From: Vitezslav Cizek Date: Thu, 25 Oct 2018 11:53:26 +0000 (+0200) Subject: DSA: Check for sanity of input parameters X-Git-Tag: OpenSSL_1_1_1a~8 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=42acb69fd1fdab9099833c946171eefc9b86ecde;p=oweals%2Fopenssl.git DSA: Check for sanity of input parameters dsa_builtin_paramgen2 expects the L parameter to be greater than N, otherwise the generation will get stuck in an infinite loop. Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre (cherry picked from commit 3afd38b277a806b901e039c6ad281c5e5c97ef67) (Merged from https://github.com/openssl/openssl/pull/7493) --- diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 46f4f01ee0..383d853b6d 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, if (mctx == NULL) goto err; + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1();