CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/03/11 08:29:03
Modified files:
lib/libcrypto/dsa: dsa_lib.c
Log message:
Fix an off-by-one in dsa_check_key()
The private key is a random number in [1, q-1], so 1 must be allowed.
Since q is at least an 160-bit prime and 2^159 + 1 is not prime (159
is not a power of 2), the probability that this is hit is < 2^-159,
but a tiny little bit wrong is still wrong.
Found while investigating a report by bluhm
ok jsing
