Ensure ecdsa_sign output is canonically reduced.

author Niels Möller <nisse@lysator.liu.se>

Sat, 13 Mar 2021 15:27:50 +0000 (16:27 +0100)

committer Niels Möller <nisse@lysator.liu.se>

Sat, 13 Mar 2021 18:20:39 +0000 (19:20 +0100)
author Niels Möller <nisse@lysator.liu.se>
Sat, 13 Mar 2021 15:27:50 +0000 (16:27 +0100)
committer Niels Möller <nisse@lysator.liu.se>
Sat, 13 Mar 2021 18:20:39 +0000 (19:20 +0100)
diff --git a/ChangeLog b/ChangeLog

index b6e43ac8f95ca7da22ac2883539e42cca999f231..7e162d7f6ec1aeba5abb78999a323201f3d8d7b7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
  2021-03-13  Niels Möller  <nisse@lysator.liu.se>
  
+       * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to
+       canonical range.
+
         * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical
         to compute the scalars used for ecc multiplication.
         * testsuite/ecdsa-verify-test.c (test_main): Add test case that
diff --git a/ecc-ecdsa-sign.c b/ecc-ecdsa-sign.c

index f323196e030f84ba262eae88fea7610612459301..4adee1d1f58e2287a7cc1b57955df672fd93c15a 100644 (file)
--- a/ecc-ecdsa-sign.c
+++ b/ecc-ecdsa-sign.c
@@ -91,9 +91,8 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
  
    ecc_mod_mul (&ecc->q, tp, zp, rp, tp);
    ecc_mod_add (&ecc->q, hp, hp, tp);
-  ecc_mod_mul (&ecc->q, tp, hp, kinv, tp);
+  ecc_mod_mul_canonical (&ecc->q, sp, hp, kinv, tp);
  
-  mpn_copyi (sp, tp, ecc->p.size);
  #undef P
  #undef hp
  #undef kinv
author	Niels Möller <nisse@lysator.liu.se>
	Sat, 13 Mar 2021 15:27:50 +0000 (16:27 +0100)
committer	Niels Möller <nisse@lysator.liu.se>
	Sat, 13 Mar 2021 18:20:39 +0000 (19:20 +0100)
ChangeLog		patch \| blob \| blame \| history
ecc-ecdsa-sign.c		patch \| blob \| blame \| history