diff options
author | Richard Levitte <levitte@openssl.org> | 2016-12-30 21:57:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-01-26 10:54:36 +0000 |
commit | a39aa18644d3338087a827c6555b18bc857346fe (patch) | |
tree | 76de6f9b8fa690fb4fcfd6d023236ac57ced30b8 /include | |
parent | 00d965474b22b54e4275232bc71ee0c699c5cd21 (diff) |
Better check of DH parameters in TLS data
When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero. This change updates the check to
use DH_check_params()
DH_check_params() is a new function for light weight checking of the p
and g parameters:
check that p is odd
check that 1 < g < p - 1
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/dh.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/dh.h b/include/openssl/dh.h index ae309e7b31..6d149bc932 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -124,6 +124,7 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +int DH_check_params(const DH *dh, int *ret); int DH_check(const DH *dh, int *codes); int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); |