Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only checked that they all are non-zero. This change updates the check to use DH_check_params() DH_check_params() is a new function for light weight checking of the p and g parameters: check that p is odd check that 1 < g < p - 1 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-12-30 21:57:28 +0100
committer: Matt Caswell <matt@openssl.org> 2017-01-26 10:54:36 +0000
commit: a39aa18644d3338087a827c6555b18bc857346fe (patch)
tree: 76de6f9b8fa690fb4fcfd6d023236ac57ced30b8 /include
parent: 00d965474b22b54e4275232bc71ee0c699c5cd21 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index ae309e7b31..6d149bc932 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -124,6 +124,7 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
 int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
                               BN_GENCB *cb);
 
+int DH_check_params(const DH *dh, int *ret);
 int DH_check(const DH *dh, int *codes);
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
 int DH_generate_key(DH *dh);
author	Richard Levitte <levitte@openssl.org>	2016-12-30 21:57:28 +0100
committer	Matt Caswell <matt@openssl.org>	2017-01-26 10:54:36 +0000
commit	a39aa18644d3338087a827c6555b18bc857346fe (patch)
tree	76de6f9b8fa690fb4fcfd6d023236ac57ced30b8 /include
parent	00d965474b22b54e4275232bc71ee0c699c5cd21 (diff)