diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-04-12 15:36:05 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-06-15 11:02:30 +0200 |
commit | 0615cedecda7ed18300db48b0bb56cec6d3527bd (patch) | |
tree | e6be08667c07363a1738f39474977f11ee8f5c2d /crypto/dh | |
parent | 14f95126c098358c434d59835834f9f0be7ea498 (diff) |
ossl_dh_check_priv_key: Do not fail on private keys without q
Fixes #18098
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18099)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_check.c | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index e75d20d862..e7f567bd3d 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -257,22 +257,43 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) two_powN = BN_new(); if (two_powN == NULL) return 0; - if (dh->params.q == NULL) - goto err; - upper = dh->params.q; + + if (dh->params.q != NULL) { + upper = dh->params.q; +#ifndef FIPS_MODULE + } else if (dh->params.p != NULL) { + /* + * We do not have q so we just check the key is within some + * reasonable range, or the number of bits is equal to dh->length. + */ + int length = dh->length; + + if (length == 0) { + length = BN_num_bits(dh->params.p) - 1; + if (BN_num_bits(priv_key) <= length + && BN_num_bits(priv_key) > 1) + ok = 1; + } else if (BN_num_bits(priv_key) == length) { + ok = 1; + } + goto end; +#endif + } else { + goto end; + } /* Is it from an approved Safe prime group ?*/ if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) { if (!BN_lshift(two_powN, BN_value_one(), dh->length)) - goto err; + goto end; if (BN_cmp(two_powN, dh->params.q) < 0) upper = two_powN; } if (!ossl_ffc_validate_private_key(upper, priv_key, ret)) - goto err; + goto end; ok = 1; -err: +end: BN_free(two_powN); return ok; } |