projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 335a587)
Reject obviously invalid DSA parameters during signing
authorMatt Caswell <matt@openssl.org>
Fri, 3 May 2019 14:56:08 +0000 (15:56 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 7 May 2019 15:54:31 +0000 (16:54 +0100)
Fixes #8875

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)

(cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb)

crypto/dsa/dsa_ossl.c patch | blob | history

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7a0b0874c54e0ebb002c27b0c2704c579364bdf8..0c22d41361c8eeaa37bc418022336af7de28d9da 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
         return 0;
     }
 
+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+
     k = BN_new();
     l = BN_new();
     if (k == NULL || l == NULL)
Unnamed repository; edit this file 'description' to name the repository.