You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As with #13SymCryptEcDsaSignEx is not really intended for use by callers who are generating their own piK and generating signatures - it's intended for use for testing the signing code with known answer tests.
I went ahead with a small fix to return SYMCRYPT_INVALID_ARGUMENT in the case when a non-NULL piK generates a 0 signature anyway, in case there is some use case where this API is useful for callers beyond performing known answer tests.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33189
Curve: secp384r1
Nonce = 1
Msg = Curve base point X
Private key = Curve order - 1
Output:
S = 0, which makes the signature invalid.
SymCryptEcDsaSignEx
should fail instead.The text was updated successfully, but these errors were encountered: