From ba37b82045b1b2fbcbf7580b317de5e3b52c8035 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 10 Feb 2021 18:44:00 +0100
Subject: dsa_check: Perform simple parameter check if seed is not available

Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.

Fixes #13950

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
---
 crypto/dsa/dsa_check.c | 19 ++++++++++++-------
 crypto/dsa/dsa_err.c   |  1 +
 crypto/dsa/dsa_key.c   |  2 +-
 3 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'crypto/dsa')

diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c
index 9a1b129df8..7f56a785ab 100644
--- a/crypto/dsa/dsa_check.c
+++ b/crypto/dsa/dsa_check.c
@@ -19,14 +19,19 @@
 #include "dsa_local.h"
 #include "crypto/dsa.h"
 
-int dsa_check_params(const DSA *dsa, int *ret)
+int dsa_check_params(const DSA *dsa, int checktype, int *ret)
 {
-    /*
-     * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
-     * validity tests.
-     */
-    return ossl_ffc_params_FIPS186_4_validate(dsa->libctx, &dsa->params,
-                                              FFC_PARAM_TYPE_DSA, ret, NULL);
+    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
+        return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
+                                               FFC_PARAM_TYPE_DSA, ret);
+    else
+        /*
+         * Do full FFC domain params validation according to FIPS-186-4
+         *  - always in FIPS_MODULE
+         *  - only if possible (i.e., seed is set) in default provider
+         */
+        return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params,
+                                             FFC_PARAM_TYPE_DSA, ret);
 }
 
 /*
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 99fc0e80fb..6481e2dc58 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -32,6 +32,7 @@ static const ERR_STRING_DATA DSA_str_reasons[] = {
     {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
     {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
     "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_P_NOT_PRIME), "p not prime"},
     {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
     {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
     "seed_len is less than the length of q"},
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 899663353f..8646d01957 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -77,7 +77,7 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
 
     /* Do a partial check for invalid p, q, g */
     if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
-                                         FFC_PARAM_TYPE_DSA))
+                                         FFC_PARAM_TYPE_DSA, NULL))
         goto err;
 
     /*
-- 
cgit v1.2.3