Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
openssl-1_0_0.35258
0001-DSA-Check-for-sanity-of-input-parameters.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-DSA-Check-for-sanity-of-input-parameters.patch of Package openssl-1_0_0.35258
From 3afd38b277a806b901e039c6ad281c5e5c97ef67 Mon Sep 17 00:00:00 2001 From: Vitezslav Cizek <vcizek@suse.com> Date: Thu, 25 Oct 2018 13:53:26 +0200 Subject: [PATCH] DSA: Check for sanity of input parameters dsa_builtin_paramgen2 expects the L parameter to be greater than N, otherwise the generation will get stuck in an infinite loop. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7493) --- crypto/dsa/dsa_gen.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: openssl-1.0.2p/crypto/dsa/dsa_gen.c =================================================================== --- openssl-1.0.2p.orig/crypto/dsa/dsa_gen.c 2018-11-23 16:04:32.794572527 +0100 +++ openssl-1.0.2p/crypto/dsa/dsa_gen.c 2018-11-23 16:04:33.314575495 +0100 @@ -482,6 +482,12 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_init(&mctx); + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor