[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Mon Nov 14 14:42:09 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  83b90e40d312ef9f189990293e253b3c1e7e92a1 (commit)
      from  c028052c4cfc39dc99f735f1743b18867547129f (commit)


- Log -----------------------------------------------------------------
commit 83b90e40d312ef9f189990293e253b3c1e7e92a1
Author: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Date:   Mon Oct 3 17:54:06 2016 +0200

    dsa/dsa_gen: add error message for seed_len < 0
    
    prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
    then ignored. Now DSA_generate_parameters_ex() returns an error in such
    a case but no error string.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1657)
    (cherry picked from commit af5474126546b558b0e6f8be4bec4b70977e24b7)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_err.c  | 4 +++-
 crypto/dsa/dsa_gen.c  | 4 +++-
 include/openssl/dsa.h | 1 +
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 6de49ee..b8f0af4 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -21,7 +21,7 @@
 static ERR_STRING_DATA DSA_str_functs[] = {
     {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
     {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
     {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
     {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
     {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
@@ -56,6 +56,8 @@ static ERR_STRING_DATA DSA_str_reasons[] = {
     {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
     {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
     {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_REASON(DSA_R_SEED_LEN_SMALL),
+     "seed_len is less than the length of q"},
     {0, NULL}
 };
 
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 11f422e..3efeab8 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -74,8 +74,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     bits = (bits + 63) / 64 * 64;
 
     if (seed_in != NULL) {
-        if (seed_len < (size_t)qsize)
+        if (seed_len < (size_t)qsize) {
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
             return 0;
+        }
         if (seed_len > (size_t)qsize) {
             /* Only consume as much seed as is expected. */
             seed_len = qsize;
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index cb5fbc2..139718e 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -274,6 +274,7 @@ int ERR_load_DSA_strings(void);
 # define DSA_R_NO_PARAMETERS_SET                          107
 # define DSA_R_PARAMETER_ENCODING_ERROR                   105
 # define DSA_R_Q_NOT_PRIME                                113
+# define DSA_R_SEED_LEN_SMALL                             110
 
 #  ifdef  __cplusplus
 }


More information about the openssl-commits mailing list