You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a bug in public_key_impl::ECDSA_SIG_recover_key_GFp where the bit size of the group prime p is retrieved via call to EC_GROUP_get_degree. However, according to SEC1-v2 "4.1.4 Verifying Operation", part 3.2 , the bit size of the prime order n of the base point G should be used to compute e from M.
While this issue is pedantic, and in practice, the bit size of prime p and group order n for EC secp256r1 (P-256) is the same, it would be advisable to use EC_GROUP_order_bits instead. This becomes especially important for future cases if other ECs are supported where bitsize(n) != bitsize(p).
The text was updated successfully, but these errors were encountered:
There is a bug in public_key_impl::ECDSA_SIG_recover_key_GFp where the bit size of the group prime p is retrieved via call to EC_GROUP_get_degree. However, according to SEC1-v2 "4.1.4 Verifying Operation", part 3.2 , the bit size of the prime order n of the base point G should be used to compute e from M.
While this issue is pedantic, and in practice, the bit size of prime p and group order n for EC secp256r1 (P-256) is the same, it would be advisable to use EC_GROUP_order_bits instead. This becomes especially important for future cases if other ECs are supported where bitsize(n) != bitsize(p).
The text was updated successfully, but these errors were encountered: