diff options
author | Matt Caswell <matt@openssl.org> | 2023-07-07 14:39:48 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-07-19 11:20:04 +0200 |
commit | ede782b4c8868d1f09c9cd237f82b6f35b7dba8b (patch) | |
tree | b68c94e8c624813b6069a3009807183fb2867582 /test/dhtest.c | |
parent | 9e0094e2aa1b3428a12d5095132f133c078d3c3d (diff) |
Add a test for CVE-2023-3446
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)
Diffstat (limited to 'test/dhtest.c')
-rw-r--r-- | test/dhtest.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/test/dhtest.c b/test/dhtest.c index 11812c2283..9ebc7c4e59 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -73,7 +73,7 @@ static int dh_test(void) goto err1; /* check fails, because p is way too small */ - if (!DH_check(dh, &i)) + if (!TEST_true(DH_check(dh, &i))) goto err2; i ^= DH_MODULUS_TOO_SMALL; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) @@ -124,6 +124,17 @@ static int dh_test(void) /* We'll have a stale error on the queue from the above test so clear it */ ERR_clear_error(); + /* Modulus of size: dh check max modulus bits + 1 */ + if (!TEST_true(BN_set_word(p, 1)) + || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) + goto err3; + + /* + * We expect no checks at all for an excessively large modulus + */ + if (!TEST_false(DH_check(dh, &i))) + goto err3; + /* * II) key generation */ @@ -138,7 +149,7 @@ static int dh_test(void) goto err3; /* ... and check whether it is valid */ - if (!DH_check(a, &i)) + if (!TEST_true(DH_check(a, &i))) goto err3; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) |