The check was missing in DH_check and DH_check_params.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9796)
DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+ if ((errflags & DH_MODULUS_TOO_SMALL) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_SMALL);
+ if ((errflags & DH_MODULUS_TOO_LARGE) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_LARGE);
return errflags == 0;
}
goto err;
if (BN_cmp(dh->g, tmp) >= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
+ if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS)
+ *ret |= DH_MODULUS_TOO_SMALL;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ *ret |= DH_MODULUS_TOO_LARGE;
ok = 1;
err:
DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+ if ((errflags & DH_MODULUS_TOO_SMALL) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_SMALL);
+ if ((errflags & DH_MODULUS_TOO_LARGE) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE);
return errflags == 0;
}
Note that the lack of this bit doesn't guarantee that B<g> is
suitable, unless B<p> is known to be a strong prime.
+=item DH_MODULUS_TOO_SMALL
+
+The modulus is too small.
+
+=item DH_MODULUS_TOO_LARGE
+
+The modulus is too large.
+
=back
DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# define DH_CHECK_Q_NOT_PRIME 0x10
# define DH_CHECK_INVALID_Q_VALUE 0x20
# define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_MODULUS_TOO_SMALL 0x80
+# define DH_MODULUS_TOO_LARGE 0x100
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
|| !TEST_true(DH_set0_pqg(dh, p, q, g)))
goto err1;
+ /* check fails, because p is way too small */
if (!DH_check(dh, &i))
goto err2;
+ i ^= DH_MODULUS_TOO_SMALL;
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
- || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
- || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
|| !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
|| !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
+ || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
+ || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
+ || !TEST_false(i & DH_MODULUS_TOO_SMALL)
+ || !TEST_false(i & DH_MODULUS_TOO_LARGE)
|| !TEST_false(i))
goto err2;
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|| !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
|| !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
+ || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
+ || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
+ || !TEST_false(i & DH_MODULUS_TOO_SMALL)
+ || !TEST_false(i & DH_MODULUS_TOO_LARGE)
|| !TEST_false(i))
goto err3;
projects / oweals / openssl.git / commitdiff