CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2023/07/04 09:09:31
Modified files:
lib/libcrypto/ecdsa: ecs_ossl.c
Log message:
Avoid outputting invalid signatures
The caller can provide an r which will be added to the ECDSA_SIG unchecked.
This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via
a custom sign_sig() handler. Therefore add a check that it is in the bounds
required.
Since k was long thrown away, there's no way to check kinv, so it needs to
be trusted. Misdesigned APIs that will output garbage everywhere...
ok jsing
