From 7016b1952eb095be9ffff2e2d5876ab8418ff7ed Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 18 Aug 2007 02:36:23 +0000 Subject: [PATCH] Don't generate DSA keys with key size too small. --- crypto/dsa/dsa.h | 1 + crypto/dsa/dsa_err.c | 1 + fips/dsa/fips_dsa_key.c | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index ebf8cd37f7..702c50d6dc 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -292,6 +292,7 @@ void ERR_load_DSA_strings(void); #define DSA_F_D2I_DSA_SIG 110 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_BUILTIN_KEYGEN 119 #define DSA_F_DSA_BUILTIN_PARAMGEN 118 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index aa11046c0a..872839af94 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -73,6 +73,7 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, diff --git a/fips/dsa/fips_dsa_key.c b/fips/dsa/fips_dsa_key.c index b43b0c181e..1594dcbe63 100644 --- a/fips/dsa/fips_dsa_key.c +++ b/fips/dsa/fips_dsa_key.c @@ -101,6 +101,12 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; + if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) + { + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } + if ((ctx=BN_CTX_new()) == NULL) goto err; if (dsa->priv_key == NULL) -- 2.25.1