Cypherpunks repositories - gostls13.git/commit

author	Katie Hockman <katie@golang.org>
	Mon, 14 Oct 2019 20:42:21 +0000 (16:42 -0400)
committer	Katie Hockman <katiehockman@google.com>
	Wed, 16 Oct 2019 21:24:47 +0000 (21:24 +0000)
commit	2017d88dbc096381d4f348d2fb08bfb3c2b7ed73
tree	205d54add175a3c5c90c80d786702ad2ec368a9e	tree
parent	6c15c7cce718e1e9a47f4f0ab1bd70923b04557b	commit \| diff

[release-branch.go1.12-security] crypto/dsa: prevent bad public keys from causing panic

dsa.Verify might currently use a nil s inverse in a
multiplication if the public key contains a non-prime Q,
causing a panic. Change this to check that the mod
inverse exists before using it.

Fixes CVE-2019-17596

Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575232