DSA: Check for sanity of input parameters
authorVitezslav Cizek <vcizek@suse.com>
Thu, 25 Oct 2018 11:53:26 +0000 (13:53 +0200)
committerPauli <paul.dale@oracle.com>
Mon, 29 Oct 2018 21:53:25 +0000 (07:53 +1000)
dsa_builtin_paramgen2 expects the L parameter to be greater than N,
otherwise the generation will get stuck in an infinite loop.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7493)

crypto/dsa/dsa_gen.c

index 46f4f01ee0e49123485cb9000d4ef615fcf4e5f9..383d853b6d37307be26a3dd5d15277cff79d0db4 100644 (file)
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     if (mctx == NULL)
         goto err;
 
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
     if (evpmd == NULL) {
         if (N == 160)
             evpmd = EVP_sha1();