diff options
author | Bodo Möller <bodo@openssl.org> | 2001-06-26 09:48:17 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-06-26 09:48:17 +0000 |
commit | c458a3319687a15893bc8d14831a770a68062421 (patch) | |
tree | 06f764cd64c18f2a8958aa818e7c6d7407d7ed0e /crypto/dsa/dsa_ossl.c | |
parent | 7953b8ff1b1a60c50fa56543b78d37bd0ca66490 (diff) |
DSA verification should insist that r and s are in the allowed range.
Diffstat (limited to 'crypto/dsa/dsa_ossl.c')
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index f91a3a9959..7a5adc6403 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -246,6 +246,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; |