diff options
author | slontis <shane.lontis@oracle.com> | 2023-03-21 15:52:34 +1000 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2023-03-31 15:17:27 -0400 |
commit | 9559ad0e8d433a2a212b63cc848fa2ac82a9b048 (patch) | |
tree | 427765ebcf21c379834a06e5579c4f4a809c5c91 /crypto/dsa/dsa_sign.c | |
parent | 6469043bbabc9728aed61d7708c32e2ae319be1d (diff) |
Make DSA_sign() test for negative p,q,g values.
Related to #20268
DSA_sign() assumes that the signature passed in is related to DSA_size().
If q is negative then DSA_size() actually fails and returns 0.
A test that tries to allocate the signature buffer using DSA_size() and then
pass it to DSA_sign() will then either.
(1) Have a signature buffer of NULL. In this case it was leaking data
returned via i2d_DSA_SIG.
(2) Cause a seg fault because we created a buffer that was not large
enough to hold the signature. As it already checked zero we also now
check for negative values also.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20553)
Diffstat (limited to 'crypto/dsa/dsa_sign.c')
-rw-r--r-- | crypto/dsa/dsa_sign.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 96d103d6f2..487a7e2516 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -167,7 +167,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, *siglen = 0; return 0; } - *siglen = i2d_DSA_SIG(s, &sig); + *siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL); DSA_SIG_free(s); return 1; } |