mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
59a783d05a
openssl/crypto/ffc/ffc_params_validate.c

188 lines
5.9 KiB
C
Raw Normal View History

Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
/*
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
2021-03-11 21:27:36 +08:00
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Finite Field cryptography (FFC) is used for DSA and DH.
* This file contains methods for validation of FFC parameters.
* It calls the same functions as the generation as the code is very similar.
*/
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsaerr.h>
#include <openssl/dherr.h>
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
#include "internal/ffc.h"
/* FIPS186-4 A.2.2 Unverifiable partial validation of Generator g */
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont,
const BIGNUM *p, const BIGNUM *q,
const BIGNUM *g, BIGNUM *tmp,
int *ret)
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
{
/*
* A.2.2 Step (1) AND
* A.2.4 Step (2)
* Verify that 2 <= g <= (p - 1)
*/
if (BN_cmp(g, BN_value_one()) <= 0 || BN_cmp(g, p) >= 0) {
*ret |= FFC_ERROR_NOT_SUITABLE_GENERATOR;
return 0;
}
/*
* A.2.2 Step (2) AND
* A.2.4 Step (3)
* Check g^q mod p = 1
*/
if (!BN_mod_exp_mont(tmp, g, q, p, ctx, mont))
return 0;
if (BN_cmp(tmp, BN_value_one()) != 0) {
*ret |= FFC_ERROR_NOT_SUITABLE_GENERATOR;
return 0;
}
return 1;
}
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 17:55:50 +08:00
int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx,
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
const FFC_PARAMS *params, int type,
int *res, BN_GENCB *cb)
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
{
size_t L, N;
if (params == NULL || params->p == NULL || params->q == NULL)
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
2020-06-17 09:33:16 +08:00
return FFC_PARAM_RET_STATUS_FAILED;
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
/* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */
L = BN_num_bits(params->p);
N = BN_num_bits(params->q);
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
return ossl_ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params,
FFC_PARAM_MODE_VERIFY, type,
L, N, res, cb);
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
}
/* This may be used in FIPS mode to validate deprecated FIPS-186-2 Params */
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 17:55:50 +08:00
int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx,
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
const FFC_PARAMS *params, int type,
int *res, BN_GENCB *cb)
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
{
size_t L, N;
Fix DSA/DH so that legacy keys can still be generated by the default provider Fixes #12589 The 'type' parameter needed to be propagated to the ffc params during keygen, so that the simple validation of params done during keygen can handle legacy keys for the default provider. The fips provider ignores this change and only allows fips186-4 approved sizes. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12623)
2020-08-11 08:15:28 +08:00
if (params == NULL || params->p == NULL || params->q == NULL) {
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
*res = FFC_CHECK_INVALID_PQ;
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
2020-06-17 09:33:16 +08:00
return FFC_PARAM_RET_STATUS_FAILED;
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
}
/* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */
L = BN_num_bits(params->p);
N = BN_num_bits(params->q);
ffc: add _ossl to exported but internal functions The functions updated are: ffc_generate_private_key, ffc_named_group_from_uid, ffc_named_group_to_uid, ffc_params_FIPS186_2_gen_verify, ffc_params_FIPS186_2_generate, ffc_params_FIPS186_2_validate, ffc_params_FIPS186_4_gen_verify, ffc_params_FIPS186_4_generate, ffc_params_FIPS186_4_validate, ffc_params_cleanup, ffc_params_cmp, ffc_params_copy, ffc_params_enable_flags, ffc_params_flags_from_name, ffc_params_flags_to_name, ffc_params_fromdata, ffc_params_get0_pqg, ffc_params_get_validate_params, ffc_params_init, ffc_params_print, ffc_params_set0_j, ffc_params_set0_pqg, ffc_params_set_flags, ffc_params_set_gindex, ffc_params_set_h, ffc_params_set_pcounter, ffc_params_set_seed, ffc_params_set_validate_params, ffc_params_simple_validate, ffc_params_todata, ffc_params_validate_unverifiable_g, ffc_set_digest, ffc_set_group_pqg, ffc_validate_private_key, ffc_validate_public_key and ffc_validate_public_key_partial. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13041)
2020-09-30 13:07:24 +08:00
return ossl_ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params,
FFC_PARAM_MODE_VERIFY, type,
L, N, res, cb);
Add FFC param/key validation Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
2020-02-16 11:03:46 +08:00
}
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 11:43:10 +08:00
/*
* This does a simple check of L and N and partial g.
* It makes no attempt to do a full validation of p, q or g since these require
* extra parameters such as the digest and seed, which may not be available for
* this test.
*/
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params,
int paramstype, int *res)
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 11:43:10 +08:00
{
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
int ret;
int tmpres = 0;
FFC_PARAMS tmpparams = {0};
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 11:43:10 +08:00
if (params == NULL)
return 0;
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
if (res == NULL)
res = &tmpres;
if (!ossl_ffc_params_copy(&tmpparams, params))
return 0;
tmpparams.flags = FFC_PARAM_FLAG_VALIDATE_G;
tmpparams.gindex = FFC_UNVERIFIABLE_GINDEX;
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 11:43:10 +08:00
Fix DSA/DH so that legacy keys can still be generated by the default provider Fixes #12589 The 'type' parameter needed to be propagated to the ffc params during keygen, so that the simple validation of params done during keygen can handle legacy keys for the default provider. The fips provider ignores this change and only allows fips186-4 approved sizes. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12623)
2020-08-11 08:15:28 +08:00
#ifndef FIPS_MODULE
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY)
ret = ossl_ffc_params_FIPS186_2_validate(libctx, &tmpparams, paramstype,
res, NULL);
Fix DSA/DH so that legacy keys can still be generated by the default provider Fixes #12589 The 'type' parameter needed to be propagated to the ffc params during keygen, so that the simple validation of params done during keygen can handle legacy keys for the default provider. The fips provider ignores this change and only allows fips186-4 approved sizes. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12623)
2020-08-11 08:15:28 +08:00
else
#endif
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
ret = ossl_ffc_params_FIPS186_4_validate(libctx, &tmpparams, paramstype,
res, NULL);
#ifndef OPENSSL_NO_DH
if (ret == FFC_PARAM_RET_STATUS_FAILED
&& (*res & FFC_ERROR_NOT_SUITABLE_GENERATOR) != 0) {
ERR_raise(ERR_LIB_DH, DH_R_NOT_SUITABLE_GENERATOR);
}
#endif
ossl_ffc_params_cleanup(&tmpparams);
Add multiple fixes for ffc key generation using invalid p,q,g parameters. Fixes #11864 - The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is possible that dsa keygen can either hang or segfault. The fix was to do a partial validation of p, q, and g inside the keygen. - Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!). It freed internal object members without setting them to NULL. - Changed the FFC key validation to accept 1024 bit keys in non fips mode. - Added tests that use both the default provider & fips provider to test these cases. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12176)
2020-07-09 11:43:10 +08:00
return ret != FFC_PARAM_RET_STATUS_FAILED;
}
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
/*
* If possible (or always in FIPS_MODULE) do full FIPS 186-4 validation.
* Otherwise do simple check but in addition also check the primality of the
* p and q.
*/
int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params,
int paramstype, int *res)
{
int tmpres = 0;
if (params == NULL)
return 0;
if (res == NULL)
res = &tmpres;
#ifdef FIPS_MODULE
return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype,
res, NULL);
#else
if (params->seed != NULL) {
Fix DSA EVP_PKEY_param_check() when defaults are used for param generation. Fixes #14480 An internal flag that is set during param gen was not being tested, so the wrong type was used to select the dsa domain param validation method. In the default provider - if no gen_type is set then by default the fips186_4 gentype will be selected when pbits >=2048 otherwise it selects fips186_2. The fips provider ignores the gen_type and always uses fips186_4. Before this change dsa used fips186_2 by default in the default provider. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14508)
2021-03-11 11:36:27 +08:00
if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY)
return ossl_ffc_params_FIPS186_2_validate(libctx, params, paramstype,
res, NULL);
else
return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype,
res, NULL);
dsa_check: Perform simple parameter check if seed is not available Added primality check on p and q in the ossl_ffc_params_simple_validate(). Checking for p and q sizes in the default provider is made more lenient. Added two testcases for invalid parameters. Fixes #13950 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-11 01:44:00 +08:00
} else {
int ret = 0;
ret = ossl_ffc_params_simple_validate(libctx, params, paramstype, res);
if (ret) {
BN_CTX *ctx;
if ((ctx = BN_CTX_new_ex(libctx)) == NULL)
return 0;
if (BN_check_prime(params->q, ctx, NULL) != 1) {
# ifndef OPENSSL_NO_DSA
ERR_raise(ERR_LIB_DSA, DSA_R_Q_NOT_PRIME);
# endif
ret = 0;
}
if (ret && BN_check_prime(params->p, ctx, NULL) != 1) {
# ifndef OPENSSL_NO_DSA
ERR_raise(ERR_LIB_DSA, DSA_R_P_NOT_PRIME);
# endif
ret = 0;
}
BN_CTX_free(ctx);
}
return ret;
}
#endif
}
Reference in New Issue Copy Permalink