yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-27 21:31:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

DHM blinding: don't accept P-1 as a blinding value

Browse source 
P-1 is as bad as 1 as a blinding value. Don't accept it.

The chance that P-1 would be randomly generated is infinitesimal, so
this is not a practical issue, but it makes the code cleaner. It was
inconsistent to accept P-1 as a blinding value but not as a private key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-03-31 22:50:57 +02:00
parent 0853bb2bea
commit b4e815f638
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
library/dhm.c
View file

@ -329,7 +329,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
if( count++ > 10 ) if( count++ > 10 )
return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
} }
while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 ); while( dhm_check_range( R, M ) != 0 );
cleanup: cleanup:
return( ret ); return( ret );
@ -382,7 +382,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
* We need to generate blinding values from scratch * We need to generate blinding values from scratch
*/ */
/* Vi = random( 2, P-1 ) */ /* Vi = random( 2, P-2 ) */
MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
/* Vf = Vi^-X mod P /* Vf = Vi^-X mod P