Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / f1e5d6968976c2341c6d554bfcc8895f1b33c26b / . / meta / recipes-support / libgcrypt / files / CVE-2015-7511_2.patch
blob: 8093a18cf38eb7ae58d85d627c9203ade47108e1 [file] [log] [blame]
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame^]1From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
2From: NIIBE Yutaka <gniibe@fsij.org>
3Date: Wed, 25 Nov 2015 12:46:19 +0900
4Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.
5
6* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
7method for Weierstrass curve when SCALAR is secure.
8
9Upstream-Status: Backport
10
11http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a
12
13CVE: CVE-2015-7511 fix
14Signed-off-by: Armin Kuster <akuster@mvista.com>
15
16---
17 mpi/ec.c | 19 +++++++++++++++----
18 1 file changed, 15 insertions(+), 4 deletions(-)
19
20Index: libgcrypt-1.6.3/mpi/ec.c
21===================================================================
22--- libgcrypt-1.6.3.orig/mpi/ec.c
23+++ libgcrypt-1.6.3/mpi/ec.c
24@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
25 unsigned int i, loops;
26 mpi_point_struct p1, p2, p1inv;
27
28- if (ctx->model == MPI_EC_EDWARDS)
29+ if (ctx->model == MPI_EC_EDWARDS
30+ || (ctx->model == MPI_EC_WEIERSTRASS
31+ && mpi_is_secure (scalar)))
32 {
33 /* Simple left to right binary method. GECC Algorithm 3.27 */
34 unsigned int nbits;
35 int j;
36
37 nbits = mpi_get_nbits (scalar);
38- mpi_set_ui (result->x, 0);
39- mpi_set_ui (result->y, 1);
40- mpi_set_ui (result->z, 1);
41+ if (ctx->model == MPI_EC_WEIERSTRASS)
42+ {
43+ mpi_set_ui (result->x, 1);
44+ mpi_set_ui (result->y, 1);
45+ mpi_set_ui (result->z, 0);
46+ }
47+ else
48+ {
49+ mpi_set_ui (result->x, 0);
50+ mpi_set_ui (result->y, 1);
51+ mpi_set_ui (result->z, 1);
52+ }
53
54 if (mpi_is_secure (scalar))
55 {