Merge pull request #4199 from TRodziewicz/mul_shortcut_fix

Fix ECDSA failing when the hash is all-bits-zero
This commit is contained in:
Manuel Pégourié-Gonnard 2021-04-19 09:54:12 +02:00 committed by GitHub
commit 0bbb38c67e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 146 additions and 7 deletions

View file

@ -273,7 +273,7 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
r_len = *(*p)++;
if( end < *p || (size_t)( end - *p ) < r_len )
if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
{
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;

View file

@ -2810,7 +2810,7 @@ cleanup:
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
* R = m * P with shortcuts for m == 1 and m == -1
* R = m * P with shortcuts for m == 0, m == 1 and m == -1
* NOT constant-time - ONLY for short Weierstrass!
*/
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
@ -2821,7 +2821,11 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
}
else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
}