Commit 7016b195 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Don't generate DSA keys with key size too small.

parent ff3e0148

crypto/dsa/dsa.h

+1 −0
Original line number Diff line number Diff line
@@ -292,6 +292,7 @@ void ERR_load_DSA_strings(void); 
#define DSA_F_D2I_DSA_SIG				 110

#define DSA_F_DSAPARAMS_PRINT				 100

#define DSA_F_DSAPARAMS_PRINT_FP			 101

#define DSA_F_DSA_BUILTIN_KEYGEN			 119

#define DSA_F_DSA_BUILTIN_PARAMGEN			 118

#define DSA_F_DSA_DO_SIGN				 112

#define DSA_F_DSA_DO_VERIFY				 113

crypto/dsa/dsa_err.c

+1 −0
Original line number Diff line number Diff line
@@ -73,6 +73,7 @@ static ERR_STRING_DATA DSA_str_functs[]= 
{ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},

{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},

{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},

{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),	"DSA_BUILTIN_KEYGEN"},

{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},

{ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},

{ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},

fips/dsa/fips_dsa_key.c

+6 −0
Original line number Diff line number Diff line
@@ -101,6 +101,12 @@ static int dsa_builtin_keygen(DSA *dsa) 
	BN_CTX *ctx=NULL;

	BIGNUM *pub_key=NULL,*priv_key=NULL;



	if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);

		goto err;

		}



	if ((ctx=BN_CTX_new()) == NULL) goto err;



	if (dsa->priv_key == NULL)