crypto/ecdsa: verify validity of signature parameters in Verify - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <roland@golang.org>	2022-11-28 08:51:32 -0800
committer	Gopher Robot <gobot@golang.org>	2022-12-01 17:28:18 +0000
commit	34ab0bcc5eaf97cc0aff11cfe782e4c174d52ef0 (patch)
tree	72ca00bfe479ae38c088a9e7154d7755e0b9203d /src/internal/coverage
parent	15e705ea963b5008112793507365e24b743606bc (diff)
download	go-34ab0bcc5eaf97cc0aff11cfe782e4c174d52ef0.tar.xz

crypto/ecdsa: verify validity of signature parameters in Verify

CL 353849 removed validation of signature parameters being passed to Verify which led to two distinct problems. If passed a R or S == 0, encodeSignature would panic since it expects them to be non-zero. encodeSignature would also normalize (i.e. make non-negative) parameters by zero padding them, which would result in a signature being passed to VerifyASN1 which did not match the input signature, resulting in success in cases where it should've failed. This change re-adds the verification that 0 < r,s < N before calling ecnodeSignature. This was caught because tink runs the wycheproof ECDSA vectors against Verify, where we only run the vectors against VerifyASN1. We should be doing both. Change-Id: I1dcf41626b4df2b43296e8b878dc607ff316a892 Reviewed-on: https://go-review.googlesource.com/c/go/+/453675 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org>

Diffstat (limited to 'src/internal/coverage')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: