From 8da42c8b26393f56acc4f301b95f925eb8902442 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 5 Jun 2020 21:27:34 +0200 Subject: [PATCH] Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12062) --- crypto/dh/dh_err.c | 3 ++- crypto/dh/dh_gen.c | 2 +- crypto/dsa/dsa_err.c | 3 ++- crypto/dsa/dsa_pmeth.c | 2 +- crypto/err/openssl.txt | 2 ++ crypto/ffc/ffc_params_generate.c | 9 +++++++++ include/openssl/dherr.h | 1 + include/openssl/dsaerr.h | 1 + 8 files changed, 19 insertions(+), 4 deletions(-) diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index e5eb32381d..a8243ec987 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 327f6ff610..8c1518ad9b 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -68,7 +68,7 @@ int dh_get_named_group_uid_from_size(int pbits) * Just choose an approved safe prime group. * The alternative to this is to generate FIPS186-4 domain parameters i.e. * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb); - * As the FIPS186-4 generated params are for backwards compatability, + * As the FIPS186-4 generated params are for backwards compatibility, * the safe prime group should be used as the default. */ int nid; diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index f4d187e4b9..6bf7accacf 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 750d0168fa..7f7f57f6d3 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -221,7 +221,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dctx->nbits, dctx->qbits, dctx->pmd, &res, pcb); BN_GENCB_free(pcb); - if (ret) + if (ret > 0) EVP_PKEY_assign_DSA(pkey, dsa); else DSA_free(dsa); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8afc67e747..9b252e3827 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2341,6 +2341,7 @@ CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type CT_R_UNSUPPORTED_VERSION:103:unsupported version +DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters DH_R_BAD_GENERATOR:101:bad generator DH_R_BN_DECODE_ERROR:109:bn decode error DH_R_BN_ERROR:106:bn error @@ -2368,6 +2369,7 @@ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error DH_R_PEER_KEY_ERROR:111:peer key error DH_R_SHARED_INFO_ERROR:113:shared info error DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator +DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters DSA_R_BAD_Q_VALUE:102:bad q value DSA_R_BN_DECODE_ERROR:108:bn decode error DSA_R_BN_ERROR:109:bn error diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 1d8d80c9b4..624c24dd21 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -27,6 +27,9 @@ #include /* memset */ #include /* SHA_DIGEST_LENGTH */ #include +#include +#include +#include #include "crypto/bn.h" #include "internal/ffc.h" @@ -40,6 +43,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) return 112; +#ifndef OPENSSL_NO_DH + DHerr(0, DH_R_BAD_FFC_PARAMETERS); +#endif } else if (type == FFC_PARAM_TYPE_DSA) { /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ if (L == 1024 && N == 160) @@ -48,6 +54,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) return 112; if (L == 3072 && N == 256) return 128; +#ifndef OPENSSL_NO_DSA + DSAerr(0, DSA_R_BAD_FFC_PARAMETERS); +#endif } return 0; } diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index 0ebe560545..1b8fb17172 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -62,6 +62,7 @@ int ERR_load_DH_strings(void); /* * DH reason codes. */ +# define DH_R_BAD_FFC_PARAMETERS 127 # define DH_R_BAD_GENERATOR 101 # define DH_R_BN_DECODE_ERROR 109 # define DH_R_BN_ERROR 106 diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index e2cf3098d5..271f24a2b5 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -57,6 +57,7 @@ int ERR_load_DSA_strings(void); /* * DSA reason codes. */ +# define DSA_R_BAD_FFC_PARAMETERS 114 # define DSA_R_BAD_Q_VALUE 102 # define DSA_R_BN_DECODE_ERROR 108 # define DSA_R_BN_ERROR 109 -- 2.25.1