Ruby Support - DSA custom md/qbits

justsmth · Oct 28, 2024 · dc3e124 · dc3e124
1 parent b77a698
commit dc3e124
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
@@ -232,6 +232,15 @@ int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
 int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
                                size_t seed_len, int *out_counter,
                                unsigned long *out_h, BN_GENCB *cb) {
+  const EVP_MD *evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1();
+  const size_t qsize = EVP_MD_size(evpmd);
+  return dsa_internal_paramgen(dsa, bits, qsize, evpmd, seed_in, seed_len, out_counter, out_h, cb);
+}
+
+int dsa_internal_paramgen(DSA *dsa, size_t bits, size_t qsize,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, int *out_counter, unsigned long *out_h, BN_GENCB *cb)
+{
   int ok = 0;
   unsigned char seed[SHA256_DIGEST_LENGTH];
   unsigned char md[SHA256_DIGEST_LENGTH];
@@ -244,10 +253,11 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
   int r = 0;
   BN_CTX *ctx = NULL;
   unsigned int h = 2;
-  const EVP_MD *evpmd;
 
-  evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1();
-  size_t qsize = EVP_MD_size(evpmd);
+  if(qsize != EVP_MD_size(evpmd)) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS);
+    return 0;
+  }
 
   if (bits < 512) {
     bits = 512;

diff --git a/crypto/dsa/internal.h b/crypto/dsa/internal.h
@@ -44,6 +44,9 @@ struct dsa_st {
 // DoS bounds. It returns one on success and zero on error.
 int dsa_check_key(const DSA *dsa);
 
+int dsa_internal_paramgen(DSA *dsa, size_t bits, size_t qsize,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, int *out_counter, unsigned long *out_h, BN_GENCB *cb);
 
 #if defined(__cplusplus)
 }  // extern C