nettle: improper cryptographic calculations

ID ASA-201602-5
Type archlinux
Reporter Arch Linux
Modified 2016-02-03T00:00:00


  • CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 (improper cryptographic calculations)

It has been discovered that multiple carry propagation bugs are producing wrong results in calculations. They affect the NIST P-256 and P-384 curves. The P-256 bug is in the C code and affects multiple architectures. The P-384 bug is in the assembly code and only affects 64 bit x86. The computation compiles a certain curve point with 1, which should not change the coordinates, however it does.