From ecfbe2f0461b399b6bf99bdaa95c460ece8e693e Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 4 Dec 2020 08:55:19 +0100
Subject: [PATCH] DSA: Make DSA_bits() and DSA_size() check that there are key
 parameters

Without these check, a DSA structure without key parameters will cause
these functions to crash.  This is also the case in pre-3.0 OpenSSL,
but since we now extract these data early, to cache them in the
EVP_PKEY structure, the same crash happens earlier and much more
internally.

The added checks are of the same kind as DSA_security_bits() already
does.

Fixes #13610

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)
---
 crypto/dsa/dsa_lib.c  |  4 +++-
 crypto/dsa/dsa_sign.c | 12 +++++++-----
 doc/man3/DSA_size.pod | 19 +++++++++++--------
 3 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 983a463ff5..4a9f572edd 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -335,7 +335,9 @@ int DSA_security_bits(const DSA *d)
 
 int DSA_bits(const DSA *dsa)
 {
-    return BN_num_bits(dsa->params.p);
+    if (dsa->params.p != NULL)
+        return BN_num_bits(dsa->params.p);
+    return -1;
 }
 
 FFC_PARAMS *dsa_get0_params(DSA *dsa)
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 58e53e5c35..0f866c12fe 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -118,14 +118,16 @@ int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout)
 
 int DSA_size(const DSA *dsa)
 {
-    int ret;
+    int ret = -1;
     DSA_SIG sig;
 
-    sig.r = sig.s = dsa->params.q;
-    ret = i2d_DSA_SIG(&sig, NULL);
+    if (dsa->params.q != NULL) {
+        sig.r = sig.s = dsa->params.q;
+        ret = i2d_DSA_SIG(&sig, NULL);
 
-    if (ret < 0)
-        ret = 0;
+        if (ret < 0)
+            ret = 0;
+    }
     return ret;
 }
 
diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod
index 404f1bb231..992357c4e0 100644
--- a/doc/man3/DSA_size.pod
+++ b/doc/man3/DSA_size.pod
@@ -20,27 +20,30 @@ L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-DSA_bits() returns the number of bits in key B<dsa>: this is the number
-of bits in the B<p> parameter.
+DSA_bits() returns the number of bits in key I<dsa>: this is the number
+of bits in the I<p> parameter.
 
 The remaining functions described on this page are deprecated.
 Applications should instead use L<EVP_PKEY_security_bits(3)> and
 L<EVP_PKEY_size(3)>.
 
 DSA_size() returns the maximum size of an ASN.1 encoded DSA signature
-for key B<dsa> in bytes. It can be used to determine how much memory must
+for key I<dsa> in bytes. It can be used to determine how much memory must
 be allocated for a DSA signature.
 
-B<dsa-E<gt>q> must not be B<NULL>.
-
-DSA_security_bits() returns the number of security bits of the given B<dsa>
+DSA_security_bits() returns the number of security bits of the given I<dsa>
 key. See L<BN_security_bits(3)>.
 
 =head1 RETURN VALUES
 
-DSA_bits() returns the number of bits in the key.
+DSA_security_bits() returns the number of security bits in the key, or -1 if
+I<dsa> doesn't hold any key parameters.
+
+DSA_bits() returns the number of bits in the key, or -1 if I<dsa> doesn't
+hold any key parameters.
 
-DSA_size() returns the signature size in bytes.
+DSA_size() returns the signature size in bytes, or -1 if I<dsa> doesn't
+hold any key parameters.
 
 =head1 SEE ALSO
 
-- 
2.39.5