generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add DSA digest length checks.

Browse Source 
Reviewed-by: Ben Laurie <ben@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-04-30 14:16:07 +01:00
parent 9b86974e0c
commit 9d04f83410
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/dsa/dsa_pmeth.c
View File

@ -125,10 +125,15 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md)
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
type = EVP_MD_type(dctx->md);
else
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
type = NID_sha1;
}
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
@ -146,10 +151,15 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
if (dctx->md)
if (dctx->md) {
if (tbslen != (size_t)EVP_MD_size(dctx->md))
return 0;
type = EVP_MD_type(dctx->md);
else
} else {
if (tbslen != SHA_DIGEST_LENGTH)
return 0;
type = NID_sha1;
}
ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);