QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-04 21:49:38 +00:00
Code Issues Projects Releases Wiki Activity

Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12062)
This commit is contained in:
Dr. David von Oheimb 2020-06-05 21:27:34 +02:00
parent 498e807ed2
commit 8da42c8b26
8 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/dh/dh_err.c
View File

@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -14,6 +14,7 @@
#ifndef OPENSSL_NO_ERR #ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA DH_str_reasons[] = { static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},

2
crypto/dh/dh_gen.c
View File

@ -68,7 +68,7 @@ int dh_get_named_group_uid_from_size(int pbits)
* Just choose an approved safe prime group. * Just choose an approved safe prime group.
* The alternative to this is to generate FIPS186-4 domain parameters i.e. * The alternative to this is to generate FIPS186-4 domain parameters i.e.
* return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb); * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb);
* As the FIPS186-4 generated params are for backwards compatability, * As the FIPS186-4 generated params are for backwards compatibility,
* the safe prime group should be used as the default. * the safe prime group should be used as the default.
*/ */
int nid; int nid;

3
crypto/dsa/dsa_err.c
View File

@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -14,6 +14,7 @@
#ifndef OPENSSL_NO_ERR #ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA DSA_str_reasons[] = { static const ERR_STRING_DATA DSA_str_reasons[] = {
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},

2
crypto/dsa/dsa_pmeth.c
View File

@ -221,7 +221,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
dctx->nbits, dctx->qbits, dctx->pmd, dctx->nbits, dctx->qbits, dctx->pmd,
&res, pcb); &res, pcb);
BN_GENCB_free(pcb); BN_GENCB_free(pcb);
if (ret) if (ret > 0)
EVP_PKEY_assign_DSA(pkey, dsa); EVP_PKEY_assign_DSA(pkey, dsa);
else else
DSA_free(dsa); DSA_free(dsa);

2
crypto/err/openssl.txt
View File

@ -2341,6 +2341,7 @@ CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version
CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
CT_R_UNSUPPORTED_VERSION:103:unsupported version CT_R_UNSUPPORTED_VERSION:103:unsupported version
DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters
DH_R_BAD_GENERATOR:101:bad generator DH_R_BAD_GENERATOR:101:bad generator
DH_R_BN_DECODE_ERROR:109:bn decode error DH_R_BN_DECODE_ERROR:109:bn decode error
DH_R_BN_ERROR:106:bn error DH_R_BN_ERROR:106:bn error
@ -2368,6 +2369,7 @@ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error DH_R_PEER_KEY_ERROR:111:peer key error
DH_R_SHARED_INFO_ERROR:113:shared info error DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
DSA_R_BAD_Q_VALUE:102:bad q value DSA_R_BAD_Q_VALUE:102:bad q value
DSA_R_BN_DECODE_ERROR:108:bn decode error DSA_R_BN_DECODE_ERROR:108:bn decode error
DSA_R_BN_ERROR:109:bn error DSA_R_BN_ERROR:109:bn error

9
crypto/ffc/ffc_params_generate.c
View File

@ -27,6 +27,9 @@
#include <string.h> /* memset */ #include <string.h> /* memset */
#include <openssl/sha.h> /* SHA_DIGEST_LENGTH */ #include <openssl/sha.h> /* SHA_DIGEST_LENGTH */
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/dherr.h>
#include <openssl/dsaerr.h>
#include "crypto/bn.h" #include "crypto/bn.h"
#include "internal/ffc.h" #include "internal/ffc.h"
@ -40,6 +43,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
/* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */
if (L == 2048 && (N == 224 || N == 256)) if (L == 2048 && (N == 224 || N == 256))
return 112; return 112;
#ifndef OPENSSL_NO_DH
DHerr(0, DH_R_BAD_FFC_PARAMETERS);
#endif
} else if (type == FFC_PARAM_TYPE_DSA) { } else if (type == FFC_PARAM_TYPE_DSA) {
/* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */
if (L == 1024 && N == 160) if (L == 1024 && N == 160)
@ -48,6 +54,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
return 112; return 112;
if (L == 3072 && N == 256) if (L == 3072 && N == 256)
return 128; return 128;
#ifndef OPENSSL_NO_DSA
DSAerr(0, DSA_R_BAD_FFC_PARAMETERS);
#endif
} }
return 0; return 0;
} }

1
include/openssl/dherr.h
View File

@ -62,6 +62,7 @@ int ERR_load_DH_strings(void);
/* /*
* DH reason codes. * DH reason codes.
*/ */
# define DH_R_BAD_FFC_PARAMETERS 127
# define DH_R_BAD_GENERATOR 101 # define DH_R_BAD_GENERATOR 101
# define DH_R_BN_DECODE_ERROR 109 # define DH_R_BN_DECODE_ERROR 109
# define DH_R_BN_ERROR 106 # define DH_R_BN_ERROR 106

1
include/openssl/dsaerr.h
View File

@ -57,6 +57,7 @@ int ERR_load_DSA_strings(void);
/* /*
* DSA reason codes. * DSA reason codes.
*/ */
# define DSA_R_BAD_FFC_PARAMETERS 114
# define DSA_R_BAD_Q_VALUE 102 # define DSA_R_BAD_Q_VALUE 102
# define DSA_R_BN_DECODE_ERROR 108 # define DSA_R_BN_DECODE_ERROR 108
# define DSA_R_BN_ERROR 109 # define DSA_R_BN_ERROR 109