]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92faba5)
crypto/dsa: eliminate invalid PublicKey early
authorRobert Griesemer <gri@golang.org>
Tue, 5 Apr 2016 16:44:00 +0000 (09:44 -0700)
committerAndrew Gerrand <adg@golang.org>
Fri, 8 Apr 2016 05:11:39 +0000 (05:11 +0000)
For PublicKey.P == 0, Verify will fail. Don't even try.

Change-Id: I1009f2b3dead8d0041626c946633acb10086d8c8
Reviewed-on: https://go-review.googlesource.com/21533
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/21637

src/crypto/dsa/dsa.go patch | blob | history

diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
index b7565a61b0293899a9fd8e722f6d66fafb3471eb..0ecb24ab22f32abc55fc7a3fd6acb9650c7b3dc6 100644 (file)
--- a/src/crypto/dsa/dsa.go
+++ b/src/crypto/dsa/dsa.go
@@ -249,6 +249,10 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err
 func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
        // FIPS 186-3, section 4.7
 
+       if pub.P.Sign() == 0 {
+               return false
+       }
+
        if r.Sign() < 1 || r.Cmp(pub.Q) >= 0 {
                return false
        }
Go GOST TLS 1.3