Check the DH modulus bit length

The check was missing in DH_check and DH_check_params. [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9796)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-09-06 23:38:49 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-09-09 14:43:57 +0200
commit: feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 (patch)
tree: 55d374b46d9a18051f2243f8944d20568c9cd490 /test/dhtest.c
parent: bfed4fc8367b55e630c70cc038887ddf9b090dd6 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/test/dhtest.c b/test/dhtest.c
index 662a4f32eb..e8a91f17f8 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -63,14 +63,19 @@ static int dh_test(void)
         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
         goto err1;
 
+    /* check fails, because p is way too small */
     if (!DH_check(dh, &i))
         goto err2;
+    i ^= DH_MODULUS_TOO_SMALL;
     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
-            || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
-            || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
             || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
             || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
+            || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
+            || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
+            || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
+            || !TEST_false(i & DH_MODULUS_TOO_SMALL)
+            || !TEST_false(i & DH_MODULUS_TOO_LARGE)
             || !TEST_false(i))
         goto err2;
 
@@ -130,6 +135,11 @@ static int dh_test(void)
             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
             || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
             || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
+            || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
+            || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
+            || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
+            || !TEST_false(i & DH_MODULUS_TOO_SMALL)
+            || !TEST_false(i & DH_MODULUS_TOO_LARGE)
             || !TEST_false(i))
         goto err3;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-09-06 23:38:49 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-09-09 14:43:57 +0200
commit	feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 (patch)
tree	55d374b46d9a18051f2243f8944d20568c9cd490 /test/dhtest.c
parent	bfed4fc8367b55e630c70cc038887ddf9b090dd6 (diff)