0a1
> /* $OpenBSD: dh.c,v 1.42 2006/08/03 03:34:42 deraadt Exp $ */
26d26
< RCSID("$OpenBSD: dh.c,v 1.31 2004/08/04 10:37:52 djm Exp $");
28c28
< #include "xmalloc.h"
---
> #include <sys/param.h>
32d31
< #include <openssl/evp.h>
34,36c33,37
< #include "buffer.h"
< #include "cipher.h"
< #include "kex.h"
---
> #include <stdarg.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
46a48
> const char *errstr = NULL;
49c51,52
< arg = strdelim(&cp);
---
> if ((arg = strdelim(&cp)) == NULL)
> return 0;
70c73,74
< (dhg->size = atoi(strsize)) == 0)
---
> (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
> errstr)
180a185
> BIGNUM *tmp;
185a191,205
> if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
> logit("invalid public DH value: <= 1");
> return 0;
> }
>
> if ((tmp = BN_new()) == NULL)
> return (-1);
> if (!BN_sub(tmp, dh->p, BN_value_one()) ||
> BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
> BN_clear_free(tmp);
> logit("invalid public DH value: >= p-1");
> return 0;
> }
> BN_clear_free(tmp);
>
192c212
< if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
---
> if (bits_set > 1)
193a214
>