ECDSA verification succeeds when it shouldn't
NIIBE Yutaka
gniibe at fsij.org
Tue Feb 2 02:27:54 CET 2021
Guido Vranken via Gcrypt-devel <gcrypt-devel at gnupg.org> wrote:
> My fuzzer found this:
[...]
> gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other
> libraries return failure.
Thank you.
For some reason which I don't know, perhaps hisotorically, checking
public key was not done (other than for EdDSA).
I created the task:
https://dev.gnupg.org/T5282
And push a fix commit:
https://dev.gnupg.org/rC598d0f3e0294a487e01b88cc714a8cd0a47329bb
--
More information about the Gcrypt-devel
mailing list