From c458a3319687a15893bc8d14831a770a68062421 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Jun 2001 09:48:17 +0000 Subject: [PATCH] DSA verification should insist that r and s are in the allowed range. --- CHANGES | 4 ++++ crypto/dsa/dsa_ossl.c | 11 +++++++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index d85f3492b5..c0390345ba 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,10 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + +) Enhance the general user interface with mechanisms for inner control and with pssibilities to have yes/no kind of prompts. [Richard Levitte] diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index f91a3a9959..7a5adc6403 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -246,6 +246,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; -- 2.25.1