From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 5 Aug 2024 15:54:14 +0000 (+0200)
Subject: dh_kmgmt.c: Avoid expensive public key validation for known safe-prime groups
X-Git-Tag: openssl-3.4.0-alpha1~194
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e70e34d857d4003199bcb5d3b52ca8102ccc1b98;p=thirdparty%2Fopenssl.git

dh_kmgmt.c: Avoid expensive public key validation for known safe-prime groups

The partial validation is fully sufficient to check the key validity.

Thanks to Szilárd Pfeiffer for reporting the issue.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25088)
---

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 82c3093b122..ebdce767102 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype)
     if (pub_key == NULL)
         return 0;
 
-    /* The partial test is only valid for named group's with q = (p - 1) / 2 */
-    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
-        && ossl_dh_is_named_safe_prime_group(dh))
+    /*
+     * The partial test is only valid for named group's with q = (p - 1) / 2
+     * but for that case it is also fully sufficient to check the key validity.
+     */
+    if (ossl_dh_is_named_safe_prime_group(dh))
         return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
 
     return DH_check_pub_key_ex(dh, pub_key);