diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-02-10 18:44:00 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-02-18 11:02:26 +0100 |
| commit | ba37b82045b1b2fbcbf7580b317de5e3b52c8035 (patch) | |
| tree | 96e779b80c7c34adf8913f02bcc557cff6661042 /crypto/dh | |
| parent | ebcaf110b250cd55281500fa1debef806ab490f0 (diff) | |
| download | openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.zip openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.tar.gz openssl-ba37b82045b1b2fbcbf7580b317de5e3b52c8035.tar.bz2 | |
dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.
Fixes #13950
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
Diffstat (limited to 'crypto/dh')
| -rw-r--r-- | crypto/dh/dh_key.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index be94045..f8cbbd5 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -328,7 +328,7 @@ static int generate_key(DH *dh) { /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH)) + FFC_PARAM_TYPE_DH, NULL)) goto err; /* * For FFC FIPS 186-4 keygen |