Provide a version of DH_check_params() for internal use.

Based on the version in OpenSSL 1.1.1l with minor tweaks.

ok inoguchi jsing

1 files changed, 43 insertions, 1 deletions

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index a8227d31ca..d0524fd631 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
+/* $OpenBSD: dh_check.c,v 1.18 2021/11/29 19:41:02 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,6 +61,48 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+int
+DH_check_params(const DH *dh, int *flags)
+{
+        BN_CTX *ctx = NULL;
+        BIGNUM *max_g;
+        int ok = 0;
+
+        *flags = 0;
+
+        if ((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        BN_CTX_start(ctx);
+        if ((max_g = BN_CTX_get(ctx)) == NULL)
+                goto err;
+
+        if (!BN_is_odd(dh->p))
+                *flags |= DH_CHECK_P_NOT_PRIME;
+
+        /*
+         * Check that 1 < dh->g < p - 1
+         */
+
+        if (BN_cmp(dh->g, BN_value_one()) <= 0)
+                *flags |= DH_NOT_SUITABLE_GENERATOR;
+        /* max_g = p - 1 */
+        if (BN_copy(max_g, dh->p) == NULL)
+                goto err;
+        if (!BN_sub_word(max_g, 1))
+                goto err;
+        /* check that g < max_g */
+        if (BN_cmp(dh->g, max_g) >= 0)
+                *flags |= DH_NOT_SUITABLE_GENERATOR;
+
+        ok = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+
+        return ok;
+}
+
 /*
  * Check that p is a safe prime and
  * if g is 2, 3 or 5, check that it is a suitable generator