diff options
Diffstat (limited to 'crypto/dsa')
| -rw-r--r-- | crypto/dsa/dsa_check.c | 44 | ||||
| -rw-r--r-- | crypto/dsa/dsa_ossl.c | 9 |
2 files changed, 45 insertions, 8 deletions
diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index 7b6d7df88f..e1375dfad9 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -19,8 +19,34 @@ #include "dsa_local.h" #include "crypto/dsa.h" +static int dsa_precheck_params(const DSA *dsa, int *ret) +{ + if (dsa->params.p == NULL || dsa->params.q == NULL) { + ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { + ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); + *ret = FFC_CHECK_INVALID_PQ; + return 0; + } + + return 1; +} + int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, FFC_PARAM_TYPE_DSA, ret); @@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) && *ret == 0; } @@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { + if (!dsa_precheck_params(dsa, ret)) + return 0; + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) && *ret == 0; } @@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) { *ret = 0; - return (dsa->params.q != NULL - && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); + if (!dsa_precheck_params(dsa, ret)) + return 0; + + return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); } /* @@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa) BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL; - if (dsa->params.p == NULL - || dsa->params.g == NULL + if (!dsa_precheck_params(dsa, &ret)) + return 0; + + if (dsa->params.g == NULL || dsa->priv_key == NULL || dsa->pub_key == NULL) return 0; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 234362b6d7..409830092d 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -282,13 +282,14 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * We calculate k from SHA512(private_key + H(message) + random). * This protects the private key from a weak PRNG. */ - if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst, - dlen, ctx)) + if (!ossl_bn_gen_dsa_nonce_fixed_top(k, dsa->params.q, + dsa->priv_key, dgst, + dlen, ctx)) goto err; } - } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx)) + } else if (!ossl_bn_priv_rand_range_fixed_top(k, dsa->params.q, 0, ctx)) goto err; - } while (BN_is_zero(k)); + } while (ossl_bn_is_word_fixed_top(k, 0)); BN_set_flags(k, BN_FLG_CONSTTIME); BN_set_flags(l, BN_FLG_CONSTTIME); |