The branch master has been updated via 12e055991e9d755c8a395f60abf97783795be626 (commit) via aa5098021be2df0fd33bd5e8b1325c49dc519433 (commit) from c96670e59a702de71d572958ff60fda5f78637c2 (commit)
- Log ----------------------------------------------------------------- commit 12e055991e9d755c8a395f60abf97783795be626 Author: Tomas Mraz <to...@openssl.org> Date: Tue Aug 10 09:18:19 2021 +0200 dsatest: Properly detect failure in generate/sign/verify Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> Reviewed-by: Shane Lontis <shane.lon...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16268) commit aa5098021be2df0fd33bd5e8b1325c49dc519433 Author: Tomas Mraz <to...@openssl.org> Date: Mon Aug 9 10:42:46 2021 +0200 Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen Fixes #16261 Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> Reviewed-by: Shane Lontis <shane.lon...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16268) ----------------------------------------------------------------------- Summary of changes: crypto/ffc/ffc_params_generate.c | 10 +++++++--- test/dsatest.c | 8 +++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 36b5a873a7..f0601e1644 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, int *res, BN_GENCB *cb) { - return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); + if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb)) + return 0; + + ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); + return 1; } diff --git a/test/dsatest.c b/test/dsatest.c index 533fba1cbc..2d34ca4261 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -108,9 +108,11 @@ static int dsa_test(void) if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; - DSA_generate_key(dsa); - DSA_sign(0, str1, 20, sig, &siglen, dsa); - if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) + if (!TEST_true(DSA_generate_key(dsa))) + goto end; + if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) + goto end; + if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) ret = 1; end: