Fix bug in ecc_ecdsa_verify.

* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical to compute the scalars used for ecc multiplication. * testsuite/ecdsa-verify-test.c (test_main): Add test case that triggers an assert on 64-bit platforms, without above fix. * testsuite/ecdsa-sign-test.c (test_main): Test case generating the same signature.
author: Niels Möller <nisse@lysator.liu.se> 2021-03-13 15:19:19 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2021-03-13 19:20:39 +0100
commit: 2397757b3f95fcae1e2d3011bf99ca5b5438378f (patch)
tree: a680cea150087fa084c4ab9266a070634efe5197 /ecc-ecdsa-verify.c
parent: 5b7608fde3a6d2ab82bffb35db1e4e330927c906 (diff)
download: nettle-2397757b3f95fcae1e2d3011bf99ca5b5438378f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c
index 1b2dcca7..f3b112b0 100644
--- a/ecc-ecdsa-verify.c
+++ b/ecc-ecdsa-verify.c
@@ -102,10 +102,10 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
 
   /* u1 = h / s, P1 = u1 * G */
   ecc_hash (&ecc->q, hp, length, digest);
-  ecc_mod_mul (&ecc->q, u1, hp, sinv, u1);
+  ecc_mod_mul_canonical (&ecc->q, u1, hp, sinv, u1);
 
   /* u2 = r / s, P2 = u2 * Y */
-  ecc_mod_mul (&ecc->q, u2, rp, sinv, u2);
+  ecc_mod_mul_canonical (&ecc->q, u2, rp, sinv, u2);
 
    /* Total storage: 5*ecc->p.size + ecc->mul_itch */
   ecc->mul (ecc, P2, u2, pp, u2 + ecc->p.size);
author	Niels Möller <nisse@lysator.liu.se>	2021-03-13 15:19:19 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2021-03-13 19:20:39 +0100
commit	2397757b3f95fcae1e2d3011bf99ca5b5438378f (patch)
tree	a680cea150087fa084c4ab9266a070634efe5197 /ecc-ecdsa-verify.c
parent	5b7608fde3a6d2ab82bffb35db1e4e330927c906 (diff)
download	nettle-2397757b3f95fcae1e2d3011bf99ca5b5438378f.tar.gz