[openssl-users] Bug in ECDSA_verify / i2d_ECDSA_SIG ??

Stuart Adams sja at brightstareng.com
Sat Feb 3 13:19:11 UTC 2018


ECDSA_verify fails if one of the signature components is negative
because i2d_ECDSA_SIG returns the incorrect size;

problem is in ecs_vrf.c:

    derlen = i2d_ECDSA_SIG(s, &der);
    if (derlen != sig_len || memcmp(sigbuf, der, derlen))
        goto err;

If signature component is negative derlen is computed as 71 instead of 70.
So I get "Public Key operation error" ... but if I comment out the length
check I get "Signature Verified Successfully"

Here is the parse of the signature file.

openssl asn1parse -i -inform DER -in file -in pub.sig
    0:d=0  hl=2 l=  68 cons: SEQUENCE
    2:d=1  hl=2 l=  32 prim:  INTEGER           :
4C5A2B4F5DF1540481A1B07A7A6007284AD69C654AA12863A4B9728B1179D0CB
   36:d=1  hl=2 l=  32 prim:  INTEGER           :-
37D6425BDFF8E68263205D4DD798AE816B127B439AE29161662B23D15D773C7D

od -t x1 pub.sig
0000000 30 44 02 20 4c 5a 2b 4f 5d f1 54 04 81 a1 b0 7a
0000020 7a 60 07 28 4a d6 9c 65 4a a1 28 63 a4 b9 72 8b
0000040 11 79 d0 cb 02 20 c8 29 bd a4 20 07 19 7d 9c df
0000060 a2 b2 28 67 51 7e 94 ed 84 bc 65 1d 6e 9e 99 d4
0000100 dc 2e a2 88 c3 83
0000106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180203/5609f9f9/attachment.html>


More information about the openssl-users mailing list