From 738ee1819e3bb94723701fb505ce2971afe47a9b Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Mon, 20 Apr 2020 11:07:38 +1000
Subject: Fix DH_get_nid() so that it does not cache values.

DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
---
 providers/implementations/keymgmt/dh_kmgmt.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'providers')

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 31a7c0b..f09654c 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -65,6 +65,7 @@ struct dh_gen_ctx {
     int generator; /* Used by DH_PARAMGEN_TYPE_GENERATOR in non fips mode only */
     int pcounter;
     int hindex;
+    int priv_len;
 
     OSSL_CALLBACK *cb;
     void *cbarg;
@@ -432,20 +433,16 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
         gctx->gen_type = DH_PARAMGEN_TYPE_GROUP;
     }
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR);
-    if (p != NULL
-        && !OSSL_PARAM_get_int(p, &gctx->generator))
+    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator))
         return 0;
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
-    if (p != NULL
-        && !OSSL_PARAM_get_int(p, &gctx->gindex))
+    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->gindex))
         return 0;
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
-    if (p != NULL
-        && !OSSL_PARAM_get_int(p, &gctx->pcounter))
+    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->pcounter))
         return 0;
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
-    if (p != NULL
-        && !OSSL_PARAM_get_int(p, &gctx->hindex))
+    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->hindex))
         return 0;
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
     if (p != NULL
@@ -476,6 +473,9 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[])
         if (gctx->md == NULL)
             return 0;
     }
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
+    if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len))
+        return 0;
     return 1;
 }
 
@@ -493,6 +493,7 @@ static const OSSL_PARAM *dh_gen_settable_params(void *provctx)
         OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
+        OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
         OSSL_PARAM_END
     };
     return settable;
@@ -577,6 +578,8 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
         if (ffc->p == NULL || ffc->g == NULL)
             goto end;
+        if (gctx->priv_len > 0)
+            DH_set_length(dh, (long)gctx->priv_len);
         if (DH_generate_key(dh) <= 0)
             goto end;
     }
-- 
cgit v1.1