[openssl] master update

Matt Caswell matt at openssl.org
Tue May 7 16:00:39 UTC 2019


The branch master has been updated
       via  9acbe07d2300d34a7ea846d9756f33b4595e32fb (commit)
      from  7c3a7561b536264b282f604efc959edad18807d7 (commit)


- Log -----------------------------------------------------------------
commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 3 15:56:08 2019 +0100

    Reject obviously invalid DSA parameters during signing
    
    Fixes #8875
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8876)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dsa/dsa_ossl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 37c654d..b66d5ad 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
         return 0;
     }
 
+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+
     k = BN_new();
     l = BN_new();
     if (k == NULL || l == NULL)


More information about the openssl-commits mailing list