diff options
author | Adam Langley <agl@golang.org> | 2016-04-14 13:52:56 -0700 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2016-05-18 14:18:48 +0000 |
commit | b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3 (patch) | |
tree | 9f959f8bf2679d130ceeb389513fc45070da7465 /src/crypto/ecdsa/ecdsa.go | |
parent | 2ba8fc5b086942dbb23282702f61c813298867f3 (diff) | |
download | go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.tar.gz go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.zip |
crypto/ecdsa: reject negative inputs.
The fact that crypto/ecdsa.Verify didn't reject negative inputs was a
mistake on my part: I had unsigned numbers on the brain. However, it
doesn't generally cause problems. (ModInverse results in zero, which
results in x being zero, which is rejected.)
The amd64 P-256 code will crash when given a large, negative input.
This fixes both crypto/ecdsa to reject these values and also the P-256
code to ignore the sign of inputs.
Change-Id: I6370ed7ca8125e53225866f55b616a4022b818f8
Reviewed-on: https://go-review.googlesource.com/22093
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/crypto/ecdsa/ecdsa.go')
-rw-r--r-- | src/crypto/ecdsa/ecdsa.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go index e63bd8669e..288e366a88 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -228,7 +228,7 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { c := pub.Curve N := c.Params().N - if r.Sign() == 0 || s.Sign() == 0 { + if r.Sign() <= 0 || s.Sign() <= 0 { return false } if r.Cmp(N) >= 0 || s.Cmp(N) >= 0 { |