mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 12:05:36 +00:00
Fix side channel vulnerability in ECDSA
This commit is contained in:
parent
e9ae6305ea
commit
4c3408b140
|
@ -2724,6 +2724,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||||
{
|
{
|
||||||
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||||
int count = 0;
|
int count = 0;
|
||||||
|
int cmp = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
||||||
|
@ -2734,6 +2735,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||||
*/
|
*/
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||||
|
|
||||||
|
@ -2748,9 +2750,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||||
*/
|
*/
|
||||||
if( ++count > 30 )
|
if( ++count > 30 )
|
||||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||||
|
|
||||||
|
ret = mbedtls_mpi_cmp_mpi_ct( d, &grp->N, &cmp );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
|
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp >= 0 );
|
||||||
mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
|
|
||||||
}
|
}
|
||||||
#endif /* ECP_SHORTWEIERSTRASS */
|
#endif /* ECP_SHORTWEIERSTRASS */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue