[dev.boringcrypto.go1.12] all: merge go1.12.11 into dev.boringcrypto.go1.12

Change-Id: I26e9d9f6ae4724a880ed27c75d279a97d2e2d33b

2 files changed, 10 insertions, 0 deletions

diff --git a/doc/devel/release.html b/doc/devel/release.html
index 1634fbe170..c756cfeb4f 100644
--- a/doc/devel/release.html
+++ b/doc/devel/release.html
@@ -105,6 +105,13 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.10">Go
 1.12.10 milestone</a> on our issue tracker for details.
 </p>
 
+<p>
+go1.12.11 (released 2019/10/17) includes security fixes to the
+<code>crypto/dsa</code> package.
+See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.12.11">Go
+1.12.11 milestone</a> on our issue tracker for details.
+</p>
+
 <h2 id="go1.11">go1.11 (released 2018/08/24)</h2>
 
 <p>
diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
index 575314b1b4..2fc4f1f05b 100644
--- a/src/crypto/dsa/dsa.go
+++ b/src/crypto/dsa/dsa.go
@@ -279,6 +279,9 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
 	}
 
 	w := new(big.Int).ModInverse(s, pub.Q)
+	if w == nil {
+		return false
+	}
 
 	n := pub.Q.BitLen()
 	if n&7 != 0 {