Make DH_check_pub_key() and DH_generate_key() safer yet

[thirdparty/openssl.git] / include / openssl / dh.h

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 8bc17448a0817e992fd69f8017a108741f212264..f1c0ed06b375a9a71e44da93a9919bb9baf71534 100644 (file)
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams)
 #   define DH_GENERATOR_3          3
 #   define DH_GENERATOR_5          5
 
-/* DH_check error codes */
+/* DH_check error codes, some of them shared with DH_check_pub_key */
 /*
  * NB: These values must align with the equivalently named macros in
  * internal/ffc.h.
@@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams)
 #   define DH_UNABLE_TO_CHECK_GENERATOR    0x04
 #   define DH_NOT_SUITABLE_GENERATOR       0x08
 #   define DH_CHECK_Q_NOT_PRIME            0x10
-#   define DH_CHECK_INVALID_Q_VALUE        0x20
+#   define DH_CHECK_INVALID_Q_VALUE        0x20 /* +DH_check_pub_key */
 #   define DH_CHECK_INVALID_J_VALUE        0x40
 #   define DH_MODULUS_TOO_SMALL            0x80
-#   define DH_MODULUS_TOO_LARGE            0x100
+#   define DH_MODULUS_TOO_LARGE            0x100 /* +DH_check_pub_key */
 
 /* DH_check_pub_key error codes */
 #   define DH_CHECK_PUBKEY_TOO_SMALL       0x01