зеркало из https://github.com/github/putty.git
8957e613bc
The standard says we should be checking that both r,s are in the range [1,q-1]. Previously we were effectively reducing s mod q in the course of inversion, and modinv() was guaranteeing never to return zero; the remaining missing checks were benign. But the change from Bignum to mp_int altered the error behaviour, and combined with the missing upper bound check on s, made it possible to continue verification with w == 0 mod q, which is a bad case. Added a small DSA test case, including a check that none of these types of signatures validates. |
||
|---|---|---|
| .. | ||
| sclog | ||
| colours.txt | ||
| cryptsuite.py | ||
| desref.py | ||
| display.txt | ||
| eccref.py | ||
| lattrs.txt | ||
| scocols.txt | ||
| testcrypt.py | ||
| utf8.txt | ||
| vt100.txt | ||