mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
5056133cc7
gh_gen_type_common_set_params looks up a dsa contexts gen_type using name2id, but if it returns error, we inadvertently set gctx->gen_type to -1, which is an invalid value, which may lead to improper behavior in future calls, in the event that said future calls preform an operation of the form; if (gen_type == <VALID VALUE>) { do_stuff else { do_other_stuff } Technically it is not correct to continue with the operations on the gen context after failed parameters setting but this makes it more predictable. Fix it by assigning the result of a lookup to a stack variable, and only update gctx->gen_value if the lookup returns a non-failing value In leiu of testing this specific case, also add an ossl_assert in dsa_gen to validate the gen_val input prior to continuing, should other code points attempt to do the same thing Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22991) |
||
---|---|---|
.. | ||
common | ||
fips | ||
implementations | ||
baseprov.c | ||
build.info | ||
decoders.inc | ||
defltprov.c | ||
encoders.inc | ||
fips-sources.checksums | ||
fips.checksum | ||
fips.module.sources | ||
legacyprov.c | ||
nullprov.c | ||
prov_running.c | ||
stores.inc |