1 files changed, 13 insertions, 24 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 495c32cbae..f282caae06 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.41 2023/03/04 21:08:14 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.42 2023/03/04 21:42:49 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -504,7 +504,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
 {
        DSA *dsa;
        BN_CTX *ctx = NULL;
-        BIGNUM *j, *p1, *newp1, *powg;
+        BIGNUM *result;
        if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
                DSAerror(ERR_R_DSA_LIB);
@@ -519,30 +519,19 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
        BN_CTX_start(ctx);
-        /*
+        if ((result = BN_CTX_get(ctx)) == NULL)
-         * Check that p and q are consistent with each other.
-         */
-        if ((j = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((p1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((newp1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((powg = BN_CTX_get(ctx)) == NULL)
                goto err;
-        /* p1 = p - 1 */
+        /*
-        if (BN_sub(p1, dsa->p, BN_value_one()) == 0)
+         * Check that p and q are consistent with each other. dsa_check_key()
-                goto err;
+         * ensures that 1 < q < p. Now check that q divides p - 1.
+         */
-        /* j = (p - 1) / q */
+        if (!BN_sub(result, dsa->p, BN_value_one()))
-        if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0)
                goto err;
+        if (!BN_mod_ct(result, result, dsa->q, ctx))
-        /* q * j should == p - 1 */
-        if (BN_mul(newp1, dsa->q, j, ctx) == 0)
                goto err;
-        if (BN_cmp(newp1, p1) != 0) {
+        if (!BN_is_zero(result)) {
                DSAerror(DSA_R_BAD_Q_VALUE);
                goto err;
        }
@@ -553,10 +542,10 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
         * Once we know that q is prime, this is enough.
         */
-        if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx))
+        if (!BN_mod_exp_ct(result, dsa->g, dsa->q, dsa->p, ctx))
                goto err;
-        if (BN_cmp(powg, BN_value_one()) != 0) {
+        if (BN_cmp(result, BN_value_one()) != 0) {
-                DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */
+                DSAerror(DSA_R_INVALID_PARAMETERS);
                goto err;
        }

diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 495c32cbae..f282caae06 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dsa_ameth.c,v 1.41 2023/03/04 21:08:14 tb Exp $ */	1	/* $OpenBSD: dsa_ameth.c,v 1.42 2023/03/04 21:42:49 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -504,7 +504,7 @@ old_dsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
504	{	504	{
505	DSA *dsa;	505	DSA *dsa;
506	BN_CTX *ctx = NULL;	506	BN_CTX *ctx = NULL;
507	BIGNUM j, p1, newp1, powg;	507	BIGNUM *result;
508		508
509	if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {	509	if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
510	DSAerror(ERR_R_DSA_LIB);	510	DSAerror(ERR_R_DSA_LIB);
@@ -519,30 +519,19 @@ old_dsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
519		519
520	BN_CTX_start(ctx);	520	BN_CTX_start(ctx);
521		521
522	/*	522	if ((result = BN_CTX_get(ctx)) == NULL)
523	* Check that p and q are consistent with each other.
524	*/
525	if ((j = BN_CTX_get(ctx)) == NULL)
526	goto err;
527	if ((p1 = BN_CTX_get(ctx)) == NULL)
528	goto err;
529	if ((newp1 = BN_CTX_get(ctx)) == NULL)
530	goto err;
531	if ((powg = BN_CTX_get(ctx)) == NULL)
532	goto err;	523	goto err;
533		524
534	/* p1 = p - 1 */	525	/*
535	if (BN_sub(p1, dsa->p, BN_value_one()) == 0)	526	* Check that p and q are consistent with each other. dsa_check_key()
536	goto err;	527	* ensures that 1 < q < p. Now check that q divides p - 1.
		528	*/
537		529
538	/* j = (p - 1) / q */	530	if (!BN_sub(result, dsa->p, BN_value_one()))
539	if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0)
540	goto err;	531	goto err;
541		532	if (!BN_mod_ct(result, result, dsa->q, ctx))
542	/* q * j should == p - 1 */
543	if (BN_mul(newp1, dsa->q, j, ctx) == 0)
544	goto err;	533	goto err;
545	if (BN_cmp(newp1, p1) != 0) {	534	if (!BN_is_zero(result)) {
546	DSAerror(DSA_R_BAD_Q_VALUE);	535	DSAerror(DSA_R_BAD_Q_VALUE);
547	goto err;	536	goto err;
548	}	537	}
@@ -553,10 +542,10 @@ old_dsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
553	* Once we know that q is prime, this is enough.	542	* Once we know that q is prime, this is enough.
554	*/	543	*/
555		544
556	if (!BN_mod_exp_ct(powg, dsa->g, dsa->q, dsa->p, ctx))	545	if (!BN_mod_exp_ct(result, dsa->g, dsa->q, dsa->p, ctx))
557	goto err;	546	goto err;
558	if (BN_cmp(powg, BN_value_one()) != 0) {	547	if (BN_cmp(result, BN_value_one()) != 0) {
559	DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */	548	DSAerror(DSA_R_INVALID_PARAMETERS);
560	goto err;	549	goto err;
561	}	550	}
562		551