From 7a290abea6c78d16d0b2f1b3756aa527898d4de8 Mon Sep 17 00:00:00 2001
From: Stefan Budeanu <stefan@budeanu.com>
Date: Tue, 10 Nov 2015 11:50:32 -0500
Subject: [PATCH] crypto: DSA parameter validation in FIPS mode

FIPS 180-4 requires specific (L,N) values. OpenSSL will crash if an
invalid combination is used, so we must check the input sanity first.

PR-URL: https://github.com/nodejs/node/pull/3756
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 src/node_crypto.cc | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index f0569eb354ac5e..f699ef8222ec8d 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3781,6 +3781,29 @@ SignBase::Error Sign::SignFinal(const char* key_pem,
   if (pkey == nullptr || 0 != ERR_peek_error())
     goto exit;
 
+#ifdef NODE_FIPS_MODE
+  /* Validate DSA2 parameters from FIPS 186-4 */
+  if (EVP_PKEY_DSA == pkey->type) {
+    size_t L = BN_num_bits(pkey->pkey.dsa->p);
+    size_t N = BN_num_bits(pkey->pkey.dsa->q);
+    bool result = false;
+
+    if (L == 1024 && N == 160)
+      result = true;
+    else if (L == 2048 && N == 224)
+      result = true;
+    else if (L == 2048 && N == 256)
+      result = true;
+    else if (L == 3072 && N == 256)
+      result = true;
+
+    if (!result) {
+      fatal = true;
+      goto exit;
+    }
+  }
+#endif  // NODE_FIPS_MODE
+
   if (EVP_SignFinal(&mdctx_, *sig, sig_len, pkey))
     fatal = false;