From f9d2303788ae22bedb13da8c57c49011b74de60a Mon Sep 17 00:00:00 2001
From: djm <>
Date: Thu, 4 May 2006 14:19:08 +0000
Subject: backport checks for degenerate Diffie-Hellman public exponents from
 OpenSSL-0.9.8a, where they were added without a corresponding patch to 0.9.7
 or an advisory!  ok theo@ markus@

---
 src/lib/libcrypto/dh/dh_check.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'src/lib/libcrypto/dh/dh_check.c')

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index a7e9920efb..17debff62d 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -121,4 +121,26 @@ err:
 	return(ok);
 	}
 
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+	{
+	int ok=0;
+	BIGNUM *q=NULL;
+
+	*ret=0;
+	q=BN_new();
+	if (q == NULL) goto err;
+	BN_set_word(q,1);
+	if (BN_cmp(pub_key,q) <= 0)
+		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+	BN_copy(q,dh->p);
+	BN_sub_word(q,1);
+	if (BN_cmp(pub_key,q) >= 0)
+		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+	ok = 1;
+err:
+	if (q != NULL) BN_free(q);
+	return(ok);
+	}
+
 #endif
-- 
cgit v1.2.3-55-g6feb