Cypherpunks repositories - gostls13.git/commit

author	Katie Hockman <katie@golang.org>
	Mon, 14 Oct 2019 20:42:21 +0000 (16:42 -0400)
committer	Katie Hockman <katiehockman@google.com>
	Wed, 16 Oct 2019 23:10:06 +0000 (23:10 +0000)
commit	4cabf6992e98f74a324e6f814a7cb35e41b05f25
tree	6f05cedcc780a19749a7e262cd6b0c0264008a1b	tree
parent	b17fd8e49d24eb298c53de5cd0a8923f1e0270ba	commit \| diff

[release-branch.go1.13-security] crypto/dsa: prevent bad public keys from causing panic

dsa.Verify might currently use a nil s inverse in a
multiplication if the public key contains a non-prime Q,
causing a panic. Change this to check that the mod
inverse exists before using it.

Fixes CVE-2019-17596

Change-Id: I94d5f3cc38f1b5d52d38dcb1d253c71b7fd1cae7
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/572809
Reviewed-by: Filippo Valsorda <valsorda@google.com>
(cherry picked from commit 9119dfb0511326d4485b248b83d4fde19c95d0f7)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/575233