Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
ECDSA verification succeeds when it shouldn't
gcrypt-devel at gnupg
Jan 31, 2021, 1:52 AM
Post #1 of 2 (208 views)
Permalink
My fuzzer found this:

ecc curve: secp256r1
public key X:
4534198767316794591643245143622298809742628679895448054572722918996032022405
public key Y:
107839128084157537346759045080774377135290251058561962283882310383644151460337
cleartext: {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2,
0xfc, 0x63, 0x25, 0x51} (32 bytes)
signature R:
4534198767316794591643245143622298809742628679895448054572722918996032022405
signature S:
4534198767316794591643245143622298809742628679895448054572722918996032022405

where 'cleartext' is the data passed as-is (unhashed) to the verification
function.

gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other
libraries return failure.
Re: ECDSA verification succeeds when it shouldn't [ In reply to ]
gniibe at fsij
Feb 1, 2021, 5:27 PM
Post #2 of 2 (208 views)
Permalink
Guido Vranken via Gcrypt-devel <gcrypt-devel@gnupg.org> wrote:
> My fuzzer found this:
[...]
> gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other
> libraries return failure.

Thank you.

For some reason which I don't know, perhaps hisotorically, checking
public key was not done (other than for EdDSA).

I created the task:
https://dev.gnupg.org/T5282

And push a fix commit:
https://dev.gnupg.org/rC598d0f3e0294a487e01b88cc714a8cd0a47329bb
--

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal