[gnutls-devel] GnuTLS | nettle: port upstream hardening of EC point multiplication [3.6.x] (!1407)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon May 10 20:55:23 CEST 2021




Niels Möller started a new discussion on lib/nettle/ecc/override/ecc-internal.h.diff: https://gitlab.com/gnutls/gnutls/-/merge_requests/1407#note_571818856

> +@@ -49,6 +49,7 @@
> + #define ecc_mod_submul_1 _nettle_ecc_mod_submul_1
> + #define ecc_mod_mul _nettle_ecc_mod_mul
> + #define ecc_mod_sqr _nettle_ecc_mod_sqr
> ++#define ecc_mod_mul_canonical _nettle_ecc_mod_mul_canonical
> + #define ecc_mod_random _nettle_ecc_mod_random
> + #define ecc_mod _nettle_ecc_mod
> + #define ecc_mod_inv _nettle_ecc_mod_inv
> +@@ -256,6 +257,15 @@ void
> + ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp,
> + 	     const mp_limb_t *ap);
> + 
> ++/* These mul function produce a canonical result, 0 <= R < M.
> ++   Requirements on input and output areas are similar to the above
> ++   functions, except that it is *not* allowed to pass rp = rp +
> ++   m->size.

This is a typo. Just fixed on master branch, where it now reads rp = tp + m->size. And probably not quite right for this version.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1407#note_571818856
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210510/7b25afbe/attachment.html>


More information about the Gnutls-devel mailing list