[openssl-commits] [openssl] master update

Mon Oct 29 21:53:45 UTC 2018

The branch master has been updated
       via  3afd38b277a806b901e039c6ad281c5e5c97ef67 (commit)
      from  88e3cf0a1024f4afaf8e44553526eb326db102bc (commit)


- Log -----------------------------------------------------------------
commit 3afd38b277a806b901e039c6ad281c5e5c97ef67
Author: Vitezslav Cizek <vcizek at suse.com>
Date:   Thu Oct 25 13:53:26 2018 +0200

    DSA: Check for sanity of input parameters
    
    dsa_builtin_paramgen2 expects the L parameter to be greater than N,
    otherwise the generation will get stuck in an infinite loop.
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7493)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_gen.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 46f4f01..383d853 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     if (mctx == NULL)
         goto err;
 
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
     if (evpmd == NULL) {
         if (N == 160)
             evpmd = EVP_sha1();
