src/crypto/ecdsa/ecdsa.go | 11 ++++++++--- src/crypto/rsa/rsa.go | 5 ++++- diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go index 8d66477fd10d2871e0b4bc571383a683058db4fe..a01e18c836fc054267f2ad86c391b5f4723f923b 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -23,6 +23,7 @@ "crypto/cipher" "crypto/elliptic" "crypto/sha512" "encoding/asn1" + "errors" "io" "math/big" ) @@ -129,6 +130,8 @@ nMinus2 := new(big.Int).Sub(N, two) return new(big.Int).Exp(k, nMinus2, N) } +var errZeroParam = errors.New("zero parameter") + // Sign signs an arbitrary length hash (which should be the result of hashing a // larger message) using the private key, priv. It returns the signature as a // pair of integers. The security of the private key depends on the entropy of @@ -169,7 +172,9 @@ // See [NSA] 3.4.1 c := priv.PublicKey.Curve N := c.Params().N - + if N.Sign() == 0 { + return nil, nil, errZeroParam + } var k, kInv *big.Int for { for { @@ -179,7 +184,7 @@ r = nil return } - kInv = fermatInverse(k, N) + kInv = fermatInverse(k, N) // N != 0 r, _ = priv.Curve.ScalarBaseMult(k.Bytes()) r.Mod(r, N) if r.Sign() != 0 { @@ -191,7 +196,7 @@ e := hashToInt(hash, c) s = new(big.Int).Mul(priv.D, r) s.Add(s, e) s.Mul(s, kInv) - s.Mod(s, N) + s.Mod(s, N) // N != 0 if s.Sign() != 0 { break } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 1293b783679b143440aabb2d5a9e04a391273f46..031de0e79c2f2b0168f2bab3d756cf4b2040abc5 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -436,6 +436,9 @@ if c.Cmp(priv.N) > 0 { err = ErrDecryption return } + if priv.N.Sign() == 0 { + return nil, ErrDecryption + } var ir *big.Int if random != nil { @@ -461,7 +464,7 @@ break } } bigE := big.NewInt(int64(priv.E)) - rpowe := new(big.Int).Exp(r, bigE, priv.N) + rpowe := new(big.Int).Exp(r, bigE, priv.N) // N != 0 cCopy := new(big.Int).Set(c) cCopy.Mul(cCopy, rpowe) cCopy.Mod(cCopy, priv.N)