Crypto.ECC.SECP_521R1 does not verify valid signatures.

Hi there,

While conducting some tests of Crypto.ECC.SECP_521R1->ECDSA(), I've come across a testcase which should be successfully verified, but it is not.

The code is as follows:

int main() {
	string x = "00ee030cdb40abf70726866681f7b7fedc534190929c05a650bb928b894a5bbfe9577eea83c6331a796fa27ed9fac95d9ecacdfef6d61c925502b0afddc671463549";
	string y = "0155606dd4cab19330c57c2ee740cd9c7c88bd88d95f840f315d525379dfeb7ea9bd3677b2185b92957f374317cc6124aacc8708075c4c05c95cbbc355bd692c3708";
	string msg = "313233343030";
	string sig = "30818702420090c8d0d718cb9d8d81094e6d068fb13c16b4df8c77bac676dddfe3e68855bed06b9ba8d0f8a80edce03a9fac7da561e24b1cd22d459239a146695a671f81f73aaf02413ee5a0a544b0842134629640adf5f0637087b04a442b1e6a22555dc1d8b93f8784f1ddd0cf90f75944cc2cd7ae373e5c2bac356a60ff9d08adfcdba3fa1b7a9d1d";

	mixed state = Crypto.ECC.SECP_521R1->ECDSA();
   state->set_public_key(Gmp.mpz(x, 16), Gmp.mpz(y, 16));

   if(state->pkcs_verify(String.hex2string(msg), Crypto.SHA3_512, String.hex2string(sig)))
		write("Success!\n");

	return 0;
}

The test codes from https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_secp521r1_sha512_test.json#L4279, and the explanation for the test is as follows: "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission"

Please note: I have not tested this in Nettle itself, because I'm not 100% sure how to use the related functions in the C code.

Thank you.