diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-02-10 18:44:00 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-02-18 11:02:26 +0100 |
| commit | ba37b82045b1b2fbcbf7580b317de5e3b52c8035 (patch) | |
| tree | 96e779b80c7c34adf8913f02bcc557cff6661042 /providers | |
| parent | DSA parameter check using pkeyparam (diff) | |
| download | openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.tar.xz openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.zip | |
dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.
Fixes #13950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/dsa_kmgmt.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 28e8409aa2..467f75bb55 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -309,11 +309,11 @@ static const OSSL_PARAM *dsa_gettable_params(void *provctx) return dsa_params; } -static int dsa_validate_domparams(const DSA *dsa) +static int dsa_validate_domparams(const DSA *dsa, int checktype) { int status = 0; - return dsa_check_params(dsa, &status); + return dsa_check_params(dsa, checktype, &status); } static int dsa_validate_public(const DSA *dsa) @@ -350,7 +350,7 @@ static int dsa_validate(const void *keydata, int selection, int checktype) ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && dsa_validate_domparams(dsa); + ok = ok && dsa_validate_domparams(dsa, checktype); if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && dsa_validate_public(dsa); |