From 4b04466f142b3a727eef328a57b83f6b8d17be33 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 24 May 2001 22:33:16 +0000 Subject: [PATCH] Fix for missing DSA parameters. --- CHANGES | 5 +++++ crypto/asn1/x_pubkey.c | 2 +- crypto/dsa/dsa.h | 1 + crypto/dsa/dsa_err.c | 1 + crypto/dsa/dsa_ossl.c | 10 ++++++++++ 5 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f4bbe5fbbf..e1dfac5d4d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.6a and 0.9.6b [XX xxx XXXX] + *) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" in the current directory if neither $RANDFILE nor $HOME was set. RAND_file_name() in 0.9.6a returned NULL in this case. This has diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index b2e2a51477..4397a404b5 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) a=key->algor; if (ret->type == EVP_PKEY_DSA) { - if (a->parameter->type == V_ASN1_SEQUENCE) + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ret->pkey.dsa->write_params=0; p=a->parameter->value.sequence->data; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 3ebcc4ae0a..e98fa389bd 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -236,6 +236,7 @@ DH *DSA_dup_DH(DSA *r); /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_MISSING_PARAMETERS 101 #ifdef __cplusplus } diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 2b3ab3a9ad..736aeef7c4 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, {0,NULL} }; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 4283572330..331d176d66 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -105,6 +105,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -167,6 +172,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; -- 2.25.1