mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
5056133cc7
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
do_stuff
else {
do_other_stuff
}
Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.
Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value
In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
57 lines
2.3 KiB
C
57 lines
2.3 KiB
C
/*
|
|
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_CRYPTO_DSA_H
|
|
# define OSSL_CRYPTO_DSA_H
|
|
# pragma once
|
|
|
|
# include <openssl/core.h>
|
|
# include <openssl/dsa.h>
|
|
# include "internal/ffc.h"
|
|
|
|
/*
|
|
* DSA Paramgen types
|
|
* Note, adding to this list requires adjustments to various checks
|
|
* in dsa_gen range validation checks
|
|
*/
|
|
#define DSA_PARAMGEN_TYPE_FIPS_186_4 0 /* Use FIPS186-4 standard */
|
|
#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
|
|
#define DSA_PARAMGEN_TYPE_FIPS_DEFAULT 2
|
|
|
|
DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx);
|
|
void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx);
|
|
|
|
int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
|
|
BN_GENCB *cb);
|
|
|
|
int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
|
|
unsigned char *sig, unsigned int *siglen, DSA *dsa,
|
|
unsigned int nonce_type, const char *digestname,
|
|
OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa);
|
|
int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
|
|
int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[],
|
|
int include_private);
|
|
DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
|
|
OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
|
|
const BIGNUM *priv_key, BIGNUM *pub_key);
|
|
int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret);
|
|
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret);
|
|
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
|
|
int *ret);
|
|
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
|
|
int ossl_dsa_check_pairwise(const DSA *dsa);
|
|
int ossl_dsa_is_foreign(const DSA *dsa);
|
|
DSA *ossl_dsa_dup(const DSA *dsa, int selection);
|
|
|
|
#endif
|