Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
154 magnus 1 
From: Niels Möller <nisse@lysator.liu.se>
2 
Origin: upstream, https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
3 
Subject: CVE-2015-8803 and CVE-2015-8805: Miscomputation bugs in secp-256r1 modulo functions.
4 
Bug: https://bugs.debian.org/813679
5 
 
6 
--- a/ecc-256.c
7 
+++ b/ecc-256.c
8 
@@ -108,7 +119,10 @@ ecc_256_modp (const struct ecc_curve *ec
9 
       u0 -= t;
10 
       t = (u1 < cy);
11 
       u1 -= cy;
12 
-      u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
13 
+
14 
+      cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
15 
+      u0 += cy;
16 
+      u1 += (u0 < cy);
17 
       u1 -= (-t) & 0xffffffff;
18 
     }
19 
   rp[2] = u0;
20 
@@ -195,7 +209,7 @@ ecc_256_modq (const struct ecc_curve *ec
21 
 
22 
       /* Conditional add of p */
23 
       u1 += t;
24 
-      u2 += (t<<32) + (u0 < t);
25 
+      u2 += (t<<32) + (u1 < t);
26 
 
27 
       t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
28 
       u1 += t;