-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECDSA signature verification is missing a modular operation #35
Comments
I forgot to mention I'm using the 1.3.1 release of PolarSSL. |
Thanks for your report! Indeed you're right, and reduction mod I'm rather surprised you ran into this issue, since heuristically it seems to me it should happen roughly with probability 2^(-l/2) where l is the bit length of "the curve" (that is, of P or N), so it should be very unlikely with the kind of curve size used in cryptographic applications. |
Updated in private branch ready for 1.3.2 release |
Added missing dependencies on PEM parsing in PK test suite
Fixed incorrect length handling in ssl_calc_verify_tls_sha256() and ssl_calc_verify_tls_sha384()
add -fPIC to CFLAGS by default, use pkg-config to get LDFLAGS and CFLAGS...
Hi,
I think that a mpi_mod_mpi is missing from ecdsa_signature as shown below.
Without that line addition, ECDSA verification in DTCP-IP doesn't work.
I'm no ECP expert, so let me know if you disagree with this change.
For reference, I compared the values of each MPI at every line of code with my own reference ECDSA implementation, and that is the only place that differs in PolarSSL.
Thanks.
The text was updated successfully, but these errors were encountered: