diff options
author | Vitaly Chikunov <vt@altlinux.org> | 2022-04-21 20:25:10 +0300 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-04-29 13:44:58 +0800 |
commit | 1102a510e1a2c04721d5bfeff8f2c70546d76289 (patch) | |
tree | 2543eaf2656ed071197c8c5886e7ec8c8e261667 | |
parent | d9d886ded1ae18eee5fe4fd8d6706d85e81806ac (diff) | |
download | linux-crypto-1102a510e1a2c04721d5bfeff8f2c70546d76289.tar.gz linux-crypto-1102a510e1a2c04721d5bfeff8f2c70546d76289.zip |
crypto: ecrdsa - Fix incorrect use of vli_cmp
Correctly compare values that shall be greater-or-equal and not just
greater.
Fixes: 223475c353b6 ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm")
Cc: <stable@vger.kernel.org>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/ecrdsa.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c index b32ffcaa..f3c6b5e1 100644 --- a/crypto/ecrdsa.c +++ b/crypto/ecrdsa.c @@ -113,15 +113,15 @@ static int ecrdsa_verify(struct akcipher_request *req) /* Step 1: verify that 0 < r < q, 0 < s < q */ if (vli_is_zero(r, ndigits) || - vli_cmp(r, ctx->curve->n, ndigits) == 1 || + vli_cmp(r, ctx->curve->n, ndigits) >= 0 || vli_is_zero(s, ndigits) || - vli_cmp(s, ctx->curve->n, ndigits) == 1) + vli_cmp(s, ctx->curve->n, ndigits) >= 0) return -EKEYREJECTED; /* Step 2: calculate hash (h) of the message (passed as input) */ /* Step 3: calculate e = h \mod q */ vli_from_le64(e, digest, ndigits); - if (vli_cmp(e, ctx->curve->n, ndigits) == 1) + if (vli_cmp(e, ctx->curve->n, ndigits) >= 0) vli_sub(e, e, ctx->curve->n, ndigits); if (vli_is_zero(e, ndigits)) e[0] = 1; @@ -137,7 +137,7 @@ static int ecrdsa_verify(struct akcipher_request *req) /* Step 6: calculate point C = z_1P + z_2Q, and R = x_c \mod q */ ecc_point_mult_shamir(&cc, z1, &ctx->curve->g, z2, &ctx->pub_key, ctx->curve); - if (vli_cmp(cc.x, ctx->curve->n, ndigits) == 1) + if (vli_cmp(cc.x, ctx->curve->n, ndigits) >= 0) vli_sub(cc.x, cc.x, ctx->curve->n, ndigits); /* Step 7: if R == r signature is valid */ |