DSA verification should insist that r and s are in the allowed range.

commit: c458a3319687a15893bc8d14831a770a68062421 [log] [tgz]
author: Bodo Möller <bodo@openssl.org> Tue Jun 26 09:48:17 2001 +0000
committer: Bodo Möller <bodo@openssl.org> Tue Jun 26 09:48:17 2001 +0000
tree: 06f764cd64c18f2a8958aa818e7c6d7407d7ed0e
parent: 7953b8ff1b1a60c50fa56543b78d37bd0ca66490 [diff] [blame]
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f91a3a9..7a5adc6 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c

@@ -246,6 +246,17 @@
 	BN_init(&u2);
 	BN_init(&t1);
 
+	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+		{
+		ret = 0;
+		goto err;
+		}
+	if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+		{
+		ret = 0;
+		goto err;
+		}
+
 	/* Calculate W = inv(S) mod Q
 	 * save W in u2 */
 	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
commit	c458a3319687a15893bc8d14831a770a68062421	[log] [tgz]
author	Bodo Möller <bodo@openssl.org>	Tue Jun 26 09:48:17 2001 +0000
committer	Bodo Möller <bodo@openssl.org>	Tue Jun 26 09:48:17 2001 +0000
tree	06f764cd64c18f2a8958aa818e7c6d7407d7ed0e
parent	7953b8ff1b1a60c50fa56543b78d37bd0ca66490 [diff] [blame]