From d235a005f4fbe15be153e34fa3c8c8184fe4cc7c Mon Sep 17 00:00:00 2001 From: Stefan Budeanu Date: Tue, 10 Nov 2015 11:50:32 -0500 Subject: [PATCH] crypto: DSA parameter validation in FIPS mode FIPS 180-4 requires specific (L,N) values. OpenSSL will crash if an invalid combination is used, so we must check the input sanity first. PR-URL: https://github.com/nodejs/node/pull/3756 Reviewed-By: Fedor Indutny Reviewed-By: Shigeki Ohtsu Reviewed-By: James M Snell --- src/node_crypto.cc | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 240fc0708e598c..b03e6444ff8a3b 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -3593,6 +3593,29 @@ SignBase::Error Sign::SignFinal(const char* key_pem, if (pkey == nullptr || 0 != ERR_peek_error()) goto exit; +#ifdef NODE_FIPS_MODE + /* Validate DSA2 parameters from FIPS 186-4 */ + if (EVP_PKEY_DSA == pkey->type) { + size_t L = BN_num_bits(pkey->pkey.dsa->p); + size_t N = BN_num_bits(pkey->pkey.dsa->q); + bool result = false; + + if (L == 1024 && N == 160) + result = true; + else if (L == 2048 && N == 224) + result = true; + else if (L == 2048 && N == 256) + result = true; + else if (L == 3072 && N == 256) + result = true; + + if (!result) { + fatal = true; + goto exit; + } + } +#endif // NODE_FIPS_MODE + if (EVP_SignFinal(&mdctx_, *sig, sig_len, pkey)) fatal = false;