]> git.ipfire.org Git - thirdparty/nettle.git/commitdiff
projects / thirdparty / nettle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c31ec6)
Fix ecc_ecdsa_verify corner case with all-zero hash.
authorNiels Möller <nisse@lysator.liu.se>
Wed, 20 Jan 2021 08:40:19 +0000 (09:40 +0100)
committerNiels Möller <nisse@lysator.liu.se>
Wed, 20 Jan 2021 08:40:19 +0000 (09:40 +0100)
ChangeLog patch | blob | blame | history
ecc-ecdsa-verify.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index a55068977b78730046e5f81225d93a48c53a7bc1..fe7241e0995998ca13d630894adb185877af8cf4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2021-01-20  Niels Möller  <nisse@lysator.liu.se>
+
+       * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Fix corner case with
+       all-zero hash. Reported by Guido Vranken.
+
 2021-01-10  Niels Möller  <nisse@lysator.liu.se>
 
        * fat-ppc.c: Don't use __GLIBC_PREREQ in the same preprocessor
diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c
index 2b5b692114d481f5552b8a4dc767b38f955467ee..1b2dcca7bde9c9d248f2af947552479c6639f0ef 100644 (file)
--- a/ecc-ecdsa-verify.c
+++ b/ecc-ecdsa-verify.c
@@ -132,12 +132,12 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
         private key by guessing.
        */
       /* Total storage: 6*ecc->p.size + ecc->add_hhh_itch */
-      ecc->add_hhh (ecc, P1, P1, P2, P1 + 3*ecc->p.size);
+      ecc->add_hhh (ecc, P2, P2, P1, P1 + 3*ecc->p.size);
     }
   /* x coordinate only, modulo q */
-  ecc->h_to_a (ecc, 2, P2, P1, P1 + 3*ecc->p.size);
+  ecc->h_to_a (ecc, 2, P1, P2, P1 + 3*ecc->p.size);
 
-  return (mpn_cmp (rp, P2, ecc->p.size) == 0);
+  return (mpn_cmp (rp, P1, ecc->p.size) == 0);
 #undef P2
 #undef P1
 #undef sinv
Mirror of https://git.lysator.liu.se/nettle/nettle.git