From 9559ad0e8d433a2a212b63cc848fa2ac82a9b048 Mon Sep 17 00:00:00 2001 From: slontis Date: Tue, 21 Mar 2023 15:52:34 +1000 Subject: Make DSA_sign() test for negative p,q,g values. Related to #20268 DSA_sign() assumes that the signature passed in is related to DSA_size(). If q is negative then DSA_size() actually fails and returns 0. A test that tries to allocate the signature buffer using DSA_size() and then pass it to DSA_sign() will then either. (1) Have a signature buffer of NULL. In this case it was leaking data returned via i2d_DSA_SIG. (2) Cause a seg fault because we created a buffer that was not large enough to hold the signature. As it already checked zero we also now check for negative values also. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/20553) --- crypto/dsa/dsa_ossl.c | 5 ++++- crypto/dsa/dsa_sign.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'crypto/dsa') diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 822e51786a..38e8fa1452 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -234,7 +234,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Reject obviously invalid parameters */ if (BN_is_zero(dsa->params.p) || BN_is_zero(dsa->params.q) - || BN_is_zero(dsa->params.g)) { + || BN_is_zero(dsa->params.g) + || BN_is_negative(dsa->params.p) + || BN_is_negative(dsa->params.q) + || BN_is_negative(dsa->params.g)) { ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS); return 0; } diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 96d103d6f2..487a7e2516 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -167,7 +167,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, *siglen = 0; return 0; } - *siglen = i2d_DSA_SIG(s, &sig); + *siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL); DSA_SIG_free(s); return 1; } -- cgit v1.2.3