Overview

File 0001-DSA-Check-for-sanity-of-input-parameters.patch of Package openssl-1_0_0.30169

From 3afd38b277a806b901e039c6ad281c5e5c97ef67 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Thu, 25 Oct 2018 13:53:26 +0200
Subject: [PATCH] DSA: Check for sanity of input parameters

dsa_builtin_paramgen2 expects the L parameter to be greater than N,
otherwise the generation will get stuck in an infinite loop.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7493)
---
 crypto/dsa/dsa_gen.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: openssl-1.0.2p/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.0.2p.orig/crypto/dsa/dsa_gen.c	2018-11-23 16:04:32.794572527 +0100
+++ openssl-1.0.2p/crypto/dsa/dsa_gen.c	2018-11-23 16:04:33.314575495 +0100
@@ -482,6 +482,12 @@ int dsa_builtin_paramgen2(DSA *ret, size
 
     EVP_MD_CTX_init(&mctx);
 
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
     if (evpmd == NULL) {
         if (N == 160)
             evpmd = EVP_sha1();
openSUSE Build Service is sponsored by
Places