summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorTomas Mraz <tomas@openssl.org>2021-02-10 18:44:00 +0100
committerTomas Mraz <tomas@openssl.org>2021-02-18 11:02:26 +0100
commitba37b82045b1b2fbcbf7580b317de5e3b52c8035 (patch)
tree96e779b80c7c34adf8913f02bcc557cff6661042 /providers
parentebcaf110b250cd55281500fa1debef806ab490f0 (diff)
dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
Diffstat (limited to 'providers')
-rw-r--r--providers/implementations/keymgmt/dsa_kmgmt.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 28e8409aa2..467f75bb55 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -309,11 +309,11 @@ static const OSSL_PARAM *dsa_gettable_params(void *provctx)
return dsa_params;
}
-static int dsa_validate_domparams(const DSA *dsa)
+static int dsa_validate_domparams(const DSA *dsa, int checktype)
{
int status = 0;
- return dsa_check_params(dsa, &status);
+ return dsa_check_params(dsa, checktype, &status);
}
static int dsa_validate_public(const DSA *dsa)
@@ -350,7 +350,7 @@ static int dsa_validate(const void *keydata, int selection, int checktype)
ok = 1;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
- ok = ok && dsa_validate_domparams(dsa);
+ ok = ok && dsa_validate_domparams(dsa, checktype);
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && dsa_validate_public(dsa);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 12:03:03 +0000