Avoid infinite loop on parsing DSA private keys - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2022-04-07 17:38:24 +0000
committer	tb <>	2022-04-07 17:38:24 +0000
commit	10c8b1e1311f7202e9ed7b622cad6d85557a5357 (patch)
tree	6445ee7c9e643e6ae12636e212c627d4934e3f58 /src/lib/libcrypto/asn1/a_object.c
parent	8d808b1fad425472f16e190aa9c72037b7efe75a (diff)
download	openbsd-10c8b1e1311f7202e9ed7b622cad6d85557a5357.tar.gz openbsd-10c8b1e1311f7202e9ed7b622cad6d85557a5357.tar.bz2 openbsd-10c8b1e1311f7202e9ed7b622cad6d85557a5357.zip

Avoid infinite loop on parsing DSA private keys

DSA private keys with ill-chosen g could cause an infinite loop on deserializing. Add a few sanity checks that ensure that g is according to the FIPS 186-4: check 1 < g < p and g^q == 1 (mod p). This is enough to ascertain that g is a generator of a multiplicative group of order q once we know that q is prime (which is checked a bit later). Issue reported with reproducers by Hanno Boeck. Additional variants and analysis by David Benjamin. ok beck jsing

Diffstat (limited to 'src/lib/libcrypto/asn1/a_object.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: