From d9163e4554cf281ba8141446873d49c3d95edf21 Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 22 Sep 2016 12:04:48 -0700 Subject: [PATCH] add dsa sign sanity check on r/s --- wolfcrypt/src/dsa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 39a43c348..1e339273a 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -401,6 +401,10 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) if (ret == 0 && mp_mulmod(&s, &kInv, &key->q, &s) != MP_OKAY) ret = MP_MULMOD_E; + /* detect zero r or s */ + if (ret == 0 && (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES)) + ret = MP_ZERO_E; + /* write out */ if (ret == 0) { int rSz = mp_unsigned_bin_size(&r);