diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-09 13:43:10 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-09 13:43:10 +1000 |
commit | 63794b048cbe46ac9abb883df4dd703f522e4643 (patch) | |
tree | 62a0882fc7e5be0e4579440468fb412684636bad /include/internal/ffc.h | |
parent | eae4a008341149783b540198470f04f85b22730e (diff) |
Add multiple fixes for ffc key generation using invalid p,q,g parameters.
Fixes #11864
- The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is
possible that dsa keygen can either hang or segfault.
The fix was to do a partial validation of p, q, and g inside the keygen.
- Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!).
It freed internal object members without setting them to NULL.
- Changed the FFC key validation to accept 1024 bit keys in non fips mode.
- Added tests that use both the default provider & fips provider to test these cases.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12176)
Diffstat (limited to 'include/internal/ffc.h')
-rw-r--r-- | include/internal/ffc.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/internal/ffc.h b/include/internal/ffc.h index 2ed5d72c5c..b352b8d345 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -155,6 +155,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb); +int ffc_params_simple_validate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type); int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, int type, int *res, BN_GENCB *cb); int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, |