DH: stop setting the private key length arbitrarily

The private key length is supposed to be a user settable parameter. We do check if it's set or not, and if not, we do apply defaults. Fixes #12071 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13140)
2025-05-07 23:19:39 +00:00 · 2020-10-15 07:14:16 +02:00 · 2020-10-15 07:14:16 +02:00 · 28e1d588f1
commit 28e1d588f1
parent 09803e9ce3
3 changed files with 5 additions and 15 deletions
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@ -30,7 +30,7 @@ static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[])

    ret = ossl_ffc_params_fromdata(ffc, params);
    if (ret)
-        dh_cache_named_group(dh); /* This increments dh->dirt_cnt */
+        dh_cache_named_group(dh); /* This increments dh->dirty_cnt */
    return ret;
 }

--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@ -277,7 +277,10 @@ static int generate_key(DH *dh)
                goto err;
 #else
            if (dh->params.q == NULL) {
-                /* secret exponent length */
+                /* secret exponent length, must satisfy 2^(l-1) <= p */
+                if (dh->length != 0
+                    && dh->length >= BN_num_bits(dh->params.p))
+                    goto err;
                l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1;
                if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE,
                                     BN_RAND_BOTTOM_ANY, ctx))
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@ -219,18 +219,6 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)

    ossl_ffc_params_set0_pqg(&dh->params, p, q, g);
    dh_cache_named_group(dh);
-    if (q != NULL)
-        dh->length = BN_num_bits(q);
-    /*
-     * Check if this is a named group. If it finds a named group then the
-     * 'q' and 'length' value are either already set or are set by the
-     * call.
-     */
-    if (DH_get_nid(dh) == NID_undef) {
-        /* If its not a named group then set the 'length' if q is not NULL */
-        if (q != NULL)
-            dh->length = BN_num_bits(q);
-    }
    dh->dirty_cnt++;
    return 1;
 }
@ -264,7 +252,6 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
    if (priv_key != NULL) {
        BN_clear_free(dh->priv_key);
        dh->priv_key = priv_key;
-        dh->length = BN_num_bits(priv_key);
    }

    dh->dirty_cnt++;