_FIPS
-
int DH_check(const DH *dh, int *ret)
{
int ok=0;
@@ -106,12 +104,12 @@ int DH_check(const DH *dh, int *ret)
else
*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
- if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+ if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
*ret|=DH_CHECK_P_NOT_PRIME;
else
{
if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+ if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
}
ok=1;
@@ -121,4 +119,24 @@ err:
return(ok);
}
-#endif
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+ {
+ int ok=0;
+ BIGNUM *q=NULL;
+
+ *ret=0;
+ q=BN_new();
+ if (q == NULL) goto err;
+ BN_set_word(q,1);
+ if (BN_cmp(pub_key,q) <= 0)
+ *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q,dh->p);
+ BN_sub_word(q,1);
+ if (BN_cmp(pub_key,q) >= 0)
+ *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+ ok = 1;
+err:
+ if (q != NULL) BN_free(q);
+ return(ok);
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 10:11:36 +0000