yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-21 16:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix information leak in ecp_gen_keypair_base

Browse source 
The function ecp_gen_keypair_base did not wipe the stack buffer used to
hold the private exponent before returning. This commit fixes this by not using
a stack buffer in the first place but instead calling mpi_fill_random directly
to acquire the necessary random MPI.
This commit is contained in:
Hanno Becker 2017-10-25 16:08:19 +01:00
parent 0727ca41b7
commit 754663f8c4
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/ecp.c
View file

@ -1854,7 +1854,6 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
{ {
/* SEC1 3.2.1: Generate d such that 1 <= n < N */ /* SEC1 3.2.1: Generate d such that 1 <= n < N */
int count = 0; int count = 0;
unsigned char rnd[POLARSSL_ECP_MAX_BYTES];
/* /*
* Match the procedure given in RFC 6979 (deterministic ECDSA): * Match the procedure given in RFC 6979 (deterministic ECDSA):
@ -1865,8 +1864,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
*/ */
do do
{ {
MPI_CHK( f_rng( p_rng, rnd, n_size ) ); MPI_CHK( mpi_fill_random( d, n_size, f_rng, p_rng ) );
MPI_CHK( mpi_read_binary( d, rnd, n_size ) );
MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) ); MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) );
/* /*