[openssl] master update

Richard Levitte levitte at openssl.org
Tue Oct 27 14:14:05 UTC 2020


The branch master has been updated
       via  28e1d588f14404d480cc2bd38827ecd587625643 (commit)
      from  09803e9ce3a8a555e7014ebd11b4c80f9d300cf0 (commit)


- Log -----------------------------------------------------------------
commit 28e1d588f14404d480cc2bd38827ecd587625643
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Oct 15 07:14:16 2020 +0200

    DH: stop setting the private key length arbitrarily
    
    The private key length is supposed to be a user settable parameter.
    We do check if it's set or not, and if not, we do apply defaults.
    
    Fixes #12071
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13140)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_backend.c |  2 +-
 crypto/dh/dh_key.c     |  5 ++++-
 crypto/dh/dh_lib.c     | 13 -------------
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 1ce29e652d..cc8d064c4e 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -30,7 +30,7 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])
 
     ret = ossl_ffc_params_fromdata(ffc, params);
     if (ret)
-        dh_cache_named_group(dh); /* This increments dh->dirt_cnt */
+        dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
     return ret;
 }
 
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 90802633a6..930b33a33b 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -277,7 +277,10 @@ static int generate_key(DH *dh)
                 goto err;
 #else
             if (dh->params.q == NULL) {
-                /* secret exponent length */
+                /* secret exponent length, must satisfy 2^(l-1) <= p */
+                if (dh->length != 0
+                    && dh->length >= BN_num_bits(dh->params.p))
+                    goto err;
                 l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1;
                 if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE,
                                      BN_RAND_BOTTOM_ANY, ctx))
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 6280472ade..207e7b06c6 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -219,18 +219,6 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
 
     ossl_ffc_params_set0_pqg(&dh->params, p, q, g);
     dh_cache_named_group(dh);
-    if (q != NULL)
-        dh->length = BN_num_bits(q);
-    /*
-     * Check if this is a named group. If it finds a named group then the
-     * 'q' and 'length' value are either already set or are set by the
-     * call.
-     */
-    if (DH_get_nid(dh) == NID_undef) {
-        /* If its not a named group then set the 'length' if q is not NULL */
-        if (q != NULL)
-            dh->length = BN_num_bits(q);
-    }
     dh->dirty_cnt++;
     return 1;
 }
@@ -264,7 +252,6 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
     if (priv_key != NULL) {
         BN_clear_free(dh->priv_key);
         dh->priv_key = priv_key;
-        dh->length = BN_num_bits(priv_key);
     }
 
     dh->dirty_cnt++;


More information about the openssl-commits mailing list