mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
8957e613bc
The standard says we should be checking that both r,s are in the range [1,q-1]. Previously we were effectively reducing s mod q in the course of inversion, and modinv() was guaranteeing never to return zero; the remaining missing checks were benign. But the change from Bignum to mp_int altered the error behaviour, and combined with the missing upper bound check on s, made it possible to continue verification with w == 0 mod q, which is a bad case. Added a small DSA test case, including a check that none of these types of signatures validates. |
||
---|---|---|
.. | ||
sclog | ||
colours.txt | ||
cryptsuite.py | ||
desref.py | ||
display.txt | ||
eccref.py | ||
lattrs.txt | ||
scocols.txt | ||
testcrypt.py | ||
utf8.txt | ||
vt100.txt |