From 51f643eee00e2caa65c8a2f5857f49acdf3ef1ce Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Sat, 13 Mar 2021 16:27:50 +0100 Subject: [PATCH] Ensure ecdsa_sign output is canonically reduced. * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to canonical range. (cherry picked from commit c24b36160dc5303f7541dd9da1429c4046f27398) --- ChangeLog | 3 +++ ecc-ecdsa-sign.c | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 63848f53..fb2d7f66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2021-03-13 Niels Möller + * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to + canonical range. + * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical to compute the scalars used for ecc multiplication. * testsuite/ecdsa-verify-test.c (test_main): Add test case that diff --git a/ecc-ecdsa-sign.c b/ecc-ecdsa-sign.c index f323196e..4adee1d1 100644 --- a/ecc-ecdsa-sign.c +++ b/ecc-ecdsa-sign.c @@ -91,9 +91,8 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc, ecc_mod_mul (&ecc->q, tp, zp, rp, tp); ecc_mod_add (&ecc->q, hp, hp, tp); - ecc_mod_mul (&ecc->q, tp, hp, kinv, tp); + ecc_mod_mul_canonical (&ecc->q, sp, hp, kinv, tp); - mpn_copyi (sp, tp, ecc->p.size); #undef P #undef hp #undef kinv -- 2.47.3