Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-qhcg-9ffp-78pw
verify: fix signature verification (CVE-2022-24884)
  • Loading branch information
NeoRaider committed May 5, 2022
2 parents 0753889 + 6fb4b7b commit 39b6d0a
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
2 changes: 1 addition & 1 deletion CMakeLists.txt
@@ -1,6 +1,6 @@
cmake_minimum_required(VERSION 2.8.3)
project(ECDSAUTIL C)
set(ECDSAUTIL_VERSION 0.4.0)
set(ECDSAUTIL_VERSION 0.4.1)

set(CMAKE_MODULE_PATH ${ECDSAUTIL_SOURCE_DIR})
find_package(libuecc REQUIRED)
Expand Down
10 changes: 10 additions & 0 deletions src/lib/ecdsa.c
Expand Up @@ -135,6 +135,12 @@ void ecdsa_sign_legacy(ecdsa_signature_t *signature, const ecc_int256_t *hash, c
void ecdsa_verify_prepare_legacy(ecdsa_verify_context_t *ctx, const ecc_int256_t *hash, const ecdsa_signature_t *signature) {
ecc_int256_t w, u1, tmp;

if (ecc_25519_gf_is_zero(&signature->s) || ecc_25519_gf_is_zero(&signature->r)) {
// Signature is invalid, mark by setting ctx->r to an invalid value
memset(&ctx->r, 0, sizeof(ctx->r));
return;
}

ctx->r = signature->r;

ecc_25519_gf_recip(&w, &signature->s);
Expand All @@ -149,6 +155,10 @@ bool ecdsa_verify_legacy(const ecdsa_verify_context_t *ctx, const ecc_25519_work
ecc_25519_work_t s2, work;
ecc_int256_t w, tmp;

// Signature was detected as invalid in prepare step
if (ecc_25519_gf_is_zero(&ctx->r))
return false;

ecc_25519_scalarmult(&s2, &ctx->u2, pubkey);
ecc_25519_add(&work, &ctx->s1, &s2);
ecc_25519_store_xy_legacy(&w, NULL, &work);
Expand Down

0 comments on commit 39b6d0a

Please sign in to comment.