ossl_dh_check_priv_key: Do not fail on private keys without q

Fixes #18098 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18099)
2024-12-09 05:51:54 +08:00 · 2022-04-12 15:36:05 +02:00 · 2022-04-12 15:36:05 +02:00 · 0615cedecd
commit 0615cedecd
parent 14f95126c0
1 changed files with 27 additions and 6 deletions
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@ -257,22 +257,43 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
    two_powN = BN_new();
    if (two_powN == NULL)
        return 0;
-    if (dh->params.q == NULL)
-        goto err;
-    upper = dh->params.q;
+
+    if (dh->params.q != NULL) {
+        upper = dh->params.q;
+#ifndef FIPS_MODULE
+    } else if (dh->params.p != NULL) {
+        /*
+         * We do not have q so we just check the key is within some
+         * reasonable range, or the number of bits is equal to dh->length.
+         */
+        int length = dh->length;
+
+        if (length == 0) {
+            length = BN_num_bits(dh->params.p) - 1;
+            if (BN_num_bits(priv_key) <= length
+                && BN_num_bits(priv_key) > 1)
+                ok = 1;
+        } else if (BN_num_bits(priv_key) == length) {
+            ok = 1;
+        }
+        goto end;
+#endif
+    } else {
+        goto end;
+    }

    /* Is it from an approved Safe prime group ?*/
    if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
        if (!BN_lshift(two_powN, BN_value_one(), dh->length))
-            goto err;
+            goto end;
        if (BN_cmp(two_powN, dh->params.q) < 0)
            upper = two_powN;
    }
    if (!ossl_ffc_validate_private_key(upper, priv_key, ret))
-        goto err;
+        goto end;

    ok = 1;
-err:
+end:
    BN_free(two_powN);
    return ok;
 }