File openssl-dsa_paramgen2_check.patch of Package openssl-1_1.9178
Index: openssl-1.1.0i/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_gen.c 2018-10-18 15:11:05.971573703 +0200
+++ openssl-1.1.0i/crypto/dsa/dsa_gen.c 2018-10-18 15:12:56.288274123 +0200
@@ -357,6 +357,12 @@ int dsa_builtin_paramgen2(DSA *ret, size
}
# endif
+ /* make sure L > N, otherwise we'll get stuck in an infinite loop */
+ if (L <= N) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID);
+ goto err;
+ }
+
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();