Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12062)
2025-03-19 19:50:42 +08:00 · 2020-06-05 21:27:34 +02:00 · 2020-06-05 21:27:34 +02:00 · 8da42c8b26
commit 8da42c8b26
parent 498e807ed2
8 changed files with 19 additions and 4 deletions
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@ -1,6 +1,6 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -14,6 +14,7 @@
 #ifndef OPENSSL_NO_ERR

 static const ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@ -68,7 +68,7 @@ int dh_get_named_group_uid_from_size(int pbits)
     * Just choose an approved safe prime group.
     * The alternative to this is to generate FIPS186-4 domain parameters i.e.
     * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb);
-     * As the FIPS186-4 generated params are for backwards compatability,
+     * As the FIPS186-4 generated params are for backwards compatibility,
     * the safe prime group should be used as the default.
     */
    int nid;
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@ -1,6 +1,6 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -14,6 +14,7 @@
 #ifndef OPENSSL_NO_ERR

 static const ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@ -221,7 +221,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
                                        dctx->nbits, dctx->qbits, dctx->pmd,
                                        &res, pcb);
    BN_GENCB_free(pcb);
-    if (ret)
+    if (ret > 0)
        EVP_PKEY_assign_DSA(pkey, dsa);
    else
        DSA_free(dsa);
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@ -2341,6 +2341,7 @@ CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version
 CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
 CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
 CT_R_UNSUPPORTED_VERSION:103:unsupported version
+DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters
 DH_R_BAD_GENERATOR:101:bad generator
 DH_R_BN_DECODE_ERROR:109:bn decode error
 DH_R_BN_ERROR:106:bn error
@ -2368,6 +2369,7 @@ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
 DH_R_PEER_KEY_ERROR:111:peer key error
 DH_R_SHARED_INFO_ERROR:113:shared info error
 DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
 DSA_R_BAD_Q_VALUE:102:bad q value
 DSA_R_BN_DECODE_ERROR:108:bn decode error
 DSA_R_BN_ERROR:109:bn error
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@ -27,6 +27,9 @@
 #include <string.h> /* memset */
 #include <openssl/sha.h> /* SHA_DIGEST_LENGTH */
 #include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
 #include "crypto/bn.h"
 #include "internal/ffc.h"

@ -40,6 +43,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
        /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */
        if (L == 2048 && (N == 224 || N == 256))
            return 112;
+#ifndef OPENSSL_NO_DH
+        DHerr(0, DH_R_BAD_FFC_PARAMETERS);
+#endif
    } else if (type == FFC_PARAM_TYPE_DSA) {
        /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */
        if (L == 1024 && N == 160)
@ -48,6 +54,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
            return 112;
        if (L == 3072 && N == 256)
            return 128;
+#ifndef OPENSSL_NO_DSA
+        DSAerr(0, DSA_R_BAD_FFC_PARAMETERS);
+#endif
    }
    return 0;
 }
--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
@ -62,6 +62,7 @@ int ERR_load_DH_strings(void);
 /*
 * DH reason codes.
 */
+#  define DH_R_BAD_FFC_PARAMETERS                          127
 #  define DH_R_BAD_GENERATOR                               101
 #  define DH_R_BN_DECODE_ERROR                             109
 #  define DH_R_BN_ERROR                                    106
--- a/include/openssl/dsaerr.h
+++ b/include/openssl/dsaerr.h
@ -57,6 +57,7 @@ int ERR_load_DSA_strings(void);
 /*
 * DSA reason codes.
 */
+#  define DSA_R_BAD_FFC_PARAMETERS                         114
 #  define DSA_R_BAD_Q_VALUE                                102
 #  define DSA_R_BN_DECODE_ERROR                            108
 #  define DSA_R_BN_ERROR                                   109