diff options
author | lloyd <[email protected]> | 2011-05-19 12:56:05 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2011-05-19 12:56:05 +0000 |
commit | 2bfbaa792c71d289d433afb9fcec173110aa7006 (patch) | |
tree | fc37f5a2e8579bcd126e475e64900e695b54048f /src/math/numbertheory/curve_gfp.h | |
parent | 49e6d3fdbd47cf827f6ac2e23ab1061abf3084ea (diff) |
Reject s == 0 or r == 0 in a ECC signature.
In ECDSA, this cases should all be caught by the later check that R is
not zero, so I don't believe there is any security danger.
However the GOST 34.10 implementation did not have either check.
Fortunately, the function that extracts the affine X coordinate from
the Jacobian coordinates will throw an exception if the point is at
infinity, so we would not in fact accept invalid signatures, but this
is mostly by luck. And still represents a bit of a DoS potential.
I checked the history, it looks like not checking for zeros at the
start traces back to the original InSiTo code, and I copied the ECDSA
code for GOST without thinking about it too much.
Diffstat (limited to 'src/math/numbertheory/curve_gfp.h')
0 files changed, 0 insertions, 0 deletions