On Monday, August 26, 2019 at 4:45:46 PM UTC-4, Jeffrey Walton wrote: > > > > On Monday, August 26, 2019 at 4:09:47 PM UTC-4, Jeffrey Walton wrote: >> >> On Mon, Aug 26, 2019 at 2:30 PM Philippe Antoine >> <p.anto...@catenacyber.fr> wrote: >> > >> > My same is Philippe Antoine. >> > I have been doing differential fuzzing about elliptic curve >> cryptography with different libraries including cryptopp. >> > >> > On August the 6th, oss-fuzz found the first regression after about one >> year. >> > I think this is dut to commit >> https://github.com/weidai11/cryptopp/commit/c9ef9420e762b91cc06463d349cf06e04c749b9d >> >> > >> > My output is the following >> > >> point=04202020202020ffffff2020202020200020ffffffff20202020ff20ff20ff200104c8423eb699c3ace2e623855cb9238cb43971464f4b6686765c46ed4ce035dc >> >> >> > >> bignum=000000000000000000000000000000000000000000000000000000000000000a >> > >> mbedlts:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 >> >> >> > >> libecc:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 >> >> >> > >> libecc:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 >> >> >> > >> openssl:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 >> >> >> > >> gcrypt:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 >> >> >> > >> cryptopp:0407f16bad8b16f5441f1a15f8e7eca364d97bb3a3c09b320bb9807ee26857b66f882ba526e55ebbf22342ae5a0186ed0ca1db8870fd001c63ae36dc72ee15f6e7 >> >> >> > >> > That means when I multiply by 10 the point on the curve brainpoolP256r1 >> > >> > x = 202020202020ffffff2020202020200020ffffffff20202020ff20ff20ff2001 >> > >> > y = 04c8423eb699c3ace2e623855cb9238cb43971464f4b6686765c46ed4ce035dc >> > >> > I get a different result than all the other libraries >> > >> > I will look into it a bit more, but I already wanted to let you know >> this... >> >> Thanks Philippe. >> >> Yeah, that's not good. Does your test include a fresh check-out and >> build of the Crypto++ library? >> > > Ugh, I can duplicate it with: > > Integer > x("0x202020202020ffffff2020202020200020ffffffff20202020ff20ff20ff2001"); > Integer > y("0x04c8423eb699c3ace2e623855cb9238cb43971464f4b6686765c46ed4ce035dc"); > Integer > s("0x000000000000000000000000000000000000000000000000000000000000000a"); > > GroupParameters params(ASN1::brainpoolP256r1()); > ECP::Element p(x, y); > > ECP::Element t = params.GetCurve().ScalarMultiply(p, s); > std::cout << std::hex << t.x << std::endl; > std::cout << std::hex << t.y << std::endl; >
I've got it isolated to Double(P). Restoring the previous Double() fixes the issue. I hope to have a fix tonight or tomorrow. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/04b1c3c5-ab86-4e6c-8fb2-9c1572c0ad24%40googlegroups.com.
