Reject obviously invalid DSA parameters during signing

Fixes #8875 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8876) (cherry picked from commit 9acbe07d2300d34a7ea846d9756f33b4595e32fb)
author: Matt Caswell <matt@openssl.org> 2019-05-03 15:56:08 +0100
committer: Matt Caswell <matt@openssl.org> 2019-05-07 16:54:31 +0100
commit: 8f506274029903457c5f1d8663a012763f55cd37 (patch)
tree: 78b59c777e25d0dc0a4271e0f7a76a97ff11666e /crypto/dsa
parent: 335a587bd28263ed76757018a80ad8861a4b289a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7a0b0874c5..0c22d41361 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
         return 0;
     }
 
+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+
     k = BN_new();
     l = BN_new();
     if (k == NULL || l == NULL)
author	Matt Caswell <matt@openssl.org>	2019-05-03 15:56:08 +0100
committer	Matt Caswell <matt@openssl.org>	2019-05-07 16:54:31 +0100
commit	8f506274029903457c5f1d8663a012763f55cd37 (patch)
tree	78b59c777e25d0dc0a4271e0f7a76a97ff11666e /crypto/dsa
parent	335a587bd28263ed76757018a80ad8861a4b289a (diff)