crypto/ecdsa: reject negative inputs.

The fact that crypto/ecdsa.Verify didn't reject negative inputs was a mistake on my part: I had unsigned numbers on the brain. However, it doesn't generally cause problems. (ModInverse results in zero, which results in x being zero, which is rejected.) The amd64 P-256 code will crash when given a large, negative input. This fixes both crypto/ecdsa to reject these values and also the P-256 code to ignore the sign of inputs. Change-Id: I6370ed7ca8125e53225866f55b616a4022b818f8 Reviewed-on: https://go-review.googlesource.com/22093 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
author: Adam Langley <agl@golang.org> 2016-04-14 13:52:56 -0700
committer: Russ Cox <rsc@golang.org> 2016-05-18 14:18:48 +0000
commit: b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3 (patch)
tree: 9f959f8bf2679d130ceeb389513fc45070da7465 /src/crypto/ecdsa/ecdsa.go
parent: 2ba8fc5b086942dbb23282702f61c813298867f3 (diff)
download: go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.tar.gz
go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index e63bd8669e..288e366a88 100644
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -228,7 +228,7 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
 	c := pub.Curve
 	N := c.Params().N
 
-	if r.Sign() == 0 || s.Sign() == 0 {
+	if r.Sign() <= 0 || s.Sign() <= 0 {
 		return false
 	}
 	if r.Cmp(N) >= 0 || s.Cmp(N) >= 0 {
author	Adam Langley <agl@golang.org>	2016-04-14 13:52:56 -0700
committer	Russ Cox <rsc@golang.org>	2016-05-18 14:18:48 +0000
commit	b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3 (patch)
tree	9f959f8bf2679d130ceeb389513fc45070da7465 /src/crypto/ecdsa/ecdsa.go
parent	2ba8fc5b086942dbb23282702f61c813298867f3 (diff)
download	go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.tar.gz go-b30fcbc9f59ca4bf1723eb6743b47fa89b3847a3.zip