DHM: Fix dhm_check_range() always returning 0

Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.

ChangeLog

@@ -1,6 +1,10 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x released xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+   * Fix dhm_check_range() failing to detect trivial subgroups and essentially
+     always returning 0. Reported by prashantkspatil.
 
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records

library/dhm.c

@@ -93,6 +93,9 @@ static int dhm_read_bignum( mbedtls_mpi *X,
  *
  * Parameter should be: 2 <= public_param <= P - 2
  *
+ * This means that we need to return an error if
+ *              public_param < 2 or public param > P-2
+ *
  * For more information on the attack, see:
  *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
  *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
@@ -100,17 +103,17 @@ static int dhm_read_bignum( mbedtls_mpi *X,
 static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
 {
     mbedtls_mpi L, U;
-    int ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    int ret = 0;
 
     mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
 
     MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
 
-    if( mbedtls_mpi_cmp_mpi( param, &L ) >= 0 &&
-        mbedtls_mpi_cmp_mpi( param, &U ) <= 0 )
+    if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
+        mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
     {
-        ret = 0;
+        ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
 
 cleanup: