Add dsa_check_key() calls on DSA decoding

When decoding a public or a private key, use dsa_check_key() to ensure consistency of the DSA parameters. We do not always have sufficient information to do that, so this is not always possible. This adds new checks and replaces incomplete existing ones. On decoding the private key we will now only calculate the corresponding public key, if the sizes are sensible. This avoids potentially expensive operations. ok beck jsing
author: tb <> 2023-03-04 21:02:21 +0000
committer: tb <> 2023-03-04 21:02:21 +0000
commit: 7923ccd455e02b2cd273c05d55b39515b4c05b77 (patch)
tree: 88ed4bf58f60350806642f02f2ea7ef93d846a72 /src
parent: 98663aed9698c546fe7e0b3f24371011c019a59b (diff)
download: openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.tar.gz
openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.tar.bz2
openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.zip
1 files changed, 17 insertions, 18 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 0d3333d92c..b7a05e72fa 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.39 2023/01/11 04:39:42 jsing Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.40 2023/03/04 21:02:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -118,6 +118,12 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
                goto err;
        }
+        /* We can only check for key consistency if we have parameters. */
+        if (ptype == V_ASN1_SEQUENCE) {
+                if (!dsa_check_key(dsa))
+                        goto err;
+        }
        ASN1_INTEGER_free(public_key);
        EVP_PKEY_assign_DSA(pkey, dsa);
        return 1;
@@ -215,6 +221,11 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
                DSAerror(DSA_R_BN_ERROR);
                goto dsaerr;
        }
+        /* Check the key for basic consistency before doing expensive things. */
+        if (!dsa_check_key(dsa))
+                goto dsaerr;
        /* Calculate public key */
        if (!(dsa->pub_key = BN_new())) {
                DSAerror(ERR_R_MALLOC_FAILURE);
@@ -456,6 +467,10 @@ dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
                DSAerror(ERR_R_DSA_LIB);
                return 0;
        }
+        if (!dsa_check_key(dsa)) {
+                DSA_free(dsa);
+                return 0;
+        }
        EVP_PKEY_assign_DSA(pkey, dsa);
        return 1;
 }
@@ -490,30 +505,14 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
        DSA *dsa;
        BN_CTX *ctx = NULL;
        BIGNUM *j, *p1, *newp1, *powg;
-        int qbits;
        if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
                DSAerror(ERR_R_DSA_LIB);
                return 0;
        }
-        /* FIPS 186-3 allows only three different sizes for q. */
+        if (!dsa_check_key(dsa))
-        qbits = BN_num_bits(dsa->q);
-        if (qbits != 160 && qbits != 224 && qbits != 256) {
-                DSAerror(DSA_R_BAD_Q_VALUE);
-                goto err;
-        }
-        if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
-                DSAerror(DSA_R_MODULUS_TOO_LARGE);
-                goto err;
-        }
-        /* Check that 1 < g < p. */
-        if (BN_cmp(dsa->g, BN_value_one()) <= 0 ||
-            BN_cmp(dsa->g, dsa->p) >= 0) {
-                DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */
                goto err;
-        }
        if ((ctx = BN_CTX_new()) == NULL)
                goto err;
author	tb <>	2023-03-04 21:02:21 +0000
committer	tb <>	2023-03-04 21:02:21 +0000
commit	7923ccd455e02b2cd273c05d55b39515b4c05b77 (patch)
tree	88ed4bf58f60350806642f02f2ea7ef93d846a72 /src
parent	98663aed9698c546fe7e0b3f24371011c019a59b (diff)
download	openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.tar.gz openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.tar.bz2 openbsd-7923ccd455e02b2cd273c05d55b39515b4c05b77.zip