Add sanity checks on p and q in old_dsa_priv_decode() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2022-02-24 08:31:11 +0000
committer	tb <>	2022-02-24 08:31:11 +0000
commit	3e848a5d39e531c0032e55e9a21fa7baca49e241 (patch)
tree	c755575c2146974ab21cf2e63c0f552662fe2d03 /src/lib/libcrypto/x509/x509_cmp.c
parent	a59b14b2d3f8047fe5b687d37304433773603a3f (diff)
download	openbsd-3e848a5d39e531c0032e55e9a21fa7baca49e241.tar.gz openbsd-3e848a5d39e531c0032e55e9a21fa7baca49e241.tar.bz2 openbsd-3e848a5d39e531c0032e55e9a21fa7baca49e241.zip

Add sanity checks on p and q in old_dsa_priv_decode()

dsa_do_verify() has checks on dsa->p and dsa->q that ensure that p isn't overly long and that q has one of the three allowed lengths specified in FIPS 186-3, namely 160, 224, or 256. Do these checks on deserialization of DSA keys without parameters. This means that we will now reject keys we would previously deserialize. Such keys are useless in that signatures generated by them would be rejected by both LibreSSL and OpenSSL. This avoids a timeout flagged in oss-fuzz #26899 due to a ridiculous DSA key whose q has size 65KiB. The timeout comes from additional checks on DSA keys added by miod in dsa_ameth.c r1.18, especially checking such a humungous number for primality is expensive. ok jsing

Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: