summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libgcrypt/files/CVE-2015-7511_2.patch
blob: 8093a18cf38eb7ae58d85d627c9203ade47108e1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
From 88e1358962e902ff1cbec8d53ba3eee46407851a Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 25 Nov 2015 12:46:19 +0900
Subject: [PATCH] ecc: Constant-time multiplication for Weierstrass curve.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
method for Weierstrass curve when SCALAR is secure.

Upstream-Status: Backport

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a

CVE: CVE-2015-7511 fix
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 mpi/ec.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

Index: libgcrypt-1.6.3/mpi/ec.c
===================================================================
--- libgcrypt-1.6.3.orig/mpi/ec.c
+++ libgcrypt-1.6.3/mpi/ec.c
@@ -1106,16 +1106,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t resu
   unsigned int i, loops;
   mpi_point_struct p1, p2, p1inv;
 
-  if (ctx->model == MPI_EC_EDWARDS)
+  if (ctx->model == MPI_EC_EDWARDS
+      || (ctx->model == MPI_EC_WEIERSTRASS
+          && mpi_is_secure (scalar)))
     {
       /* Simple left to right binary method.  GECC Algorithm 3.27 */
       unsigned int nbits;
       int j;
 
       nbits = mpi_get_nbits (scalar);
-      mpi_set_ui (result->x, 0);
-      mpi_set_ui (result->y, 1);
-      mpi_set_ui (result->z, 1);
+      if (ctx->model == MPI_EC_WEIERSTRASS)
+        {
+          mpi_set_ui (result->x, 1);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 0);
+        }
+      else
+        {
+          mpi_set_ui (result->x, 0);
+          mpi_set_ui (result->y, 1);
+          mpi_set_ui (result->z, 1);
+        }
 
       if (mpi_is_secure (scalar))
         {