Fix ecc_ecdsa_verify corner case with all-zero hash.

gnutls · Jan 20, 2021 · b3d0bcf · b3d0bcf
1 parent 0c31ec6
commit b3d0bcf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+2021-01-20  Niels Möller  <nisse@lysator.liu.se>
+
+	* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Fix corner case with
+	all-zero hash. Reported by Guido Vranken.
+
 2021-01-10  Niels Möller  <nisse@lysator.liu.se>
 
 	* fat-ppc.c: Don't use __GLIBC_PREREQ in the same preprocessor

diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c
@@ -132,12 +132,12 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
 	 private key by guessing.
        */
       /* Total storage: 6*ecc->p.size + ecc->add_hhh_itch */
-      ecc->add_hhh (ecc, P1, P1, P2, P1 + 3*ecc->p.size);
+      ecc->add_hhh (ecc, P2, P2, P1, P1 + 3*ecc->p.size);
     }
   /* x coordinate only, modulo q */
-  ecc->h_to_a (ecc, 2, P2, P1, P1 + 3*ecc->p.size);
+  ecc->h_to_a (ecc, 2, P1, P2, P1 + 3*ecc->p.size);
 
-  return (mpn_cmp (rp, P2, ecc->p.size) == 0);
+  return (mpn_cmp (rp, P1, ecc->p.size) == 0);
 #undef P2
 #undef P1
 #undef sinv