[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Wed Nov 14 12:10:31 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 84b4759dbd0d7917091d20cd78712a20afb57d9b (commit)
from b18162a7c9bbfb57112459a4d6631fa258fd8c0c (commit)
- Log -----------------------------------------------------------------
commit 84b4759dbd0d7917091d20cd78712a20afb57d9b
Author: Vitezslav Cizek <vcizek at suse.com>
Date: Thu Oct 25 13:53:26 2018 +0200
DSA: Check for sanity of input parameters
dsa_builtin_paramgen2 expects the L parameter to be greater than N,
otherwise the generation will get stuck in an infinite loop.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(cherry picked from commit 3afd38b277a806b901e039c6ad281c5e5c97ef67)
(Merged from https://github.com/openssl/openssl/pull/7493)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_gen.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index db52a38..e55d585 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -435,6 +435,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
EVP_MD_CTX_init(&mctx);
+ /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+ if (L <= N) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
+
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
More information about the openssl-commits
mailing list