diff options
| author | tb <> | 2023-03-04 21:06:17 +0000 |
|---|---|---|
| committer | tb <> | 2023-03-04 21:06:17 +0000 |
| commit | f09e38cd3517c1f0da9ca1c87cb3d08add98865c (patch) | |
| tree | a91936f1168cf10d99aab8b857ff9c06247bb271 /src | |
| parent | 7923ccd455e02b2cd273c05d55b39515b4c05b77 (diff) | |
| download | openbsd-f09e38cd3517c1f0da9ca1c87cb3d08add98865c.tar.gz openbsd-f09e38cd3517c1f0da9ca1c87cb3d08add98865c.tar.bz2 openbsd-f09e38cd3517c1f0da9ca1c87cb3d08add98865c.zip | |
Call dsa_check_keys() before signing or verifying
We already had some checks on both sides, but they were less precise
and differed between the functions. The code here is messy enough, so
any simplification is helpful...
ok beck jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index fd5fac64bb..d32168a48e 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ossl.c,v 1.48 2023/02/13 09:21:35 tb Exp $ */ | 1 | /* $OpenBSD: dsa_ossl.c,v 1.49 2023/03/04 21:06:17 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -102,8 +102,8 @@ dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 102 | DSA_SIG *ret = NULL; | 102 | DSA_SIG *ret = NULL; |
| 103 | int noredo = 0; | 103 | int noredo = 0; |
| 104 | 104 | ||
| 105 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { | 105 | if (!dsa_check_key(dsa)) { |
| 106 | reason = DSA_R_MISSING_PARAMETERS; | 106 | reason = DSA_R_INVALID_PARAMETERS; |
| 107 | goto err; | 107 | goto err; |
| 108 | } | 108 | } |
| 109 | 109 | ||
| @@ -218,10 +218,8 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 218 | int q_bits; | 218 | int q_bits; |
| 219 | int ret = 0; | 219 | int ret = 0; |
| 220 | 220 | ||
| 221 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { | 221 | if (!dsa_check_key(dsa)) |
| 222 | DSAerror(DSA_R_MISSING_PARAMETERS); | 222 | goto err; |
| 223 | return 0; | ||
| 224 | } | ||
| 225 | 223 | ||
| 226 | if ((r = BN_new()) == NULL) | 224 | if ((r = BN_new()) == NULL) |
| 227 | goto err; | 225 | goto err; |
| @@ -325,21 +323,8 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |||
| 325 | int qbits; | 323 | int qbits; |
| 326 | int ret = -1; | 324 | int ret = -1; |
| 327 | 325 | ||
| 328 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { | 326 | if (!dsa_check_key(dsa)) |
| 329 | DSAerror(DSA_R_MISSING_PARAMETERS); | 327 | goto err; |
| 330 | return -1; | ||
| 331 | } | ||
| 332 | |||
| 333 | /* FIPS 186-3 allows only three different sizes for q. */ | ||
| 334 | qbits = BN_num_bits(dsa->q); | ||
| 335 | if (qbits != 160 && qbits != 224 && qbits != 256) { | ||
| 336 | DSAerror(DSA_R_BAD_Q_VALUE); | ||
| 337 | return -1; | ||
| 338 | } | ||
| 339 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { | ||
| 340 | DSAerror(DSA_R_MODULUS_TOO_LARGE); | ||
| 341 | return -1; | ||
| 342 | } | ||
| 343 | 328 | ||
| 344 | if ((ctx = BN_CTX_new()) == NULL) | 329 | if ((ctx = BN_CTX_new()) == NULL) |
| 345 | goto err; | 330 | goto err; |
| @@ -370,8 +355,9 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |||
| 370 | 355 | ||
| 371 | /* | 356 | /* |
| 372 | * If the digest length is greater than the size of q use the | 357 | * If the digest length is greater than the size of q use the |
| 373 | * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. | 358 | * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-4, 4.2. |
| 374 | */ | 359 | */ |
| 360 | qbits = BN_num_bits(dsa->q); | ||
| 375 | if (dgst_len > (qbits >> 3)) | 361 | if (dgst_len > (qbits >> 3)) |
| 376 | dgst_len = (qbits >> 3); | 362 | dgst_len = (qbits >> 3); |
| 377 | 363 | ||