CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/09/05 05:25:50
Modified files:
regress/lib/libcrypto/wycheproof: wycheproof.go
Log message:
wycheproof: move ECDSA tests to v1
This excludes the bitcoin tests since our ECDSA_verify() doesn't have the
logic to enforce s < order / 2 to avoid the well-known malleability issue
with secp256k1 that (r, s) is valid if and only if (r, order - s) is valid.
Moreover, add a workaround for overly picky P1363 tests where only
correctly padded P1363 signatures are accepted. As the test authors say
"To our knowledge no standard (i.e., IEEE P1363 or RFC 7515) requires any
explicit checks of the signature size during signature verification."
In fact, the problem really is in the test code, not in libcrypto and
is a bit annoying to fix in a non-silly way.
