diff options
| author | Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | 2016-10-03 17:54:06 +0200 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-11-14 14:56:09 +0100 |
| commit | af5474126546b558b0e6f8be4bec4b70977e24b7 (patch) | |
| tree | 8d042d5a56089fe5d7d1ec33ee44c1c991889e4d /crypto/dsa | |
| parent | Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows" (diff) | |
| download | openssl-af5474126546b558b0e6f8be4bec4b70977e24b7.tar.xz openssl-af5474126546b558b0e6f8be4bec4b70977e24b7.zip | |
dsa/dsa_gen: add error message for seed_len < 0
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
Diffstat (limited to 'crypto/dsa')
| -rw-r--r-- | crypto/dsa/dsa_err.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 6de49eebbd..b8f0af4662 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -21,7 +21,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, + {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, @@ -56,6 +56,8 @@ static ERR_STRING_DATA DSA_str_reasons[] = { {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"}, {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, + {ERR_REASON(DSA_R_SEED_LEN_SMALL), + "seed_len is less than the length of q"}, {0, NULL} }; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 11f422e4b4..3efeab84fa 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -74,8 +74,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, bits = (bits + 63) / 64 * 64; if (seed_in != NULL) { - if (seed_len < (size_t)qsize) + if (seed_len < (size_t)qsize) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL); return 0; + } if (seed_len > (size_t)qsize) { /* Only consume as much seed as is expected. */ seed_len = qsize; |