[gnutls-devel] GnuTLS | nettle: port upstream hardening of EC point multiplication [3.6.x] (!1407)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun Apr 4 19:15:17 CEST 2021
Niels Möller commented:
I don't have the full context. Regarding https://git.lysator.liu.se/nettle/nettle/-/commit/5b7608fde3a6d2ab82bffb35db1e4e330927c906, that is indeed a cleanup. The bug fix changes are those that replace ecc_mod_mul, without any additional reduction logic, with calls to ecc_mod_mul_canonical.
I don't see see the fix to ecc_ecdsa_verify backported in this mr (https://git.lysator.liu.se/nettle/nettle/-/commit/2397757b3f95fcae1e2d3011bf99ca5b5438378f), that seems quite important?
For backports, I know that the GNU guix project is interested in a backport to nettle-3.5, see https://debbugs.gnu.org/cgi/bugreport.cgi?bug=47222
I might make sense to add a helper similar to the the ecc_mod_mul_canonical in nettl-3.7.2, but as you have noticed, it can't be identical due to the changed conventions for ecc_mod_mul and the underlying mod functions. But I think it should be fairly straight forward to write a variant with an interface compatible with ecc_mod_mul in older versions.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1407#note_544529364
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210404/22654c85/attachment.html>
More information about the Gnutls-devel
mailing list