+ /*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+ {
+ BIGNUM *tmp = NULL;
+
+ if (!BN_is_odd(dh->p)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+ goto f_err;
+ }
+ if (BN_is_negative(dh->g) || BN_is_zero(dh->g)
+ || BN_is_one(dh->g)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+ if ((tmp = BN_new()) == NULL
+ || BN_copy(tmp, dh->p) == NULL
+ || !BN_sub_word(tmp, 1)) {
+ BN_free(tmp);
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (BN_cmp(dh->g, tmp) >= 0) {
+ BN_free(tmp);
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+ goto f_err;
+ }
+ BN_free(tmp);
+ }
+