Fix ctcert verification

Open zoogie opened this issue 6 years ago • 1 comments

The segher/booto code for ECDSA is SHA1 so it needed to be adapted for 3ds's SHA256 variant (the sect233r1 curve can only have 233 bits R & S, so SHA256 needs to be pared down). The "check_ecdsa" function also had the R & S arguments reversed. Some other minor tweaks.

Apr 03 '19 00:04 zoogie

Generally, I super appreciate this -- thank you!

Before merging, I'd like to see the above changes, and I'd also like to explicitly request from you permission to relicense this from GPL to ISC, in the event that ec.c ever gets rewritten (thank you for getting rid of bn.c).

Thanks again!

Apr 03 '19 06:04 SciresM