From 2650515394537ad30110f322e56d3afe710d0886 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 30 Dec 2016 21:57:28 +0100
Subject: Better check of DH parameters in TLS data

When the client reads DH parameters from the TLS stream, we only
checked that they all are non-zero.  This change updates the check to
use DH_check_params()

DH_check_params() is a new function for light weight checking of the p
and g parameters:

    check that p is odd
    check that 1 < g < p - 1

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---
 util/libcrypto.num | 1 +
 1 file changed, 1 insertion(+)

(limited to 'util/libcrypto.num')

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 917ab888a7..8e9b752940 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4229,3 +4229,4 @@ UI_method_get_ex_data                   4179	1_1_1	EXIST::FUNCTION:UI
 UI_UTIL_wrap_read_pem_callback          4180	1_1_1	EXIST::FUNCTION:UI
 X509_VERIFY_PARAM_get_time              4181	1_1_0d	EXIST::FUNCTION:
 EVP_PKEY_get0_poly1305                  4182	1_1_1	EXIST::FUNCTION:POLY1305
+DH_check_params                         4183	1_1_0d	EXIST::FUNCTION:DH
-- 
cgit v1.2.3