DSA: Make DSA_bits() and DSA_size() check that there are key parameters

Without these check, a DSA structure without key parameters will cause
these functions to crash.  This is also the case in pre-3.0 OpenSSL,
but since we now extract these data early, to cache them in the
EVP_PKEY structure, the same crash happens earlier and much more
internally.

The added checks are of the same kind as DSA_security_bits() already
does.

Fixes #13610

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)

2 files changed, 10 insertions, 6 deletions

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 983a463ff5..4a9f572edd 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -335,7 +335,9 @@ int DSA_security_bits(const DSA *d)
 
 int DSA_bits(const DSA *dsa)
 {
-    return BN_num_bits(dsa->params.p);
+    if (dsa->params.p != NULL)
+        return BN_num_bits(dsa->params.p);
+    return -1;
 }
 
 FFC_PARAMS *dsa_get0_params(DSA *dsa)
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 58e53e5c35..0f866c12fe 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -118,14 +118,16 @@ int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout)
 
 int DSA_size(const DSA *dsa)
 {
-    int ret;
+    int ret = -1;
     DSA_SIG sig;
 
-    sig.r = sig.s = dsa->params.q;
-    ret = i2d_DSA_SIG(&sig, NULL);
+    if (dsa->params.q != NULL) {
+        sig.r = sig.s = dsa->params.q;
+        ret = i2d_DSA_SIG(&sig, NULL);
 
-    if (ret < 0)
-        ret = 0;
+        if (ret < 0)
+            ret = 0;
+    }
     return ret;
 }