ecc_verify_hash_raw fails when not using Shamir method and provided hash is all zeros

[dgarske]

The math for handling the ECC verify with a hash with null characters, such as {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0} and hashlen = 20. This results in an invalid signature verification (v != r). This only happens if the traditional (non Shamir) method is used to calculate "u1_mG + u2_mQ = mG".

This happens when calling "ecc_verify_hash_raw" and not using Shamir method (ecc_mul2add == NULL) and provided hash is all zeros.

Has anyone seen this or have any idea how to resolve the math?

[sjaeckel]

@karel-m how should we proceed with this issue regarding the release?