Suspicious about sign_ecdsa
dbaryshkov at gmail.com
Tue Sep 24 21:48:14 CEST 2013
While implementing GOST EC signatures, I stumbled upon sign_edsa() function.
It contains two nested while() loops and a comment regarding inner (generate k,
compute r loop) that is is a while and not do_while, because we don't want to
This made me extremely suspicious. It looks to me like a possible endless loop.
If generated k makes r != 0, but s = 0, sign_ecdsa will loop forever, as code
outside while (r != 0) loop does not contain any non-deterministic option.
In my opinion, the code should look this way:
while (s != 0)
k = generate();
r = calculate(k);
} while (r != 0)
s = calculate(r, k);
What is your opinion?
With best wishes
More information about the Gcrypt-devel