Fix DH private key check.

A recent addition removed setting the dh private key length when a safe prime group is used. The private key validation check was relying on this being set for safe primes. Setting the upper bound no longer checks the length if the value is zero. This caused a failure in the daily build of acvp_tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15760)
author: Shane Lontis <shane.lontis@oracle.com> 2021-06-15 11:56:36 +0200
committer: Matt Caswell <matt@openssl.org> 2021-06-16 12:25:24 +0200
commit: 99325852207e3f8ae970799235de169b40eded75 (patch)
tree: b208b0ea72603cd2131e46292e0341219b8216fa /crypto/dh/dh_check.c
parent: Add a test for fetching various non-evp objects (diff)
download: openssl-99325852207e3f8ae970799235de169b40eded75.tar.xz
openssl-99325852207e3f8ae970799235de169b40eded75.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 61be68bf64..e75d20d862 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -262,7 +262,7 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
     upper = dh->params.q;
 
     /* Is it from an approved Safe prime group ?*/
-    if (DH_get_nid((DH *)dh) != NID_undef) {
+    if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
         if (!BN_lshift(two_powN, BN_value_one(), dh->length))
             goto err;
         if (BN_cmp(two_powN, dh->params.q) < 0)
author	Shane Lontis <shane.lontis@oracle.com>	2021-06-15 11:56:36 +0200
committer	Matt Caswell <matt@openssl.org>	2021-06-16 12:25:24 +0200
commit	99325852207e3f8ae970799235de169b40eded75 (patch)
tree	b208b0ea72603cd2131e46292e0341219b8216fa /crypto/dh/dh_check.c
parent	Add a test for fetching various non-evp objects (diff)
download	openssl-99325852207e3f8ae970799235de169b40eded75.tar.xz openssl-99325852207e3f8ae970799235de169b40eded75.zip