diff options
author | Niels Möller <nisse@lysator.liu.se> | 2014-09-17 21:51:46 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2014-09-17 21:51:46 +0200 |
commit | 2b552abd4edc775de854014c7b0135902ca2ecd3 (patch) | |
tree | d0c478871bb30f76fae196e89266eaadd696e150 | |
parent | c9879bcbb24216586b35b9a0b2f59737970cb602 (diff) | |
download | nettle-2b552abd4edc775de854014c7b0135902ca2ecd3.tar.gz |
Fixed mpn_get_base256_le buffer overwrite.
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | gmp-glue.c | 1 |
2 files changed, 5 insertions, 0 deletions
@@ -1,5 +1,9 @@ 2014-09-17 Niels Möller <nisse@lysator.liu.se> + * gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn + counter, making the function clear some bytes beyond the end of + the output buffer. The bug triggered a make check failure on ARM. + * testsuite/testutils.c (ecc_curves): Include curve25519 in list. (test_ecc_mul_a): Include reference points for curve25519 (with Edwards coordinates). Allow n == 0 and n == 1, comparing to zero @@ -293,6 +293,7 @@ mpn_get_base256_le (uint8_t *rp, size_t rn, in = *xp++; xn--; *rp++ = old | (in << bits); + rn--; in >>= (8 - bits); bits += GMP_NUMB_BITS - 8; } |