backport checks for degenerate Diffie-Hellman public exponents from

OpenSSL-0.9.8a, where they were added without a corresponding patch to 0.9.7 or an advisory! ok theo@ markus@
author: djm <> 2006-05-04 14:19:08 +0000
committer: djm <> 2006-05-04 14:19:08 +0000
commit: f9d2303788ae22bedb13da8c57c49011b74de60a (patch)
tree: 153863b6979c54fe2c2bc1e1634af9cea8f6a655 /src/lib/libcrypto/dh/dh_check.c
parent: 4fe079716cece1d7c5964785c0961d561af6eb70 (diff)
download: openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.gz
openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.bz2
openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index a7e9920efb..17debff62d 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -121,4 +121,26 @@ err:
        return(ok);
        }
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+        {
+        int ok=0;
+        BIGNUM *q=NULL;
+        *ret=0;
+        q=BN_new();
+        if (q == NULL) goto err;
+        BN_set_word(q,1);
+        if (BN_cmp(pub_key,q) <= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+        BN_copy(q,dh->p);
+        BN_sub_word(q,1);
+        if (BN_cmp(pub_key,q) >= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+        ok = 1;
+err:
+        if (q != NULL) BN_free(q);
+        return(ok);
+        }
 #endif
author	djm <>	2006-05-04 14:19:08 +0000
committer	djm <>	2006-05-04 14:19:08 +0000
commit	f9d2303788ae22bedb13da8c57c49011b74de60a (patch)
tree	153863b6979c54fe2c2bc1e1634af9cea8f6a655 /src/lib/libcrypto/dh/dh_check.c
parent	4fe079716cece1d7c5964785c0961d561af6eb70 (diff)
download	openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.gz openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.bz2 openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.zip

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index a7e9920efb..17debff62d 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c
@@ -121,4 +121,26 @@ err:
121	return(ok);	121	return(ok);
122	}	122	}
123		123
		124	int DH_check_pub_key(const DH dh, const BIGNUM pub_key, int *ret)
		125	{
		126	int ok=0;
		127	BIGNUM *q=NULL;
		128
		129	*ret=0;
		130	q=BN_new();
		131	if (q == NULL) goto err;
		132	BN_set_word(q,1);
		133	if (BN_cmp(pub_key,q) <= 0)
		134	*ret\|=DH_CHECK_PUBKEY_TOO_SMALL;
		135	BN_copy(q,dh->p);
		136	BN_sub_word(q,1);
		137	if (BN_cmp(pub_key,q) >= 0)
		138	*ret\|=DH_CHECK_PUBKEY_TOO_LARGE;
		139
		140	ok = 1;
		141	err:
		142	if (q != NULL) BN_free(q);
		143	return(ok);
		144	}
		145
124	#endif	146	#endif