mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 01:55:39 +00:00
Fix way to access the RNG for ECDSA counter-measures
Duplicating the g_rng_function variable in ecc_dsa.c means it's not the same as set in ecc.c, resulting if no randomisation here. The proper way to access the RNG function from outside ecc.c is uECC_get_rng(), so use that. This is a side-port of upstream commit 87d74dd8d64a99aaa188961fe763d0841c5abfef I've verified that there are no other occurrences (the duplication of g_rng_function in ecc_dh.c had already been removed earlier when centralising projective coordinate randomisation to mult_safer()).
This commit is contained in:
parent
0252cd6876
commit
a4b421819b
|
@ -68,12 +68,6 @@
|
|||
#include <tinycrypt/ecc_dsa.h>
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if default_RNG_defined
|
||||
static uECC_RNG_Function g_rng_function = &default_CSPRNG;
|
||||
#else
|
||||
static uECC_RNG_Function g_rng_function = 0;
|
||||
#endif
|
||||
|
||||
static void bits2int(uECC_word_t *native, const uint8_t *bits,
|
||||
unsigned bits_size, uECC_Curve curve)
|
||||
{
|
||||
|
@ -132,7 +126,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash,
|
|||
|
||||
/* If an RNG function was specified, get a random number
|
||||
to prevent side channel analysis of k. */
|
||||
if (!g_rng_function) {
|
||||
if (!uECC_get_rng()) {
|
||||
uECC_vli_clear(tmp);
|
||||
tmp[0] = 1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue