/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
* Just choose an approved safe prime group.
* The alternative to this is to generate FIPS186-4 domain parameters i.e.
* return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb);
- * As the FIPS186-4 generated params are for backwards compatability,
+ * As the FIPS186-4 generated params are for backwards compatibility,
* the safe prime group should be used as the default.
*/
int nid;
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA DSA_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
dctx->nbits, dctx->qbits, dctx->pmd,
&res, pcb);
BN_GENCB_free(pcb);
- if (ret)
+ if (ret > 0)
EVP_PKEY_assign_DSA(pkey, dsa);
else
DSA_free(dsa);
CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
CT_R_UNSUPPORTED_VERSION:103:unsupported version
+DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters
DH_R_BAD_GENERATOR:101:bad generator
DH_R_BN_DECODE_ERROR:109:bn decode error
DH_R_BN_ERROR:106:bn error
DH_R_PEER_KEY_ERROR:111:peer key error
DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
DSA_R_BAD_Q_VALUE:102:bad q value
DSA_R_BN_DECODE_ERROR:108:bn decode error
DSA_R_BN_ERROR:109:bn error
#include <string.h> /* memset */
#include <openssl/sha.h> /* SHA_DIGEST_LENGTH */
#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
#include "crypto/bn.h"
#include "internal/ffc.h"
/* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */
if (L == 2048 && (N == 224 || N == 256))
return 112;
+#ifndef OPENSSL_NO_DH
+ DHerr(0, DH_R_BAD_FFC_PARAMETERS);
+#endif
} else if (type == FFC_PARAM_TYPE_DSA) {
/* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */
if (L == 1024 && N == 160)
return 112;
if (L == 3072 && N == 256)
return 128;
+#ifndef OPENSSL_NO_DSA
+ DSAerr(0, DSA_R_BAD_FFC_PARAMETERS);
+#endif
}
return 0;
}
/*
* DH reason codes.
*/
+# define DH_R_BAD_FFC_PARAMETERS 127
# define DH_R_BAD_GENERATOR 101
# define DH_R_BN_DECODE_ERROR 109
# define DH_R_BN_ERROR 106
/*
* DSA reason codes.
*/
+# define DSA_R_BAD_FFC_PARAMETERS 114
# define DSA_R_BAD_Q_VALUE 102
# define DSA_R_BN_DECODE_ERROR 108
# define DSA_R_BN_ERROR 109