generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Should reject signatures that we can't properly verify

Browse Source 
and couldn't generate
(as pointed out by Ernst G Giessmann)
This commit is contained in:
Bodo Möller
2007-11-19 07:25:28 +00:00
parent 25550b2dd4
commit 7d610299c9
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/ecdsa/ecs_ossl.c
View File

@@ -384,6 +384,21 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
goto err; goto err;
} }
if (8 * dgst_len > BN_num_bits(order))
{
/* XXX
*
* Should provide for optional hash truncation:
* Keep the BN_num_bits(order) leftmost bits of dgst
* (see March 2006 FIPS 186-3 draft, which has a few
* confusing errors in this part though)
*/
ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
ret = 0;
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||