I found a crash issue in all versions of openssl-fips-2.0.x in the dsa_do_sign() function. It happens when it incorrectly tries to call BN_clear_free(&m) without calling BN_init(&m) function first when fips_check_dsa_prng() fails. The following is code snippets.
136 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 137 { ... 139 BIGNUM m; ... 146 #ifdef OPENSSL_FIPS ... 159 if (!fips_check_dsa_prng(dsa, 0, 0)) < if this fails 160 goto err; 161 #endif 162 163 BN_init(&m); < this line is not executed ... 222 err: ... 230 BN_clear_free(&m); < then, it crashes when this function is called The attached patch was generated against openssl-fips-2.0.7. Thanks, James Lee OpenText Connectivity Solutions Group
dsa_ossl_crash.patch
Description: Binary data