Reject obviously invalid DSA parameters during signing

Fixes #8875 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8876) (cherry picked from commit 9acbe07d23)
2019-05-03 15:56:08 +01:00 · 2019-05-03 15:56:08 +01:00 · 8f50627402
commit 8f50627402
parent 335a587bd2
1 changed files with 6 additions and 0 deletions
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
        return 0;
    }

+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+
    k = BN_new();
    l = BN_new();
    if (k == NULL || l == NULL)