mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 18:55:41 +00:00
Fix information leak in ecp_gen_keypair_base
The function mbedtls_ecp_gen_keypair_base did not wipe the stack buffer used to hold the private exponent before returning. This commit fixes this by not using a stack buffer in the first place but instead calling mpi_fill_random directly to acquire the necessary random MPI.
This commit is contained in:
parent
7d80688e53
commit
b3088b4b37
|
@ -1830,7 +1830,6 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
{
|
||||
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||
int count = 0;
|
||||
unsigned char rnd[MBEDTLS_ECP_MAX_BYTES];
|
||||
|
||||
/*
|
||||
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
||||
|
@ -1841,8 +1840,7 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
|
|||
*/
|
||||
do
|
||||
{
|
||||
MBEDTLS_MPI_CHK( f_rng( p_rng, rnd, n_size ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( d, rnd, n_size ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue