meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch - stefanberger/openbmc - Gitiles

 From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
 From: NIIBE Yutaka <gniibe@fsij.org>
 Date: Wed, 25 Nov 2015 12:46:19 +0900
 Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.

 * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
 method for Weierstrass curve when SCALAR is secure.

 Upstream-Status: Backport

 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a

 CVE: CVE-2015-7511 fix
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  mpi/ec.c | 19 +++++++++++++++----
  1 file changed, 15 insertions(+), 4 deletions(-)

 Index: libgcrypt-1.6.3/mpi/ec.c
 ===================================================================
 --- libgcrypt-1.6.3.orig/mpi/ec.c
 +++ libgcrypt-1.6.3/mpi/ec.c
 @@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
    unsigned int i, loops;
    mpi_point_struct p1, p2, p1inv;

 -  if (ctx->model == MPI_EC_EDWARDS)
 +  if (ctx->model == MPI_EC_EDWARDS
 +      || (ctx->model == MPI_EC_WEIERSTRASS
 +          && mpi_is_secure (scalar)))
      {
        /* Simple left to right binary method.  GECC Algorithm 3.27 */
        unsigned int nbits;
        int j;

        nbits = mpi_get_nbits (scalar);
 -      mpi_set_ui (result->x, 0);
 -      mpi_set_ui (result->y, 1);
 -      mpi_set_ui (result->z, 1);
 +      if (ctx->model == MPI_EC_WEIERSTRASS)
 +        {
 +          mpi_set_ui (result->x, 1);
 +          mpi_set_ui (result->y, 1);
 +          mpi_set_ui (result->z, 0);
 +        }
 +      else
 +        {
 +          mpi_set_ui (result->x, 0);
 +          mpi_set_ui (result->y, 1);
 +          mpi_set_ui (result->z, 1);
 +        }

        if (mpi_is_secure (scalar))
          {
	From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
	From: NIIBE Yutaka <gniibe@fsij.org>
	Date: Wed, 25 Nov 2015 12:46:19 +0900
	Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.

	* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
	method for Weierstrass curve when SCALAR is secure.

	Upstream-Status: Backport

	http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a

	CVE: CVE-2015-7511 fix
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	mpi/ec.c \| 19 +++++++++++++++----
	1 file changed, 15 insertions(+), 4 deletions(-)

	Index: libgcrypt-1.6.3/mpi/ec.c
	===================================================================
	--- libgcrypt-1.6.3.orig/mpi/ec.c
	+++ libgcrypt-1.6.3/mpi/ec.c
	@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
	unsigned int i, loops;
	mpi_point_struct p1, p2, p1inv;

	- if (ctx->model == MPI_EC_EDWARDS)
	+ if (ctx->model == MPI_EC_EDWARDS
	+ \|\| (ctx->model == MPI_EC_WEIERSTRASS
	+ && mpi_is_secure (scalar)))
	{
	/* Simple left to right binary method. GECC Algorithm 3.27 */
	unsigned int nbits;
	int j;

	nbits = mpi_get_nbits (scalar);
	- mpi_set_ui (result->x, 0);
	- mpi_set_ui (result->y, 1);
	- mpi_set_ui (result->z, 1);
	+ if (ctx->model == MPI_EC_WEIERSTRASS)
	+ {
	+ mpi_set_ui (result->x, 1);
	+ mpi_set_ui (result->y, 1);
	+ mpi_set_ui (result->z, 0);
	+ }
	+ else
	+ {
	+ mpi_set_ui (result->x, 0);
	+ mpi_set_ui (result->y, 1);
	+ mpi_set_ui (result->z, 1);
	+ }

	if (mpi_is_secure (scalar))
	{