Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-12-30 21:57:28 +0100
committer: Matt Caswell <matt@openssl.org> 2017-01-26 10:54:01 +0000
commit: 2650515394537ad30110f322e56d3afe710d0886 (patch)
tree: 8d8a0d93d4c54446d7a01748dbd87d7ea72c2688 /include
parent: 2198b3a55de681e1f3c23edb0586afe13f438051 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index ae309e7b31..6d149bc932 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -124,6 +124,7 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
 int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
                               BN_GENCB *cb);
 
+int DH_check_params(const DH *dh, int *ret);
 int DH_check(const DH *dh, int *codes);
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
 int DH_generate_key(DH *dh);
author	Richard Levitte <levitte@openssl.org>	2016-12-30 21:57:28 +0100
committer	Matt Caswell <matt@openssl.org>	2017-01-26 10:54:01 +0000
commit	2650515394537ad30110f322e56d3afe710d0886 (patch)
tree	8d8a0d93d4c54446d7a01748dbd87d7ea72c2688 /include
parent	2198b3a55de681e1f3c23edb0586afe13f438051 (diff)