Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize), return an error. (Imported from upstream's 1d7df236dcb4f7c95707110753e5e77b19b9a0aa and df1565ed9cebb6933ee7c6e762abcfefd1cd3846.) This switches the trigger for random seed from seed_len = 0 to seed_in = NULL. Change-Id: I2e07abed754c57ef9d96b02a52ba6d260c3f5fb9 Reviewed-on: https://boringssl-review.googlesource.com/5781 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
ee0b02a10d
commit
8d100366e5
@ -487,16 +487,14 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in,
|
|||||||
|
|
||||||
bits = (bits + 63) / 64 * 64;
|
bits = (bits + 63) / 64 * 64;
|
||||||
|
|
||||||
/* NB: seed_len == 0 is special case: copy generated seed to
|
|
||||||
* seed_in if it is not NULL. */
|
|
||||||
if (seed_len && (seed_len < (size_t)qsize)) {
|
|
||||||
seed_in = NULL; /* seed buffer too small -- ignore */
|
|
||||||
}
|
|
||||||
if (seed_len > (size_t)qsize) {
|
|
||||||
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
|
|
||||||
* but our internal buffers are restricted to 160 bits*/
|
|
||||||
}
|
|
||||||
if (seed_in != NULL) {
|
if (seed_in != NULL) {
|
||||||
|
if (seed_len < (size_t)qsize) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (seed_len > (size_t)qsize) {
|
||||||
|
/* Only consume as much seed as is expected. */
|
||||||
|
seed_len = qsize;
|
||||||
|
}
|
||||||
memcpy(seed, seed_in, seed_len);
|
memcpy(seed, seed_in, seed_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -527,21 +525,19 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in,
|
|||||||
for (;;) {
|
for (;;) {
|
||||||
/* Find q. */
|
/* Find q. */
|
||||||
for (;;) {
|
for (;;) {
|
||||||
int seed_is_random;
|
|
||||||
|
|
||||||
/* step 1 */
|
/* step 1 */
|
||||||
if (!BN_GENCB_call(cb, 0, m++)) {
|
if (!BN_GENCB_call(cb, 0, m++)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!seed_len) {
|
int use_random_seed = (seed_in == NULL);
|
||||||
|
if (use_random_seed) {
|
||||||
if (!RAND_bytes(seed, qsize)) {
|
if (!RAND_bytes(seed, qsize)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
seed_is_random = 1;
|
|
||||||
} else {
|
} else {
|
||||||
seed_is_random = 0;
|
/* If we come back through, use random seed next time. */
|
||||||
seed_len = 0; /* use random seed if 'seed_in' turns out to be bad*/
|
seed_in = NULL;
|
||||||
}
|
}
|
||||||
memcpy(buf, seed, qsize);
|
memcpy(buf, seed, qsize);
|
||||||
memcpy(buf2, seed, qsize);
|
memcpy(buf2, seed, qsize);
|
||||||
@ -570,7 +566,7 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* step 4 */
|
/* step 4 */
|
||||||
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb);
|
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb);
|
||||||
if (r > 0) {
|
if (r > 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user