1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Backport of:
From 51f643eee00e2caa65c8a2f5857f49acdf3ef1ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 13 Mar 2021 16:27:50 +0100
Subject: [PATCH] Ensure ecdsa_sign output is canonically reduced.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to
canonical range.
(cherry picked from commit c24b36160dc5303f7541dd9da1429c4046f27398)
Upstream-Status: Backport
https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-4.patch
CVE: CVE-2021-20305 dep4
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
ChangeLog | 3 +++
ecc-ecdsa-sign.c | 3 +--
2 files changed, 4 insertions(+), 2 deletions(-)
#diff --git a/ChangeLog b/ChangeLog
#index 63848f53..fb2d7f66 100644
#--- a/ChangeLog
#+++ b/ChangeLog
#@@ -1,5 +1,8 @@
# 2021-03-13 Niels Möller <nisse@lysator.liu.se>
#
#+ * ecc-ecdsa-sign.c (ecc_ecdsa_sign): Ensure s output is reduced to
#+ canonical range.
#+
# * ecc-ecdsa-verify.c (ecc_ecdsa_verify): Use ecc_mod_mul_canonical
# to compute the scalars used for ecc multiplication.
# * testsuite/ecdsa-verify-test.c (test_main): Add test case that
--- a/ecc-ecdsa-sign.c
+++ b/ecc-ecdsa-sign.c
@@ -90,9 +90,8 @@ ecc_ecdsa_sign (const struct ecc_curve *
ecc_modq_mul (ecc, tp, zp, rp);
ecc_modq_add (ecc, hp, hp, tp);
- ecc_modq_mul (ecc, tp, hp, kinv);
+ ecc_mod_mul_canonical (&ecc->q, sp, hp, kinv, tp);
- mpn_copyi (sp, tp, ecc->p.size);
#undef P
#undef hp
#undef kinv
|
