From: Matt Caswell Date: Fri, 3 May 2019 14:56:08 +0000 (+0100) Subject: Reject obviously invalid DSA parameters during signing X-Git-Tag: OpenSSL_1_1_1c~24 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8f506274029903457c5f1d8663a012763f55cd37;p=oweals%2Fopenssl.git Reject obviously invalid DSA parameters during signing Fixes #8875 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8876) (cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb) --- diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 7a0b0874c5..0c22d41361 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, return 0; } + /* Reject obviously invalid parameters */ + if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS); + return 0; + } + k = BN_new(); l = BN_new(); if (k == NULL || l == NULL)