diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dh/dh_err.c | 3 | ||||
-rw-r--r-- | crypto/dh/dh_gen.c | 2 | ||||
-rw-r--r-- | crypto/dsa/dsa_err.c | 3 | ||||
-rw-r--r-- | crypto/dsa/dsa_pmeth.c | 2 | ||||
-rw-r--r-- | crypto/err/openssl.txt | 2 | ||||
-rw-r--r-- | crypto/ffc/ffc_params_generate.c | 9 |
6 files changed, 17 insertions, 4 deletions
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index e5eb32381d..a8243ec987 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 327f6ff610..8c1518ad9b 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -68,7 +68,7 @@ int dh_get_named_group_uid_from_size(int pbits) * Just choose an approved safe prime group. * The alternative to this is to generate FIPS186-4 domain parameters i.e. * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb); - * As the FIPS186-4 generated params are for backwards compatability, + * As the FIPS186-4 generated params are for backwards compatibility, * the safe prime group should be used as the default. */ int nid; diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index f4d187e4b9..6bf7accacf 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 750d0168fa..7f7f57f6d3 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -221,7 +221,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dctx->nbits, dctx->qbits, dctx->pmd, &res, pcb); BN_GENCB_free(pcb); - if (ret) + if (ret > 0) EVP_PKEY_assign_DSA(pkey, dsa); else DSA_free(dsa); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8afc67e747..9b252e3827 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2341,6 +2341,7 @@ CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type CT_R_UNSUPPORTED_VERSION:103:unsupported version +DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters DH_R_BAD_GENERATOR:101:bad generator DH_R_BN_DECODE_ERROR:109:bn decode error DH_R_BN_ERROR:106:bn error @@ -2368,6 +2369,7 @@ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error DH_R_PEER_KEY_ERROR:111:peer key error DH_R_SHARED_INFO_ERROR:113:shared info error DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator +DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters DSA_R_BAD_Q_VALUE:102:bad q value DSA_R_BN_DECODE_ERROR:108:bn decode error DSA_R_BN_ERROR:109:bn error diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 1d8d80c9b4..624c24dd21 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -27,6 +27,9 @@ #include <string.h> /* memset */ #include <openssl/sha.h> /* SHA_DIGEST_LENGTH */ #include <openssl/rand.h> +#include <openssl/err.h> +#include <openssl/dherr.h> +#include <openssl/dsaerr.h> #include "crypto/bn.h" #include "internal/ffc.h" @@ -40,6 +43,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) return 112; +#ifndef OPENSSL_NO_DH + DHerr(0, DH_R_BAD_FFC_PARAMETERS); +#endif } else if (type == FFC_PARAM_TYPE_DSA) { /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ if (L == 1024 && N == 160) @@ -48,6 +54,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) return 112; if (L == 3072 && N == 256) return 128; +#ifndef OPENSSL_NO_DSA + DSAerr(0, DSA_R_BAD_FFC_PARAMETERS); +#endif } return 0; } |