diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-01-13 17:59:52 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-07 17:05:10 +0100 |
commit | 604247bf75571c1c3fb6a1723346c61acd957221 (patch) | |
tree | 5378af2d22b9f9dac518cd6f6ce7bc24a506cd9f /crypto | |
parent | 9ac82e2e7225759c21e712cba6dfe8da22ef7e47 (diff) | |
download | openssl-new-604247bf75571c1c3fb6a1723346c61acd957221.tar.gz |
Do not create DSA keys without parameters by decoder
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x_pubkey.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 89184fc910..6726cac857 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -748,6 +748,30 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) return key; } +/* Called from decoders; disallows provided DSA keys without parameters. */ +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) +{ + DSA *key = NULL; + const unsigned char *data; + const BIGNUM *p, *q, *g; + + data = *pp; + key = d2i_DSA_PUBKEY(NULL, &data, length); + if (key == NULL) + return NULL; + DSA_get0_pqg(key, &p, &q, &g); + if (p == NULL || q == NULL || g == NULL) { + DSA_free(key); + return NULL; + } + *pp = data; + if (a != NULL) { + DSA_free(*a); + *a = key; + } + return key; +} + int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) { EVP_PKEY *pktmp; |