[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed Aug 11 10:07:39 UTC 2021 

The branch master has been updated
       via  12e055991e9d755c8a395f60abf97783795be626 (commit)
       via  aa5098021be2df0fd33bd5e8b1325c49dc519433 (commit)
      from  c96670e59a702de71d572958ff60fda5f78637c2 (commit)


- Log -----------------------------------------------------------------
commit 12e055991e9d755c8a395f60abf97783795be626
Author: Tomas Mraz <tomas at openssl.org>
Date:   Tue Aug 10 09:18:19 2021 +0200

    dsatest: Properly detect failure in generate/sign/verify
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/16268)

commit aa5098021be2df0fd33bd5e8b1325c49dc519433
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Aug 9 10:42:46 2021 +0200

    Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen
    
    Fixes #16261
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/16268)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ffc/ffc_params_generate.c | 10 +++++++---
 test/dsatest.c                   |  8 +++++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 36b5a873a7..f0601e1644 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params,
                                        int type, size_t L, size_t N,
                                        int *res, BN_GENCB *cb)
 {
-    return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
-                                                FFC_PARAM_MODE_GENERATE,
-                                                type, L, N, res, cb);
+    if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
+                                              FFC_PARAM_MODE_GENERATE,
+                                              type, L, N, res, cb))
+        return 0;
+
+    ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1);
+    return 1;
 }
diff --git a/test/dsatest.c b/test/dsatest.c
index 533fba1cbc..2d34ca4261 100644
--- a/test/dsatest.c
+++ b/test/dsatest.c
@@ -108,9 +108,11 @@ static int dsa_test(void)
     if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
         goto end;
 
-    DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
+    if (!TEST_true(DSA_generate_key(dsa)))
+        goto end;
+    if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
+        goto end;
+    if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
         ret = 1;
 
  end:

More information about the openssl-commits mailing list