Skip to content

Commit 39b6d0a

Browse files
authored
Merge pull request from GHSA-qhcg-9ffp-78pw
verify: fix signature verification (CVE-2022-24884)
2 parents 0753889 + 6fb4b7b commit 39b6d0a

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

Diff for: CMakeLists.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
cmake_minimum_required(VERSION 2.8.3)
22
project(ECDSAUTIL C)
3-
set(ECDSAUTIL_VERSION 0.4.0)
3+
set(ECDSAUTIL_VERSION 0.4.1)
44

55
set(CMAKE_MODULE_PATH ${ECDSAUTIL_SOURCE_DIR})
66
find_package(libuecc REQUIRED)

Diff for: src/lib/ecdsa.c

+10
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,12 @@ void ecdsa_sign_legacy(ecdsa_signature_t *signature, const ecc_int256_t *hash, c
135135
void ecdsa_verify_prepare_legacy(ecdsa_verify_context_t *ctx, const ecc_int256_t *hash, const ecdsa_signature_t *signature) {
136136
ecc_int256_t w, u1, tmp;
137137

138+
if (ecc_25519_gf_is_zero(&signature->s) || ecc_25519_gf_is_zero(&signature->r)) {
139+
// Signature is invalid, mark by setting ctx->r to an invalid value
140+
memset(&ctx->r, 0, sizeof(ctx->r));
141+
return;
142+
}
143+
138144
ctx->r = signature->r;
139145

140146
ecc_25519_gf_recip(&w, &signature->s);
@@ -149,6 +155,10 @@ bool ecdsa_verify_legacy(const ecdsa_verify_context_t *ctx, const ecc_25519_work
149155
ecc_25519_work_t s2, work;
150156
ecc_int256_t w, tmp;
151157

158+
// Signature was detected as invalid in prepare step
159+
if (ecc_25519_gf_is_zero(&ctx->r))
160+
return false;
161+
152162
ecc_25519_scalarmult(&s2, &ctx->u2, pubkey);
153163
ecc_25519_add(&work, &ctx->s1, &s2);
154164
ecc_25519_store_xy_legacy(&w, NULL, &work);

0 commit comments

Comments
 (0)