git.ipfire.org Git - thirdparty/openssl.git/commit

author	slontis <shane.lontis@oracle.com>
	Mon, 27 Feb 2023 03:48:24 +0000 (13:48 +1000)
committer	Pauli <pauli@openssl.org>
	Tue, 28 Feb 2023 22:20:49 +0000 (09:20 +1100)
commit	3a4e09ab42654b3d223f0f8dd1a9c58b2902ddcc
tree	ef08d17eec3bef6ddbf411f5876c9e9d1e8ddcab	tree \| snapshot
parent	a6d7093a1dc890493d3577c738e729c0265d7b40	commit \| diff

Fix infinite loops in DSA sign code.

Fixes #20268

Values such as q=1 or priv=0 caused infinite loops when calling
DSA_sign() without these changes.

There are other cases where bad domain parameters may have caused
infinite loops where the retry counter has been added. The simpler case
of priv=0 also hits this case. q=1 caused an infinite loop in the setup.

The max retry value has been set to an arbitrary value of 8 (it is
unlikely to ever do a single retry for valid values).

The minimum q bits was set to an arbitrary value of 128 (160 is still
used for legacy reasons when using 512 bit keys).

Thanks @guidovranken for detecting this, and @davidben for his
insightful analysis.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20384)

crypto/dsa/dsa_err.c		diff \| blob \| blame \| history
crypto/dsa/dsa_ossl.c		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
include/crypto/dsaerr.h		diff \| blob \| blame \| history
include/openssl/dsaerr.h		diff \| blob \| blame \| history
test/dsatest.c		diff \| blob \| blame \| history