git.openssl.org Git - openssl.git/commit

author	Shane Lontis <shane.lontis@oracle.com>
	Thu, 9 Jul 2020 03:43:10 +0000 (13:43 +1000)
committer	Shane Lontis <shane.lontis@oracle.com>
	Thu, 9 Jul 2020 03:43:10 +0000 (13:43 +1000)
commit	63794b048cbe46ac9abb883df4dd703f522e4643
tree	62a0882fc7e5be0e4579440468fb412684636bad	tree \| snapshot
parent	eae4a008341149783b540198470f04f85b22730e	commit \| diff

Add multiple fixes for ffc key generation using invalid p,q,g parameters.

Fixes #11864

- The dsa keygen assumed valid p, q, g values were being passed. If this is not correct then it is
  possible that dsa keygen can either hang or segfault.
  The fix was to do a partial validation of p, q, and g inside the keygen.
- Fixed a potential double free in the dsa keypair test in the case when in failed (It should never fail!).
  It freed internal object members without setting them to NULL.
- Changed the FFC key validation to accept 1024 bit keys in non fips mode.
- Added tests that use both the default provider & fips provider to test these cases.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12176)

crypto/dh/dh_key.c		diff \| blob \| history
crypto/dsa/dsa_key.c		diff \| blob \| history
crypto/ffc/ffc_params_generate.c		diff \| blob \| history
crypto/ffc/ffc_params_validate.c		diff \| blob \| history
include/internal/ffc.h		diff \| blob \| history
test/build.info		diff \| blob \| history
test/evp_libctx_test.c	[new file with mode: 0644]	blob
test/ffc_internal_test.c		diff \| blob \| history
test/recipes/30-test_evp_libctx.t	[new file with mode: 0644]	blob