mirror of
https://github.com/openssl/openssl.git
synced 2024-12-27 06:21:43 +08:00
3a4e09ab42
Fixes #20268 Values such as q=1 or priv=0 caused infinite loops when calling DSA_sign() without these changes. There are other cases where bad domain parameters may have caused infinite loops where the retry counter has been added. The simpler case of priv=0 also hits this case. q=1 caused an infinite loop in the setup. The max retry value has been set to an arbitrary value of 8 (it is unlikely to ever do a single retry for valid values). The minimum q bits was set to an arbitrary value of 128 (160 is still used for legacy reasons when using 512 bit keys). Thanks @guidovranken for detecting this, and @davidben for his insightful analysis. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20384)
31 lines
671 B
C
31 lines
671 B
C
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_CRYPTO_DSAERR_H
|
|
# define OSSL_CRYPTO_DSAERR_H
|
|
# pragma once
|
|
|
|
# include <openssl/opensslconf.h>
|
|
# include <openssl/symhacks.h>
|
|
|
|
# ifdef __cplusplus
|
|
extern "C" {
|
|
# endif
|
|
|
|
# ifndef OPENSSL_NO_DSA
|
|
|
|
int ossl_err_load_DSA_strings(void);
|
|
# endif
|
|
|
|
# ifdef __cplusplus
|
|
}
|
|
# endif
|
|
#endif
|