improve value range validation

author: Matt Johnston <matt@ucc.asn.au> 2017-06-14 23:31:15 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2017-06-14 23:31:15 +0800
commit: d260d5148e2eec62e7af8d6ec86dae438e4a0ec9 (patch)
tree: 0c9eed08e218b010d5a562e5ee5de9f1459ffb3d /dss.c
parent: c38927da47fa3c96cdcc7e4c81d9068bf01bf1fb (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/dss.c b/dss.c
index 1b15cf2..8f4f195 100644
--- a/dss.c
+++ b/dss.c
@@ -181,6 +181,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, s' <= 0"))
+		goto out;
+	}
 	/* let val2 = w = (s')^-1 mod q*/
 	if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) {
 		goto out;
@@ -202,6 +206,10 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) {
 		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
+	if (mp_cmp_d(&val1, 0) != MP_GT) {
+		TRACE(("verify failed, r' <= 0"))
+		goto out;
+	}
 	/* let val4 = u2 = ((r')w) mod q */
 	if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) {
 		goto out;
author	Matt Johnston <matt@ucc.asn.au>	2017-06-14 23:31:15 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2017-06-14 23:31:15 +0800
commit	d260d5148e2eec62e7af8d6ec86dae438e4a0ec9 (patch)
tree	0c9eed08e218b010d5a562e5ee5de9f1459ffb3d /dss.c
parent	c38927da47fa3c96cdcc7e4c81d9068bf01bf1fb (diff)