Closed guidovranken closed 3 years ago
@samuel-lee-msft I believe you reviewed this bug as well?
Yes I have taken a look, thanks @guidovranken for reporting this issue. 👍
As far as I can determine, this problem only affects the API SymCryptEcDsaSignEx
- this API is intended for testing where there is a known answer test with a specified K. Normally external callers would use SymCryptEcDsaSign
which in turn calls SymCryptEcDsaSignEx
with NULL piK
. When piK
is specified and is greater than or equal to the curve's order, as in the example, we break some internal assumptions.
As such I don't see this as a security issue, but I am intending to make some fixes in the next week to tighten this up, and will update this issue with details when I've published the changes.
This is now resolved - we explicitly check the provided value of piK
is in the range [1, GOrd-1]
when it is not NULL.
Reproducer:
Stack trace copy/paste from https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31514: