Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 353dbdaaa97d78d064f0638221f57311f21f0bb3 / . / yocto-poky / meta / recipes-support / libgcrypt / files / CVE-2015-7511_1.patch
blob: 14c25b9ad2a02453001e77f1d3368fade5a0ea9d [file] [log] [blame]
From 2ef48ba59c32bfa1a9265d5eea8ab225a658903a Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 9 Jan 2014 19:14:09 +0100
Subject: [PATCH] ecc: Make a macro shorter.
* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.
Signed-off-by: Werner Koch <wk@gnupg.org>
Upstream-Status: Backport
2ef48ba59c32bfa1a9265d5eea8ab225a658903a
CVE: CVE-2015-7511 depend patch
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
cipher/ecc-curves.c | 22 +++++++++++++++++++---
cipher/ecc-misc.c | 4 ++--
cipher/ecc.c | 8 ++++----
mpi/ec.c | 22 +++++++++++-----------
src/mpi.h | 11 ++++++++---
5 files changed, 44 insertions(+), 23 deletions(-)
Index: libgcrypt-1.6.3/cipher/ecc-curves.c
===================================================================
--- libgcrypt-1.6.3.orig/cipher/ecc-curves.c
+++ libgcrypt-1.6.3/cipher/ecc-curves.c
@@ -105,7 +105,7 @@ static const ecc_domain_parms_t domain_p
{
/* (-x^2 + y^2 = 1 + dx^2y^2) */
"Ed25519", 256, 0,
- MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519,
+ MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
@@ -113,6 +113,22 @@ static const ecc_domain_parms_t domain_p
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658"
},
+#if 0 /* No real specs yet found. */
+ {
+ /* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */
+ "Curve3617",
+ "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF",
+ MPI_EC_EDWARDS, 0,
+ "0x01",
+ "0x0e21",
+ "0x07FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEB3CC92414CF"
+ "706022B36F1C0338AD63CF181B0E71A5E106AF79",
+ "0x1A334905141443300218C0631C326E5FCD46369F44C03EC7F57FF35498A4AB4D"
+ "6D6BA111301A73FAA8537C64C4FD3812F3CBC595",
+ "0x22"
+ },
+#endif /*0*/
{
"NIST P-192", 192, 1,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
@@ -404,7 +420,7 @@ _gcry_ecc_fill_in_curve (unsigned int nb
switch (domain_parms[idx].model)
{
case MPI_EC_WEIERSTRASS:
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
break;
case MPI_EC_MONTGOMERY:
return GPG_ERR_NOT_SUPPORTED;
@@ -1039,7 +1055,7 @@ _gcry_ecc_get_mpi (const char *name, mpi
if (name[1] != '@')
return _gcry_mpi_ec_ec2os (ec->Q, ec);
- if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS)
+ if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
{
unsigned char *encpk;
unsigned int encpklen;
Index: libgcrypt-1.6.3/cipher/ecc-misc.c
===================================================================
--- libgcrypt-1.6.3.orig/cipher/ecc-misc.c
+++ libgcrypt-1.6.3/cipher/ecc-misc.c
@@ -79,7 +79,7 @@ _gcry_ecc_model2str (enum gcry_mpi_ec_mo
{
case MPI_EC_WEIERSTRASS: str = "Weierstrass"; break;
case MPI_EC_MONTGOMERY: str = "Montgomery"; break;
- case MPI_EC_TWISTEDEDWARDS: str = "Twisted Edwards"; break;
+ case MPI_EC_EDWARDS: str = "Edwards"; break;
}
return str;
}
@@ -252,7 +252,7 @@ _gcry_ecc_compute_public (mpi_point_t Q,
if (!d || !G || !ec->p || !ec->a)
return NULL;
- if (ec->model == MPI_EC_TWISTEDEDWARDS && !ec->b)
+ if (ec->model == MPI_EC_EDWARDS && !ec->b)
return NULL;
if (ec->dialect == ECC_DIALECT_ED25519
Index: libgcrypt-1.6.3/cipher/ecc.c
===================================================================
--- libgcrypt-1.6.3.orig/cipher/ecc.c
+++ libgcrypt-1.6.3/cipher/ecc.c
@@ -642,7 +642,7 @@ ecc_check_secret_key (gcry_sexp_t keypar
if (!curvename)
{
sk.E.model = ((flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -774,7 +774,7 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_
if (!curvename)
{
sk.E.model = ((ctx.flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -938,7 +938,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp
if (!curvename)
{
pk.E.model = ((sigflags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -1528,7 +1528,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_s
if (!curvename)
{
model = ((flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
dialect = ((flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
Index: libgcrypt-1.6.3/mpi/ec.c
===================================================================
--- libgcrypt-1.6.3.orig/mpi/ec.c
+++ libgcrypt-1.6.3/mpi/ec.c
@@ -605,7 +605,7 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, g
}
return -1;
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
{
gcry_mpi_t z;
@@ -725,7 +725,7 @@ dup_point_montgomery (mpi_point_t result
/* RESULT = 2 * POINT (Twisted Edwards version). */
static void
-dup_point_twistededwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
+dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
{
#define X1 (point->x)
#define Y1 (point->y)
@@ -811,8 +811,8 @@ _gcry_mpi_ec_dup_point (mpi_point_t resu
case MPI_EC_MONTGOMERY:
dup_point_montgomery (result, point, ctx);
break;
- case MPI_EC_TWISTEDEDWARDS:
- dup_point_twistededwards (result, point, ctx);
+ case MPI_EC_EDWARDS:
+ dup_point_edwards (result, point, ctx);
break;
}
}
@@ -977,9 +977,9 @@ add_points_montgomery (mpi_point_t resul
/* RESULT = P1 + P2 (Twisted Edwards version).*/
static void
-add_points_twistededwards (mpi_point_t result,
- mpi_point_t p1, mpi_point_t p2,
- mpi_ec_t ctx)
+add_points_edwards (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
{
#define X1 (p1->x)
#define Y1 (p1->y)
@@ -1087,8 +1087,8 @@ _gcry_mpi_ec_add_points (mpi_point_t res
case MPI_EC_MONTGOMERY:
add_points_montgomery (result, p1, p2, ctx);
break;
- case MPI_EC_TWISTEDEDWARDS:
- add_points_twistededwards (result, p1, p2, ctx);
+ case MPI_EC_EDWARDS:
+ add_points_edwards (result, p1, p2, ctx);
break;
}
}
@@ -1106,7 +1106,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
unsigned int i, loops;
mpi_point_struct p1, p2, p1inv;
- if (ctx->model == MPI_EC_TWISTEDEDWARDS)
+ if (ctx->model == MPI_EC_EDWARDS)
{
/* Simple left to right binary method. GECC Algorithm 3.27 */
unsigned int nbits;
@@ -1269,7 +1269,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point
log_fatal ("%s: %s not yet supported\n",
"_gcry_mpi_ec_curve_point", "Montgomery");
break;
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
{
/* a · x^2 + y^2 - 1 - b · x^2 · y^2 == 0 */
ec_pow2 (x, x, ctx);
Index: libgcrypt-1.6.3/src/mpi.h
===================================================================
--- libgcrypt-1.6.3.orig/src/mpi.h
+++ libgcrypt-1.6.3/src/mpi.h
@@ -245,13 +245,18 @@ void _gcry_mpi_snatch_point (gcry_mpi_t
/* Models describing an elliptic curve. */
enum gcry_mpi_ec_models
{
-
+ /* The Short Weierstrass equation is
+ y^2 = x^3 + ax + b
+ */
MPI_EC_WEIERSTRASS = 0,
+ /* The Montgomery equation is
+ by^2 = x^3 + ax^2 + x
+ */
MPI_EC_MONTGOMERY,
- MPI_EC_TWISTEDEDWARDS
- /* The equation for Twisted Edwards curves is
+ /* The Twisted Edwards equation is
ax^2 + y^2 = 1 + bx^2y^2
Note that we use 'b' instead of the commonly used 'd'. */
+ MPI_EC_EDWARDS
};
/* Dialects used with elliptic curves. It is easier to keep the