On Monday, August 26, 2019 at 2:30:37 PM UTC-4, Philippe Antoine wrote: > > Hi cryptopp users, > > My same is Philippe Antoine. > I have been doing differential fuzzing about elliptic curve cryptography > with different libraries including cryptopp. > > On August the 6th, oss-fuzz found the first regression after about one > year. > I think this is dut to commit > https://github.com/weidai11/cryptopp/commit/c9ef9420e762b91cc06463d349cf06e04c749b9d > > My output is the following > > > point=04202020202020ffffff2020202020200020ffffffff20202020ff20ff20ff200104c8423eb699c3ace2e623855cb9238cb43971464f4b6686765c46ed4ce035dc > > bignum=000000000000000000000000000000000000000000000000000000000000000a > > > mbedlts:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 > > > libecc:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 > > > libecc:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 > > > openssl:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 > > > gcrypt:045de6bae41907dbe3f0aa32b272add6b92fb2b79fdc49af35fb844be1c4c629e899295109c41cfe76a9c06c23d95b2d4be3b6f61a476acf1a67a0d848abba89e1 > > > cryptopp:0407f16bad8b16f5441f1a15f8e7eca364d97bb3a3c09b320bb9807ee26857b66f882ba526e55ebbf22342ae5a0186ed0ca1db8870fd001c63ae36dc72ee15f6e7 > > > That means when I multiply by 10 the point on the curve brainpoolP256r1 > > x = 202020202020ffffff2020202020200020ffffffff20202020ff20ff20ff2001 > > y = 04c8423eb699c3ace2e623855cb9238cb43971464f4b6686765c46ed4ce035dc > > I get a different result than all the other libraries >
Thanks again Phillipe. Can you give https://github.com/weidai11/cryptopp/commit/e06e3bd7a998 a try? Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/14b07d4d-acc8-410f-86ca-757cd9d93eae%40googlegroups.com.
