xref: /third_party/openssl/crypto/dh/dh_check.c

20 #include "crypto/dh.h"
28 int DH_check_params_ex(const DH *dh)
32     if (!DH_check_params(dh, &errflags))
48 int DH_check_params(const DH *dh, int *ret)
57     nid = DH_get_nid((DH *)dh);
65     return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
69 int DH_check_params(const DH *dh, int *ret)
76     ctx = BN_CTX_new_ex(dh->libctx);
84     if (!BN_is_odd(dh->params.p))
86     if (BN_is_negative(dh->params.g)
87         || BN_is_zero(dh->params.g)
88         || BN_is_one(dh->params.g))
90     if (BN_copy(tmp, dh->params.p) == NULL || !BN_sub_word(tmp, 1))
92     if (BN_cmp(dh->params.g, tmp) >= 0)
94     if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS)
96     if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS)
111 int DH_check_ex(const DH *dh)
115     if (!DH_check(dh, &errflags))
141 int DH_check(const DH *dh, int *ret)
144     return DH_check_params(dh, ret);
149     int nid = DH_get_nid((DH *)dh);
156     if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
161     if (!DH_check_params(dh, ret))
164     ctx = BN_CTX_new_ex(dh->libctx);
173     if (dh->params.q != NULL) {
174         if (BN_ucmp(dh->params.p, dh->params.q) > 0)
181         if (BN_cmp(dh->params.g, BN_value_one()) <= 0)
183         else if (BN_cmp(dh->params.g, dh->params.p) >= 0)
187             if (!BN_mod_exp(t1, dh->params.g, dh->params.q, dh->params.p, ctx))
192         r = BN_check_prime(dh->params.q, ctx, NULL);
198         if (!BN_div(t1, t2, dh->params.p, dh->params.q, ctx))
202         if (dh->params.j != NULL
203             && BN_cmp(dh->params.j, t1))
207     r = BN_check_prime(dh->params.p, ctx, NULL);
212     else if (dh->params.q == NULL) {
213         if (!BN_rshift1(t1, dh->params.p))
229 int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
233     if (!DH_check_pub_key(dh, pub_key, &errflags))
249 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
252     if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
258     if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
263     return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
271 int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
273     return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
276 int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
286     if (dh->params.q != NULL) {
287         upper = dh->params.q;
289     } else if (dh->params.p != NULL) {
292          * reasonable range, or the number of bits is equal to dh->length.
294         int length = dh->length;
297             length = BN_num_bits(dh->params.p) - 1;
311     if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
312         if (!BN_lshift(two_powN, BN_value_one(), dh->length))
314         if (BN_cmp(two_powN, dh->params.q) < 0)
330 int ossl_dh_check_pairwise(const DH *dh)
336     if (dh->params.p == NULL
337         || dh->params.g == NULL
338         || dh->priv_key == NULL
339         || dh->pub_key == NULL)
342     ctx = BN_CTX_new_ex(dh->libctx);
350     if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key))
353     ret = BN_cmp(pub_key, dh->pub_key) == 0;

Indexes created Thu Nov 07 10:32:03 CST 2024