FIPS 180-4 requires specific (L,N) values. OpenSSL will crash if an
invalid combination is used, so we must check the input sanity first.
PR-URL: https://github.com/nodejs/node/pull/3756
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
if (pkey == nullptr || 0 != ERR_peek_error())
goto exit;
+#ifdef NODE_FIPS_MODE
+ /* Validate DSA2 parameters from FIPS 186-4 */
+ if (EVP_PKEY_DSA == pkey->type) {
+ size_t L = BN_num_bits(pkey->pkey.dsa->p);
+ size_t N = BN_num_bits(pkey->pkey.dsa->q);
+ bool result = false;
+
+ if (L == 1024 && N == 160)
+ result = true;
+ else if (L == 2048 && N == 224)
+ result = true;
+ else if (L == 2048 && N == 256)
+ result = true;
+ else if (L == 3072 && N == 256)
+ result = true;
+
+ if (!result) {
+ fatal = true;
+ goto exit;
+ }
+ }
+#endif // NODE_FIPS_MODE
+
if (EVP_SignFinal(&mdctx_, *sig, sig_len, pkey))
fatal = false;