diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-08-18 02:36:23 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-08-18 02:36:23 +0000 |
commit | 7016b1952eb095be9ffff2e2d5876ab8418ff7ed (patch) | |
tree | 385f4b47b51f653df7f8e9b838fe36f3dc076c52 | |
parent | ff3e014820f5483584f03ecf7c7607b5814b863f (diff) | |
download | openssl-new-7016b1952eb095be9ffff2e2d5876ab8418ff7ed.tar.gz |
Don't generate DSA keys with key size too small.
-rw-r--r-- | crypto/dsa/dsa.h | 1 | ||||
-rw-r--r-- | crypto/dsa/dsa_err.c | 1 | ||||
-rw-r--r-- | fips/dsa/fips_dsa_key.c | 6 |
3 files changed, 8 insertions, 0 deletions
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index ebf8cd37f7..702c50d6dc 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -292,6 +292,7 @@ void ERR_load_DSA_strings(void); #define DSA_F_D2I_DSA_SIG 110 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_BUILTIN_KEYGEN 119 #define DSA_F_DSA_BUILTIN_PARAMGEN 118 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index aa11046c0a..872839af94 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -73,6 +73,7 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, diff --git a/fips/dsa/fips_dsa_key.c b/fips/dsa/fips_dsa_key.c index b43b0c181e..1594dcbe63 100644 --- a/fips/dsa/fips_dsa_key.c +++ b/fips/dsa/fips_dsa_key.c @@ -101,6 +101,12 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; + if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) + { + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } + if ((ctx=BN_CTX_new()) == NULL) goto err; if (dsa->priv_key == NULL) |