Provide a version of DH_check_params() for internal use.

Based on the version in OpenSSL 1.1.1l with minor tweaks.

ok inoguchi jsing

diff --git a/lib/libcrypto/dh/dh_check.c b/lib/libcrypto/dh/dh_check.c
index a8227d3..d0524fd 100644 (file)
--- a/lib/libcrypto/dh/dh_check.c
+++ b/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
+/* $OpenBSD: dh_check.c,v 1.18 2021/11/29 19:41:02 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,6 +61,48 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+int
+DH_check_params(const DH *dh, int *flags)
+{
+       BN_CTX *ctx = NULL;
+       BIGNUM *max_g;
+       int ok = 0;
+
+       *flags = 0;
+
+       if ((ctx = BN_CTX_new()) == NULL)
+               goto err;
+       BN_CTX_start(ctx);
+       if ((max_g = BN_CTX_get(ctx)) == NULL)
+               goto err;
+
+       if (!BN_is_odd(dh->p))
+               *flags |= DH_CHECK_P_NOT_PRIME;
+
+       /*
+        * Check that 1 < dh->g < p - 1
+        */
+
+       if (BN_cmp(dh->g, BN_value_one()) <= 0)
+               *flags |= DH_NOT_SUITABLE_GENERATOR;
+       /* max_g = p - 1 */
+       if (BN_copy(max_g, dh->p) == NULL)
+               goto err;
+       if (!BN_sub_word(max_g, 1))
+               goto err;
+       /* check that g < max_g */
+       if (BN_cmp(dh->g, max_g) >= 0)
+               *flags |= DH_NOT_SUITABLE_GENERATOR;
+
+       ok = 1;
+
+ err:
+       BN_CTX_end(ctx);
+       BN_CTX_free(ctx);
+
+       return ok;
+}
+
 /*
  * Check that p is a safe prime and
  * if g is 2, 3 or 5, check that it is a suitable generator