[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-309-g48ba5a5

by NIIBE Yutaka cvs at cvs.gnupg.org
Tue Feb 2 09:33:22 CET 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  48ba5a50066611ecacea850ced13f5cb66097a81 (commit)
      from  a2f9afcd7fcdafd5951498b07f34957f9766dce9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 48ba5a50066611ecacea850ced13f5cb66097a81
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Feb 2 17:24:10 2016 +0900

    ecc: more fix of Curve25519.
    
    * cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of
    prefix.  Clear the MSB, according to RFC7748.
    
    --
    
    This change fixes two things.
    
    * Handle the case the prefix 0x40 comes at the end when scanned as
      standard MPI.
    
    * Implement MSB handling.  In the page 7 of RFC7748, it says about
      decoding u-coordinate:
    
        When receiving such an array, implementations of X25519 (but not
        X448) MUST mask the most significant bit in the final byte.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
index 33af6f7..e0dfec3 100644
--- a/cipher/ecc-misc.c
+++ b/cipher/ecc-misc.c
@@ -342,10 +342,8 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
        * Only when it's the prefix, we remove it.
        */
       if (rawmpilen > nbytes)
-        {/* Prefix 0x40 or 0x00 */
-          rawmpi++;
-          rawmpilen = nbytes;
-        }
+        /* Prefix 0x40 or 0x00, which comes at the end (reverse)  */
+        rawmpilen = nbytes;
       else if (rawmpilen < nbytes)
         {/*
           * It is possible for data created by older implementation
@@ -364,6 +362,7 @@ _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result)
         }
     }
 
+  rawmpi[0] &= (1 << (ctx->nbits % 8)) - 1;
   _gcry_mpi_set_buffer (result->x, rawmpi, rawmpilen, 0);
   xfree (a);
   mpi_set_ui (result->z, 1);

-----------------------------------------------------------------------

Summary of changes:
 cipher/ecc-misc.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list