From aacfb2c75d5518a48c53cdcef30384dcec7e9bd2 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 29 Nov 2021 19:41:02 +0000
Subject: [PATCH] Provide a version of DH_check_params() for internal use.

Based on the version in OpenSSL 1.1.1l with minor tweaks.

ok inoguchi jsing
---
 lib/libcrypto/dh/dh_check.c | 44 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/lib/libcrypto/dh/dh_check.c b/lib/libcrypto/dh/dh_check.c
index a8227d31ca6..d0524fd631b 100644
--- a/lib/libcrypto/dh/dh_check.c
+++ b/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */
+/* $OpenBSD: dh_check.c,v 1.18 2021/11/29 19:41:02 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,6 +61,48 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+int
+DH_check_params(const DH *dh, int *flags)
+{
+	BN_CTX *ctx = NULL;
+	BIGNUM *max_g;
+	int ok = 0;
+
+	*flags = 0;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	BN_CTX_start(ctx);
+	if ((max_g = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!BN_is_odd(dh->p))
+		*flags |= DH_CHECK_P_NOT_PRIME;
+
+	/*
+	 * Check that 1 < dh->g < p - 1
+	 */
+
+	if (BN_cmp(dh->g, BN_value_one()) <= 0)
+		*flags |= DH_NOT_SUITABLE_GENERATOR;
+	/* max_g = p - 1 */
+	if (BN_copy(max_g, dh->p) == NULL)
+		goto err;
+	if (!BN_sub_word(max_g, 1))
+		goto err;
+	/* check that g < max_g */
+	if (BN_cmp(dh->g, max_g) >= 0)
+		*flags |= DH_NOT_SUITABLE_GENERATOR;
+
+	ok = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+
+	return ok;
+}
+
 /*
  * Check that p is a safe prime and
  * if g is 2, 3 or 5, check that it is a suitable generator
-- 
2.20.1