projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add DSA digest length checks.
[openssl.git]
/
crypto
/
dsa
/
dsa_pmeth.c
diff --git
a/crypto/dsa/dsa_pmeth.c
b/crypto/dsa/dsa_pmeth.c
index 594583ffc8548d8f898ecfd291406d042e8b0232..1adab4f8ec8e95cc6b3eef9cf75b816ba887a860 100644
(file)
--- a/
crypto/dsa/dsa_pmeth.c
+++ b/
crypto/dsa/dsa_pmeth.c
@@
-125,10
+125,15
@@
static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
- if (dctx->md)
+ if (dctx->md) {
+ if (tbslen != (size_t)EVP_MD_size(dctx->md))
+ return 0;
type = EVP_MD_type(dctx->md);
type = EVP_MD_type(dctx->md);
- else
+ } else {
+ if (tbslen != SHA_DIGEST_LENGTH)
+ return 0;
type = NID_sha1;
type = NID_sha1;
+ }
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
@@
-146,10
+151,15
@@
static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
- if (dctx->md)
+ if (dctx->md) {
+ if (tbslen != (size_t)EVP_MD_size(dctx->md))
+ return 0;
type = EVP_MD_type(dctx->md);
type = EVP_MD_type(dctx->md);
- else
+ } else {
+ if (tbslen != SHA_DIGEST_LENGTH)
+ return 0;
type = NID_sha1;
type = NID_sha1;
+ }
ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);