diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-02-10 18:44:00 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-02-18 11:02:26 +0100 |
| commit | ba37b82045b1b2fbcbf7580b317de5e3b52c8035 (patch) | |
| tree | 96e779b80c7c34adf8913f02bcc557cff6661042 /include | |
| parent | DSA parameter check using pkeyparam (diff) | |
| download | openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.tar.xz openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.zip | |
dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.
Fixes #13950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/dsa.h | 2 | ||||
| -rw-r--r-- | include/internal/ffc.h | 8 | ||||
| -rw-r--r-- | include/openssl/dsaerr.h | 1 |
3 files changed, 8 insertions, 3 deletions
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index 8d282ab188..3da5696795 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -33,7 +33,7 @@ int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]); int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key, BIGNUM *pub_key); -int dsa_check_params(const DSA *dsa, int *ret); +int dsa_check_params(const DSA *dsa, int checktype, int *ret); int dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret); int dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret); int dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret); diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 7653b6e2fa..4cffc720a6 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -162,8 +162,12 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, size_t L, size_t N, int *res, BN_GENCB *cb); -int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type); +int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); +int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params, int type, int *res, BN_GENCB *cb); diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index 49dabbf575..669cd6c87f 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -35,6 +35,7 @@ # define DSA_R_MODULUS_TOO_LARGE 103 # define DSA_R_NO_PARAMETERS_SET 107 # define DSA_R_PARAMETER_ENCODING_ERROR 105 +# define DSA_R_P_NOT_PRIME 115 # define DSA_R_Q_NOT_PRIME 113 # define DSA_R_SEED_LEN_SMALL 110 |