Headline
CVE-2022-24884: verify: fix signature verification (CVE-2022-24884) · freifunk-gluon/ecdsautils@1d4b091
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). ecdsa_verify_[prepare_]legacy() does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: ecdsa_verify_list_legacy() will accept an arbitrary number of such forged signatures. Both the ecdsautil verify CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
Permalink
Browse files
verify: fix signature verification (CVE-2022-24884)
Verify that r and s are non-zero. Without these checks, an all-zero signature is always considered valid.
While it would be nicer to error out in ecdsa_verify_prepare_legacy() already, that would require users of libecdsautil to check a return value of the prepare step. To be safe, implement the fix in an API/ABI-compatible way that doesn’t need changes to the users.
- Loading branch information
Showing with 10 additions and 0 deletions.
- +10 −0 src/lib/ecdsa.c
Related news
Ubuntu Security Notice 6239-1 - It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification.