From f2d310fea7f2897fa48b6d913baa649302631b93 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Wed, 11 Mar 2020 17:17:20 +1100
Subject: [PATCH] secure boot: Fix anti-fault value if hash is shorter than
 curve

(Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)
---
 .../subproject/components/micro-ecc/uECC_verify_antifault.c     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.c b/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.c
index 87ccf2c0e..bde8e9197 100644
--- a/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.c
+++ b/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.c
@@ -133,7 +133,7 @@ int uECC_verify_antifault(const uint8_t *public_key,
     }
     /* Curve may be longer than hash, in which case keep reading the rest of the bytes */
     for (int w = hash_words; w < curve->num_words; w++) {
-        vhash_words[w % hash_words] |= rx[w] | r[w];
+        vhash_words[w % hash_words] |= rx[w] ^ r[w];
     }
 
     /* Accept only if v == r. */