diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2021-01-20 09:40:19 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2021-01-20 09:40:19 +0100 |
| commit | b3d0bcf5a185842d2c717927eef03577fd61a912 (patch) | |
| tree | 73106b3689b033d2a869a1f2d047208c04d024d3 | |
| parent | 0c31ec60ff6c4ffef45aa59fa79366fdbc87ecbc (diff) | |
| download | nettle-b3d0bcf5a185842d2c717927eef03577fd61a912.tar.gz | |
Fix ecc_ecdsa_verify corner case with all-zero hash.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | ecc-ecdsa-verify.c | 6 |
2 files changed, 8 insertions, 3 deletions
@@ -1,3 +1,8 @@ +2021-01-20 Niels Möller <nisse@lysator.liu.se> + + * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Fix corner case with + all-zero hash. Reported by Guido Vranken. + 2021-01-10 Niels Möller <nisse@lysator.liu.se> * fat-ppc.c: Don't use __GLIBC_PREREQ in the same preprocessor diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c index 2b5b6921..1b2dcca7 100644 --- a/ecc-ecdsa-verify.c +++ b/ecc-ecdsa-verify.c @@ -132,12 +132,12 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc, private key by guessing. */ /* Total storage: 6*ecc->p.size + ecc->add_hhh_itch */ - ecc->add_hhh (ecc, P1, P1, P2, P1 + 3*ecc->p.size); + ecc->add_hhh (ecc, P2, P2, P1, P1 + 3*ecc->p.size); } /* x coordinate only, modulo q */ - ecc->h_to_a (ecc, 2, P2, P1, P1 + 3*ecc->p.size); + ecc->h_to_a (ecc, 2, P1, P2, P1 + 3*ecc->p.size); - return (mpn_cmp (rp, P2, ecc->p.size) == 0); + return (mpn_cmp (rp, P1, ecc->p.size) == 0); #undef P2 #undef P1 #undef sinv |