diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ameth.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 0d3333d92c..b7a05e72fa 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ameth.c,v 1.39 2023/01/11 04:39:42 jsing Exp $ */ | 1 | /* $OpenBSD: dsa_ameth.c,v 1.40 2023/03/04 21:02:21 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -118,6 +118,12 @@ dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |||
| 118 | goto err; | 118 | goto err; |
| 119 | } | 119 | } |
| 120 | 120 | ||
| 121 | /* We can only check for key consistency if we have parameters. */ | ||
| 122 | if (ptype == V_ASN1_SEQUENCE) { | ||
| 123 | if (!dsa_check_key(dsa)) | ||
| 124 | goto err; | ||
| 125 | } | ||
| 126 | |||
| 121 | ASN1_INTEGER_free(public_key); | 127 | ASN1_INTEGER_free(public_key); |
| 122 | EVP_PKEY_assign_DSA(pkey, dsa); | 128 | EVP_PKEY_assign_DSA(pkey, dsa); |
| 123 | return 1; | 129 | return 1; |
| @@ -215,6 +221,11 @@ dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) | |||
| 215 | DSAerror(DSA_R_BN_ERROR); | 221 | DSAerror(DSA_R_BN_ERROR); |
| 216 | goto dsaerr; | 222 | goto dsaerr; |
| 217 | } | 223 | } |
| 224 | |||
| 225 | /* Check the key for basic consistency before doing expensive things. */ | ||
| 226 | if (!dsa_check_key(dsa)) | ||
| 227 | goto dsaerr; | ||
| 228 | |||
| 218 | /* Calculate public key */ | 229 | /* Calculate public key */ |
| 219 | if (!(dsa->pub_key = BN_new())) { | 230 | if (!(dsa->pub_key = BN_new())) { |
| 220 | DSAerror(ERR_R_MALLOC_FAILURE); | 231 | DSAerror(ERR_R_MALLOC_FAILURE); |
| @@ -456,6 +467,10 @@ dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 456 | DSAerror(ERR_R_DSA_LIB); | 467 | DSAerror(ERR_R_DSA_LIB); |
| 457 | return 0; | 468 | return 0; |
| 458 | } | 469 | } |
| 470 | if (!dsa_check_key(dsa)) { | ||
| 471 | DSA_free(dsa); | ||
| 472 | return 0; | ||
| 473 | } | ||
| 459 | EVP_PKEY_assign_DSA(pkey, dsa); | 474 | EVP_PKEY_assign_DSA(pkey, dsa); |
| 460 | return 1; | 475 | return 1; |
| 461 | } | 476 | } |
| @@ -490,30 +505,14 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 490 | DSA *dsa; | 505 | DSA *dsa; |
| 491 | BN_CTX *ctx = NULL; | 506 | BN_CTX *ctx = NULL; |
| 492 | BIGNUM *j, *p1, *newp1, *powg; | 507 | BIGNUM *j, *p1, *newp1, *powg; |
| 493 | int qbits; | ||
| 494 | 508 | ||
| 495 | if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { | 509 | if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { |
| 496 | DSAerror(ERR_R_DSA_LIB); | 510 | DSAerror(ERR_R_DSA_LIB); |
| 497 | return 0; | 511 | return 0; |
| 498 | } | 512 | } |
| 499 | 513 | ||
| 500 | /* FIPS 186-3 allows only three different sizes for q. */ | 514 | if (!dsa_check_key(dsa)) |
| 501 | qbits = BN_num_bits(dsa->q); | ||
| 502 | if (qbits != 160 && qbits != 224 && qbits != 256) { | ||
| 503 | DSAerror(DSA_R_BAD_Q_VALUE); | ||
| 504 | goto err; | ||
| 505 | } | ||
| 506 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { | ||
| 507 | DSAerror(DSA_R_MODULUS_TOO_LARGE); | ||
| 508 | goto err; | ||
| 509 | } | ||
| 510 | |||
| 511 | /* Check that 1 < g < p. */ | ||
| 512 | if (BN_cmp(dsa->g, BN_value_one()) <= 0 || | ||
| 513 | BN_cmp(dsa->g, dsa->p) >= 0) { | ||
| 514 | DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); /* XXX */ | ||
| 515 | goto err; | 515 | goto err; |
| 516 | } | ||
| 517 | 516 | ||
| 518 | if ((ctx = BN_CTX_new()) == NULL) | 517 | if ((ctx = BN_CTX_new()) == NULL) |
| 519 | goto err; | 518 | goto err; |