generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

DSA verification should insist that r and s are in the allowed range.

Browse Source
This commit is contained in:
Bodo Möller
2001-06-26 09:48:56 +00:00
parent 1b822decb8
commit 9fa5786340
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -4,6 +4,10 @@
Changes between 0.9.6a and 0.9.6b [XX xxx XXXX] Changes between 0.9.6a and 0.9.6b [XX xxx XXXX]
*) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
positive and less than q.
[Bodo Moeller]
*) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
used: it isn't thread safe and the add_lock_callback should handle used: it isn't thread safe and the add_lock_callback should handle
that itself. that itself.

11
crypto/dsa/dsa_ossl.c
View File

@@ -240,6 +240,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
BN_init(&u2); BN_init(&u2);
BN_init(&t1); BN_init(&t1);
if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
{
ret = 0;
goto err;
}
if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
{
ret = 0;
goto err;
}
/* Calculate W = inv(S) mod Q /* Calculate W = inv(S) mod Q
* save W in u2 */ * save W in u2 */
if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;