mirror of
https://github.com/openssl/openssl.git
synced 2025-01-12 13:36:28 +08:00
3a4e09ab42
Fixes #20268 Values such as q=1 or priv=0 caused infinite loops when calling DSA_sign() without these changes. There are other cases where bad domain parameters may have caused infinite loops where the retry counter has been added. The simpler case of priv=0 also hits this case. q=1 caused an infinite loop in the setup. The max retry value has been set to an arbitrary value of 8 (it is unlikely to ever do a single retry for valid values). The minimum q bits was set to an arbitrary value of 128 (160 is still used for legacy reasons when using 512 bit keys). Thanks @guidovranken for detecting this, and @davidben for his insightful analysis. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20384)
56 lines
2.0 KiB
C
56 lines
2.0 KiB
C
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/err.h>
|
|
#include <openssl/dsaerr.h>
|
|
#include "crypto/dsaerr.h"
|
|
|
|
#ifndef OPENSSL_NO_DSA
|
|
|
|
# ifndef OPENSSL_NO_ERR
|
|
|
|
static const ERR_STRING_DATA DSA_str_reasons[] = {
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
|
|
"invalid digest type"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
|
|
"missing private key"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
|
|
"parameter encoding error"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_P_NOT_PRIME), "p not prime"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
|
|
"seed_len is less than the length of q"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_TOO_MANY_RETRIES), "too many retries"},
|
|
{0, NULL}
|
|
};
|
|
|
|
# endif
|
|
|
|
int ossl_err_load_DSA_strings(void)
|
|
{
|
|
# ifndef OPENSSL_NO_ERR
|
|
if (ERR_reason_error_string(DSA_str_reasons[0].error) == NULL)
|
|
ERR_load_strings_const(DSA_str_reasons);
|
|
# endif
|
|
return 1;
|
|
}
|
|
#else
|
|
NON_EMPTY_TRANSLATION_UNIT
|
|
#endif
|