diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-11-12 17:57:12 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-11-16 17:21:57 +1000 |
commit | 4605c5ab4796e99a207ab54d31bb8d2b5e42f1ca (patch) | |
tree | ec87263a3d718096b3538b77665c60aca48e9e37 /providers/common | |
parent | e557d463331861c740867f069e1cb8029b46c94a (diff) |
Fix dsa securitycheck for fips.
Fixes #12627
Changed security check for DSA verification to match SP800-131Ar2 when
the security strength is < 112.
Fixed compilation error when using config opt 'no-fips-securitychecks'
Removed TODO's from 20-test_cli_fips.t - there is no longer an TODO error.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13387)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/securitycheck.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index a95fa9dda9..9d02536c38 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -129,12 +129,13 @@ int dsa_check_key(const DSA *dsa, int sign) N = BN_num_bits(q); /* - * Valid sizes or verification - Note this could be a fips186-2 type - * key - so we allow 512 also. When this is no longer suppported the - * lower bound should be increased to 1024. + * For Digital signature verification DSA keys with < 112 bits of + * security strength (i.e L < 2048 bits), are still allowed for legacy + * use. The bounds given in SP800 131Ar2 - Table 2 are + * (512 <= L < 2048 and 160 <= N < 224) */ - if (!sign) - return (L >= 512 && N >= 160); + if (!sign && L < 2048) + return (L >= 512 && N >= 160 && N < 224); /* Valid sizes for both sign and verify */ if (L == 2048 && (N == 224 || N == 256)) |