diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2021-06-10 10:14:03 +0200 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-06-14 01:21:12 +0200 |
| commit | 1c49be8673713d2ceb03a63be03531d9b28a46bd (patch) | |
| tree | 03de6cf281166362041a4966ee5b6ebfdbb48b08 /crypto | |
| parent | When linking to static libssl always link to static libcrypto (diff) | |
| download | openssl-1c49be8673713d2ceb03a63be03531d9b28a46bd.tar.xz openssl-1c49be8673713d2ceb03a63be03531d9b28a46bd.zip | |
Fix DH/DHX named groups to not overwrite the private key length.
The only reason(s) the DH private key length should be set are:
(1) The user sets it during key generation via EVP_PKEY_CTX_set_params
using OSSL_PKEY_PARAM_DH_PRIV_LEN.
(2) When loading a PKCS3 (DH) key the optional value
'privateValueLength' is set.
Now that the named groups contain a value for 'q' there is no reason to
automatically overwrite the private key length.
Issue detected by @davidmakepeace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15695)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/dh/dh_group_params.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c index ff6d7cdd66..c71f4053da 100644 --- a/crypto/dh/dh_group_params.c +++ b/crypto/dh/dh_group_params.c @@ -34,7 +34,6 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) ossl_ffc_named_group_set_pqg(&dh->params, group); dh->params.nid = ossl_ffc_named_group_get_uid(group); - dh->length = BN_num_bits(dh->params.q); dh->dirty_cnt++; return dh; } @@ -76,7 +75,6 @@ void ossl_dh_cache_named_group(DH *dh) dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group); /* cache the nid */ dh->params.nid = ossl_ffc_named_group_get_uid(group); - dh->length = BN_num_bits(dh->params.q); dh->dirty_cnt++; } } |