projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
DSA verification should insist that r and s are in the allowed range.
[openssl.git] / crypto / dsa / dsa_ossl.c
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f91a3a9959c1678e16b8e4eda0e835c0b8ffcef3..7a5adc64037b573944bd0d1dddd042a12a03e157 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -246,6 +246,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        BN_init(&u2);
        BN_init(&t1);
 
+       if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+               {
+               ret = 0;
+               goto err;
+               }
+       if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+               {
+               ret = 0;
+               goto err;
+               }
+
        /* Calculate W = inv(S) mod Q
         * save W in u2 */
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
Unnamed repository; edit this file 'description' to name the repository.