- OpenBSD CVS Sync

- provos@cvs.openbsd.org 2001/03/28 22:04:57
     [dh.c]
     more sanity checking on primes file

ChangeLog

@@ -4,6 +4,9 @@
    - provos@cvs.openbsd.org 2001/03/28 21:59:41
      [kex.c kex.h sshconnect2.c sshd.c]
      forgot to include min and max params in hash, okay markus@
+   - provos@cvs.openbsd.org 2001/03/28 22:04:57
+     [dh.c]
+     more sanity checking on primes file
 
 20010329
  - OpenBSD CVS Sync
@@ -4774,4 +4777,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1036 2001/03/30 00:47:14 djm Exp $
+$Id: ChangeLog,v 1.1037 2001/03/30 00:47:43 djm Exp $

dh.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.9 2001/03/27 17:46:49 provos Exp $");
+RCSID("$OpenBSD: dh.c,v 1.10 2001/03/28 22:04:57 provos Exp $");
 
 #include "xmalloc.h"
 
@@ -79,18 +79,21 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		goto fail;
 
 	dhg->g = BN_new();
-	if (BN_hex2bn(&dhg->g, gen) < 0) {
-		BN_free(dhg->g);
-		goto fail;
-	}
 	dhg->p = BN_new();
-	if (BN_hex2bn(&dhg->p, prime) < 0) {
-		BN_free(dhg->g);
-		BN_free(dhg->p);
-		goto fail;
-	}
+	if (BN_hex2bn(&dhg->g, gen) < 0)
+		goto failclean;
+
+	if (BN_hex2bn(&dhg->p, prime) < 0)
+		goto failclean;
+
+	if (BN_num_bits(dhg->p) != dhg->size)
+		goto failclean;
 
 	return (1);
+
+ failclean:
+	BN_free(dhg->g);
+	BN_free(dhg->p);
  fail:
 	error("Bad prime description in line %d", linenum);
 	return (0);