Make D-H safer, include well-known primes.

author: Ben Laurie <ben@openssl.org> 2005-08-21 16:00:17 +0000
committer: Ben Laurie <ben@openssl.org> 2005-08-21 16:00:17 +0000
commit: bf3d6c0c9b58e6a78fa3ac0a60d68ef4fc0aa215 (patch)
tree: 7431a83a1487ff2ee8e13430ff3c52f58eb715b2 /crypto/dh/dh_check.c
parent: b8e8ccdc791e035473c710649fb3e67847c365ff (diff)
download: openssl-bf3d6c0c9b58e6a78fa3ac0a60d68ef4fc0aa215.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index bfc9c3ad76..10217c83dc 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -118,3 +118,25 @@ err:
 	if (q != NULL) BN_free(q);
 	return(ok);
 	}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+	{
+	int ok=0;
+	BIGNUM *q=NULL;
+
+	*ret=0;
+	q=BN_new();
+	if (q == NULL) goto err;
+	BN_set_word(q,1);
+	if (BN_cmp(pub_key,q)<=0)
+		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+	BN_copy(q,dh->p);
+	BN_sub_word(q,1);
+	if (BN_cmp(pub_key,q)>=0)
+		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+	ok = 1;
+err:
+	if (q != NULL) BN_free(q);
+	return(ok);
+	}
author	Ben Laurie <ben@openssl.org>	2005-08-21 16:00:17 +0000
committer	Ben Laurie <ben@openssl.org>	2005-08-21 16:00:17 +0000
commit	bf3d6c0c9b58e6a78fa3ac0a60d68ef4fc0aa215 (patch)
tree	7431a83a1487ff2ee8e13430ff3c52f58eb715b2 /crypto/dh/dh_check.c
parent	b8e8ccdc791e035473c710649fb3e67847c365ff (diff)
download	openssl-bf3d6c0c9b58e6a78fa3ac0a60d68ef4fc0aa215.tar.gz