Commit 8f506274 authored by Matt Caswell's avatar Matt Caswell
Browse files

Reject obviously invalid DSA parameters during signing 



Fixes #8875

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)

(cherry picked from commit 9acbe07d)
parent 335a587b

crypto/dsa/dsa_ossl.c

+6 −0
Original line number Diff line number Diff line
@@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, 
        return 0;

    }



    /* Reject obviously invalid parameters */

    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {

        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);

        return 0;

    }



    k = BN_new();

    l = BN_new();

    if (k == NULL || l == NULL)