Change DH_get_nid() to set the value of q if it is not already set

Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)

1 files changed, 9 insertions, 2 deletions

diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c
index b8c85480c1..078e8d39a1 100644
--- a/crypto/ffc/ffc_key_generate.c
+++ b/crypto/ffc/ffc_key_generate.c
@@ -36,13 +36,19 @@ int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
 int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params,
                                   int N, int s, BIGNUM *priv)
 {
-    int ret = 0;
+    int ret = 0, qbits = BN_num_bits(params->q);
     BIGNUM *m, *two_powN = NULL;
 
     /* Step (2) : check range of N */
-    if (N < 2 * s || N > BN_num_bits(params->q))
+    if (N < 2 * s || N > qbits)
         return 0;
 
+    /* Deal with the edge case where the value of N is not set */
+    if (N == 0) {
+        N = qbits;
+        s = N / 2;
+    }
+
     two_powN = BN_new();
     /* 2^N */
     if (two_powN == NULL || !BN_lshift(two_powN, BN_value_one(), N))
@@ -50,6 +56,7 @@ int ffc_generate_private_key_fips(BN_CTX *ctx, const FFC_PARAMS *params,
 
     /* Step (5) : M = min(2 ^ N, q) */
     m = (BN_cmp(two_powN, params->q) > 0) ? params->q : two_powN;
+
     do {
         /* Steps (3, 4 & 7) :  c + 1 = 1 + random[0..2^N - 1] */
         if (!BN_priv_rand_range_ex(priv, two_powN, ctx)