artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c3b977f) | patch
Avoid outputting invalid signatures
authortb <tb@openbsd.org>
Tue, 4 Jul 2023 15:09:31 +0000 (15:09 +0000)
committertb <tb@openbsd.org>
Tue, 4 Jul 2023 15:09:31 +0000 (15:09 +0000)
commit5dfb914b63d9dac6504bd370f3d9accd4cb0421f
tree99e8b9f570fb234da02b8fe35dc4e075ec4dd560tree | snapshot
parentc3b977fdacb8dd76e3850b3cb66520d4eedbf615commit | diff
Avoid outputting invalid signatures

The caller can provide an r which will be added to the ECDSA_SIG unchecked.
This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via
a custom sign_sig() handler. Therefore add a check that it is in the bounds
required.

Since k was long thrown away, there's no way to check kinv, so it needs to
be trusted. Misdesigned APIs that will output garbage everywhere...

ok jsing
lib/libcrypto/ecdsa/ecs_ossl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim