[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Tue May 7 16:00:55 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 8f506274029903457c5f1d8663a012763f55cd37 (commit)
from 335a587bd28263ed76757018a80ad8861a4b289a (commit)
- Log -----------------------------------------------------------------
commit 8f506274029903457c5f1d8663a012763f55cd37
Author: Matt Caswell <matt at openssl.org>
Date: Fri May 3 15:56:08 2019 +0100
Reject obviously invalid DSA parameters during signing
Fixes #8875
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)
(cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb)
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ossl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7a0b087..0c22d41 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
return 0;
}
+ /* Reject obviously invalid parameters */
+ if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+ return 0;
+ }
+
k = BN_new();
l = BN_new();
if (k == NULL || l == NULL)
More information about the openssl-commits
mailing list