ECDSA verification succeeds when it shouldn't
Guido Vranken
guidovranken at gmail.com
Sun Jan 31 10:52:53 CET 2021
My fuzzer found this:
ecc curve: secp256r1
public key X:
4534198767316794591643245143622298809742628679895448054572722918996032022405
public key Y:
107839128084157537346759045080774377135290251058561962283882310383644151460337
cleartext: {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2,
0xfc, 0x63, 0x25, 0x51} (32 bytes)
signature R:
4534198767316794591643245143622298809742628679895448054572722918996032022405
signature S:
4534198767316794591643245143622298809742628679895448054572722918996032022405
where 'cleartext' is the data passed as-is (unhashed) to the verification
function.
gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other
libraries return failure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20210131/49fd0553/attachment.html>
More information about the Gcrypt-devel
mailing list