diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-09-06 23:38:49 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-09-09 14:43:57 +0200 |
commit | feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 (patch) | |
tree | 55d374b46d9a18051f2243f8944d20568c9cd490 /test | |
parent | bfed4fc8367b55e630c70cc038887ddf9b090dd6 (diff) |
Check the DH modulus bit length
The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9796)
Diffstat (limited to 'test')
-rw-r--r-- | test/dhtest.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/test/dhtest.c b/test/dhtest.c index 662a4f32eb..e8a91f17f8 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,14 +63,19 @@ static int dh_test(void) || !TEST_true(DH_set0_pqg(dh, p, q, g))) goto err1; + /* check fails, because p is way too small */ if (!DH_check(dh, &i)) goto err2; + i ^= DH_MODULUS_TOO_SMALL; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) - || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) || !TEST_false(i)) goto err2; @@ -130,6 +135,11 @@ static int dh_test(void) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) || !TEST_false(i)) goto err3; |