Hi,
The fix does not seem complete.
Here is another reproducer found by oss-fuzz
Integer x("0x20ffff2020ff000020ff2020202020ff20ff20ff202020ffffff20200020ffff");
Integer y("0xba1a84de8fe276f1d082e3e7c10f35e0baca90baca7c9502044854dba0ecdebc");
Integer s("0x0000000000000000000000000000000000000000000000000000000000000007");
GroupParameters params(ASN1::brainpoolP256r1());
ECP::Element p(x, y);
ECP::Element t = params.GetCurve().ScalarMultiply(p, s);
std::cout << std::hex << t.x << std::endl;
std::cout << std::hex << t.y << std::endl;
Result should be
04a171dbcb9c038c01ebd7635e4302f87d38c5cc3babb819239b52572d6fb4490804ed340e0d0f7a2e47cf1f48273dc2d40434c295254c55ae420912e4d2c5be02
Instead, we get
0400000000000000000000000000000000000000000000000000000000000000003238e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e06aa8539
Best of luck,
Philippe
> Le 27 août 2019 à 08:13, Philippe Antoine <[email protected]> a écrit :
>
> Hi Jeffrey,
>
>> Can you give https://github.com/weidai11/cryptopp/commit/e06e3bd7a998
>> <https://github.com/weidai11/cryptopp/commit/e06e3bd7a998> a try?
>
>
> This temporary fix makes it ok again :-)
> Congratulations for getting this quickly, I am glad I could help.
>
>> I'm not sure why our self tests did not detect the failure. I think that is
>> a bigger problem.
>
> I can share with you the fuzzer generated corpus.
> This way, you can find out different cases (even if there are ones not
> especially related to cryptopp)
>
> Best regards,
> Philippe
>
> PS : I forgot to mention that this bug was found by oss-fuzz
>
> --
> You received this message because you are subscribed to "Crypto++ Users".
> More information about Crypto++ and this group is available at
> http://www.cryptopp.com <http://www.cryptopp.com/> and
> http://groups.google.com/forum/#!forum/cryptopp-users
> <http://groups.google.com/forum/#!forum/cryptopp-users>.
> ---
> You received this message because you are subscribed to the Google Groups
> "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/cryptopp-users/1BA21383-E3A1-4E56-9C59-607245ED7A71%40catenacyber.fr
>
> <https://groups.google.com/d/msgid/cryptopp-users/1BA21383-E3A1-4E56-9C59-607245ED7A71%40catenacyber.fr?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to "Crypto++ Users". More
information about Crypto++ and this group is available at
http://www.cryptopp.com and
http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/cryptopp-users/BE74128E-5CAA-4745-A379-55EC9E0F86A6%40catenacyber.fr.
