mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 07:15:32 +00:00
Fix side channel vulnerability in ECDSA
This commit is contained in:
parent
883801d3ec
commit
5f3019b298
|
@ -1957,6 +1957,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
|||
{
|
||||
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||
int count = 0;
|
||||
int cmp = 0;
|
||||
|
||||
/*
|
||||
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
||||
|
@ -1967,6 +1968,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
|||
*/
|
||||
do
|
||||
{
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||
|
||||
|
@ -1981,9 +1983,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
|||
*/
|
||||
if( ++count > 30 )
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
|
||||
ret = mbedtls_mpi_cmp_mpi_ct( d, &grp->N, &cmp );
|
||||
if( ret != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
|
||||
mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
|
||||
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp >= 0 );
|
||||
}
|
||||
#endif /* ECP_SHORTWEIERSTRASS */
|
||||
|
||||
|
|
Loading…
Reference in a new issue