1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
Backport of:
From 971bed6ab4b27014eb23085e8176917e1a096fd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sat, 13 Mar 2021 17:26:37 +0100
Subject: [PATCH] Use ecc_mod_mul_canonical for point comparison.
* eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical.
(cherry picked from commit 5b7608fde3a6d2ab82bffb35db1e4e330927c906)
Upstream-Status: Backport
https://sources.debian.org/data/main/n/nettle/3.4.1-1%2Bdeb10u1/debian/patches/CVE-2021-20305-2.patch
CVE: CVE-2021-20305 dep2
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
ChangeLog | 4 ++++
eddsa-verify.c | 9 ++-------
2 files changed, 6 insertions(+), 7 deletions(-)
#diff --git a/ChangeLog b/ChangeLog
#index 5cc5c188..2a9217a6 100644
#--- a/ChangeLog
#+++ b/ChangeLog
#@@ -1,3 +1,7 @@
#+2021-03-13 Niels Möller <nisse@lysator.liu.se>
#+
#+ * eddsa-verify.c (equal_h): Use ecc_mod_mul_canonical.
#+
# 2021-03-11 Niels Möller <nisse@lysator.liu.se>
#
# * ecc-mod-arith.c (ecc_mod_mul_canonical, ecc_mod_sqr_canonical):
Index: nettle-3.5.1/eddsa-verify.c
===================================================================
--- nettle-3.5.1.orig/eddsa-verify.c
+++ nettle-3.5.1/eddsa-verify.c
@@ -53,13 +53,8 @@ equal_h (const struct ecc_modulo *p,
#define t0 scratch
#define t1 (scratch + p->size)
- ecc_mod_mul (p, t0, x1, z2);
- if (mpn_cmp (t0, p->m, p->size) >= 0)
- mpn_sub_n (t0, t0, p->m, p->size);
-
- ecc_mod_mul (p, t1, x2, z1);
- if (mpn_cmp (t1, p->m, p->size) >= 0)
- mpn_sub_n (t1, t1, p->m, p->size);
+ ecc_mod_mul_canonical (p, t0, x1, z2, t0);
+ ecc_mod_mul_canonical (p, t1, x2, z1, t1);
return mpn_cmp (t0, t1, p->size) == 0;
|