openssl/providers
Neil Horman 5056133cc7 Avoid setting gen_type to -1 in dsa_gen_set_params
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
        do_stuff
else {
        do_other_stuff
}

Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.

Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value

In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
2023-12-14 11:17:48 +01:00
..
common rand: add callbacks to cleanup the user entropy resp. nonce 2023-10-20 09:48:34 +01:00
fips Copyright year updates 2023-09-28 14:23:29 +01:00
implementations Avoid setting gen_type to -1 in dsa_gen_set_params 2023-12-14 11:17:48 +01:00
baseprov.c fips: use seed source requested 2023-09-27 17:23:04 +01:00
build.info Add VERSIONINFO resource to legacy provider if it is not builtin 2022-06-02 11:09:10 -04:00
decoders.inc Copyright year updates 2023-09-07 09:59:15 +01:00
defltprov.c Copyright year updates 2023-09-07 09:59:15 +01:00
encoders.inc Copyright year updates 2023-09-07 09:59:15 +01:00
fips-sources.checksums make update 2023-09-28 14:24:31 +01:00
fips.checksum make update 2023-09-28 14:24:31 +01:00
fips.module.sources make update 2023-09-07 10:00:21 +01:00
legacyprov.c Copyright year updates 2023-09-07 09:59:15 +01:00
nullprov.c Copyright year updates 2023-09-07 09:59:15 +01:00
prov_running.c
stores.inc Add support for loading root CAs from Windows crypto API 2022-09-14 14:10:18 +01:00