[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Mon Nov 14 14:42:09 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 83b90e40d312ef9f189990293e253b3c1e7e92a1 (commit)
from c028052c4cfc39dc99f735f1743b18867547129f (commit)
- Log -----------------------------------------------------------------
commit 83b90e40d312ef9f189990293e253b3c1e7e92a1
Author: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Date: Mon Oct 3 17:54:06 2016 +0200
dsa/dsa_gen: add error message for seed_len < 0
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
(cherry picked from commit af5474126546b558b0e6f8be4bec4b70977e24b7)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_err.c | 4 +++-
crypto/dsa/dsa_gen.c | 4 +++-
include/openssl/dsa.h | 1 +
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 6de49ee..b8f0af4 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -21,7 +21,7 @@
static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
- {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
@@ -56,6 +56,8 @@ static ERR_STRING_DATA DSA_str_reasons[] = {
{ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
{ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
+ {ERR_REASON(DSA_R_SEED_LEN_SMALL),
+ "seed_len is less than the length of q"},
{0, NULL}
};
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 11f422e..3efeab8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -74,8 +74,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
bits = (bits + 63) / 64 * 64;
if (seed_in != NULL) {
- if (seed_len < (size_t)qsize)
+ if (seed_len < (size_t)qsize) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
return 0;
+ }
if (seed_len > (size_t)qsize) {
/* Only consume as much seed as is expected. */
seed_len = qsize;
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index cb5fbc2..139718e 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -274,6 +274,7 @@ int ERR_load_DSA_strings(void);
# define DSA_R_NO_PARAMETERS_SET 107
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
+# define DSA_R_SEED_LEN_SMALL 110
# ifdef __cplusplus
}
More information about the openssl-commits
mailing list