[openssl] master update
Matt Caswell
matt at openssl.org
Wed Jun 16 10:28:47 UTC 2021
The branch master has been updated
via 99325852207e3f8ae970799235de169b40eded75 (commit)
from d66ff761d209f1ab1ec931f74c15a69743e612da (commit)
- Log -----------------------------------------------------------------
commit 99325852207e3f8ae970799235de169b40eded75
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Jun 15 19:56:36 2021 +1000
Fix DH private key check.
A recent addition removed setting the dh private key length when
a safe prime group is used. The private key validation check was relying on this
being set for safe primes. Setting the upper bound no longer checks the
length if the value is zero.
This caused a failure in the daily build of acvp_tests.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15760)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_check.c | 2 +-
crypto/dh/dh_lib.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 61be68bf64..e75d20d862 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -262,7 +262,7 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
upper = dh->params.q;
/* Is it from an approved Safe prime group ?*/
- if (DH_get_nid((DH *)dh) != NID_undef) {
+ if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
if (!BN_lshift(two_powN, BN_value_one(), dh->length))
goto err;
if (BN_cmp(two_powN, dh->params.q) < 0)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index f5e0f893c1..7154f8c2ab 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -202,6 +202,7 @@ int DH_size(const DH *dh)
int DH_security_bits(const DH *dh)
{
int N;
+
if (dh->params.q != NULL)
N = BN_num_bits(dh->params.q);
else if (dh->length)
More information about the openssl-commits
mailing list