Commit ffc2b637 authored by David von Oheimb's avatar David von Oheimb Committed by Nicola Tuveri
Browse files

make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9466)

(cherry picked from commit 7408f6759f1b0100438ca236ea8f549454aaf2d5)
parent 74f4cc02

crypto/dsa/dsa_err.c

+2 −0
Original line number Diff line number Diff line
@@ -52,6 +52,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = { 
    "invalid digest type"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),

    "missing private key"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},

    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),

crypto/dsa/dsa_ossl.c

+8 −0
Original line number Diff line number Diff line
@@ -72,6 +72,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 
        reason = DSA_R_MISSING_PARAMETERS;

        goto err;

    }

    if (dsa->priv_key == NULL) {

        reason = DSA_R_MISSING_PRIVATE_KEY;

        goto err;

    }



    ret = DSA_SIG_new();

    if (ret == NULL)
@@ -195,6 +199,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, 
        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);

        return 0;

    }

    if (dsa->priv_key == NULL) {

        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY);

        return 0;

    }



    k = BN_new();

    l = BN_new();

crypto/ec/ecdh_ossl.c

+1 −1
Original line number Diff line number Diff line
@@ -58,7 +58,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, 


    priv_key = EC_KEY_get0_private_key(ecdh);

    if (priv_key == NULL) {

        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE);

        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY);

        goto err;

    }

crypto/ec/ecdsa_ossl.c

+11 −3
Original line number Diff line number Diff line
@@ -41,11 +41,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, 
    const EC_GROUP *group;

    int ret = 0;

    int order_bits;

    const BIGNUM *priv_key;



    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {

        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);

        return 0;

    }

    if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) {

        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY);

        return 0;

    }



    if (!EC_KEY_can_sign(eckey)) {

        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
@@ -83,8 +88,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, 
        /* get random k */

        do {

            if (dgst != NULL) {

                if (!BN_generate_dsa_nonce(k, order,

                                           EC_KEY_get0_private_key(eckey),

                if (!BN_generate_dsa_nonce(k, order, priv_key,

                                           dgst, dlen, ctx)) {

                    ECerr(EC_F_ECDSA_SIGN_SETUP,

                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
@@ -162,10 +166,14 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, 
    group = EC_KEY_get0_group(eckey);

    priv_key = EC_KEY_get0_private_key(eckey);



    if (group == NULL || priv_key == NULL) {

    if (group == NULL) {

        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);

        return NULL;

    }

    if (priv_key == NULL) {

        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);

        return NULL;

    }



    if (!EC_KEY_can_sign(eckey)) {

        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);

crypto/err/openssl.txt

+2 −0
Original line number Diff line number Diff line
@@ -2101,6 +2101,7 @@ DSA_R_DECODE_ERROR:104:decode error 
DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type

DSA_R_INVALID_PARAMETERS:112:invalid parameters

DSA_R_MISSING_PARAMETERS:101:missing parameters

DSA_R_MISSING_PRIVATE_KEY:111:missing private key

DSA_R_MODULUS_TOO_LARGE:103:modulus too large

DSA_R_NO_PARAMETERS_SET:107:no parameters set

DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
@@ -2536,6 +2537,7 @@ RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid 
RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small

RSA_R_LAST_OCTET_INVALID:134:last octet invalid

RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed

RSA_R_MISSING_PRIVATE_KEY:179:missing private key

RSA_R_MODULUS_TOO_LARGE:105:modulus too large

RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r

RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d