Hello, We performed long test for Edsa sign(ECDSA_do_sign function) and verify (ECDSA_do_verify function). The test sometimes fails after 200000 -300000 cycles. The each cycle use the same private and public key and the same digest input. The output of function ECDSA_do_sign in this case depends only of random returned from function RAND_bytes (fie rand_lib.c).
We found random when ECDSA_do_verify fails: openssl-0.9.8g NID_X9_62_prime256v1 /* secp256r1 (23) */ Data to sign - (5) 31 32 33 34 35 Returned Singed data from ECDSA_do_sign function (sin->r,sign->s 64 bytes) 54 09 a3 be 2e 6d 11 de de 1a cf a3 8f 24 1d 6f 2c bf d7 0e ba 33 06 78 ea da 93 88 7b 5c 43 93 ca f1 c7 d9 2f 6f 5d 54 54 06 7d a0 5e de d2 c0 5d 18 b5 8c 78 d5 88 14 2f c7 88 8c 0a 07 b6 ef EC private key value (34 bytes) 02 20 1F 07 87 EE BE A6 89 F8 2D FD 56 BB B2 53 0F BE 97 0F 08 5C FE 3E 41 AD F7 13 D2 B7 F8 C9 F6 56 EC public key value (65) 04 36 1B E1 51 43 FF E6 E3 CB 3E 80 0F 7D 91 0D F2 C2 CF 75 87 05 47 F4 19 DD 1B CF 64 77 87 FF 88 BF 38 67 62 FF 61 8D D4 7B 39 08 C6 4A 63 17 DB 92 3D 52 0F AA B2 04 6A 02 DB C7 FF E4 96 19 5E Random from (32 bytes from function RAND_bytes ) 1e bb 51 83 7f b2 78 8d 09 0d c5 b9 bb 60 eb 79 2a c9 0c a5 04 f6 99 ec 4b ec 0b 94 45 15 05 79 Hex C format: Data to sign - (5) 0x31,0x32,0x33,0x34,0x35 Returned Singed data from ECDSA_do_sign finction (64 bytes) 0x54,0x09,0xa3,0xbe,0x2e,0x6d,0x11,0xde, 0xde,0x1a,0xcf,0xa3,0x8f,0x24,0x1d,0x6f, 0x2c,0xbf,0xd7,0x0e,0xba,0x33,0x06,0x78, 0xea,0xda,0x93,0x88,0x7b,0x5c,0x43,0x93, 0xca,0xf1,0xc7,0xd9,0x2f,0x6f,0x5d,0x54, 0x54,0x06,0x7d,0xa0,0x5e,0xde,0xd2,0xc0, 0x5d,0x18,0xb5,0x8c,0x78,0xd5,0x88,0x14, 0x2f,0xc7,0x88,0x8c,0x0a,0x07,0xb6,0xef EC private key value (34 bytes) 0x02,0x20,0x1F,0x07,0x87,0xEE,0xBE,0xA6, 0x89,0xF8,0x2D,0xFD,0x56,0xBB,0xB2,0x53, 0x0F,0xBE,0x97,0x0F,0x08,0x5C,0xFE,0x3E, 0x41,0xAD,0xF7,0x13,0xD2,0xB7,0xF8,0xC9,0xF6,0x56 EC public key value (65) 0x04,0x36,0x1B,0xE1,0x51,0x43,0xFF,0xE6,0xE3, 0xCB,0x3E,0x80,0x0F,0x7D,0x91,0x0D,0xF2, 0xC2,0xCF,0x75,0x87,0x05,0x47,0xF4,0x19, 0xDD,0x1B,0xCF,0x64,0x77,0x87,0xFF,0x88, 0xBF,0x38,0x67,0x62,0xFF,0x61,0x8D,0xD4, 0x7B,0x39,0x08,0xC6,0x4A,0x63,0x17,0xDB, 0x92,0x3D,0x52,0x0F,0xAA,0xB2,0x04,0x6A, 0x02,0xDB,0xC7,0xFF,0xE4,0x96,0x19,0x5E Random from (32 bytes from function RAND_bytes): 0x1e,0xbb,0x51,0x83,0x7f,0xb2,0x78,0x8d, 0x09,0x0d,0xc5,0xb9,0xbb,0x60,0xeb,0x79, 0x2a,0xc9,0x0c,0xa5,0x04,0xf6,0x99,0xec, 0x4b,0xec,0x0b,0x94,0x45,0x15,0x05,0x79 Please help us to solve this problem. What is wrong? Best regards Mark Mark Shnaider |Senior Software engineer | ARX phone: +972.3.9279543 | mobile: +972.54.2448543 | email: m...@arx.com | www.arx.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
