From ad166d8db783a4731948ff60ad09ca427fcc3f98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 4 Nov 2019 15:37:42 +0100 Subject: [PATCH] Also check curve in verify() This is the only function that performs computations without calling EccPoint_mult_safer() and that didn't have that guard yet. --- tinycrypt/ecc_dsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index b3a08cf1f..04b1bfabd 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -220,6 +220,9 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash, wordcount_t num_words = curve->num_words; wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + if (curve != uECC_secp256r1()) + return 0; + rx[num_n_words - 1] = 0; r[num_n_words - 1] = 0; s[num_n_words - 1] = 0;