yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-23 19:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix way to access the RNG for ECDSA counter-measures

Browse source 
Duplicating the g_rng_function variable in ecc_dsa.c means it's not the same
as set in ecc.c, resulting if no randomisation here. The proper way to access
the RNG function from outside ecc.c is uECC_get_rng(), so use that.

This is a side-port of upstream commit
87d74dd8d64a99aaa188961fe763d0841c5abfef

I've verified that there are no other occurrences (the duplication of
g_rng_function in ecc_dh.c had already been removed earlier when centralising
projective coordinate randomisation to mult_safer()).
This commit is contained in:
Manuel Pégourié-Gonnard 2019-12-18 10:29:58 +01:00
parent 0252cd6876
commit a4b421819b
1 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
tinycrypt/ecc_dsa.c
View file

@ -68,12 +68,6 @@
#include <tinycrypt/ecc_dsa.h>
#include "mbedtls/platform_util.h"
#if default_RNG_defined
static uECC_RNG_Function g_rng_function = &default_CSPRNG;
#else
static uECC_RNG_Function g_rng_function = 0;
#endif
static void bits2int(uECC_word_t *native, const uint8_t *bits,
unsigned bits_size, uECC_Curve curve)
{
@ -132,7 +126,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
/* If an RNG function was specified, get a random number
to prevent side channel analysis of k. */
if (!g_rng_function) {
if (!uECC_get_rng()) {
uECC_vli_clear(tmp);
tmp[0] = 1;
}