Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
Fix ECDSA failing when the hash is all-bits-zero
This commit is contained in:
commit
0bbb38c67e
6 changed files with 146 additions and 7 deletions
|
@ -273,7 +273,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
|
|||
|
||||
r_len = *(*p)++;
|
||||
|
||||
if( end < *p || (size_t)( end - *p ) < r_len )
|
||||
if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
|
||||
{
|
||||
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
|
|
|
@ -2810,7 +2810,7 @@ cleanup:
|
|||
|
||||
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
|
||||
/*
|
||||
* R = m * P with shortcuts for m == 1 and m == -1
|
||||
* R = m * P with shortcuts for m == 0, m == 1 and m == -1
|
||||
* NOT constant-time - ONLY for short Weierstrass!
|
||||
*/
|
||||
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
|
||||
|
@ -2821,7 +2821,11 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
|
|||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
|
||||
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
|
||||
}
|
||||
else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue