yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-23 16:55:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid potential leak in ecp_mul_mxz()

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-12-04 21:54:36 +01:00
parent a60fe8943d
commit b6f45a616c
1 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
library/ecp.c
View file

@ -1473,6 +1473,7 @@ static int ecp_mul_mxz( ecp_group *grp, ecp_point *R,
{ {
int ret; int ret;
size_t i; size_t i;
unsigned char b;
ecp_point RP; ecp_point RP;
mpi PX; mpi PX;
@ -1491,14 +1492,23 @@ static int ecp_mul_mxz( ecp_group *grp, ecp_point *R,
if( f_rng != NULL ) if( f_rng != NULL )
MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */
i = mpi_msb( m ); /* one past the (zero-based) most significant bit */ i = mpi_msb( m ); /* one past the (zero-based) most significant bit */
while( i-- > 0 ) while( i-- > 0 )
{ {
// TODO: no branch, and constant memory-access pattern b = mpi_get_bit( m, i );
if( mpi_get_bit( m, i ) ) /*
MPI_CHK( ecp_double_add_mxz( grp, &RP, R, &RP, R, &PX ) ); * if (b) R = 2R + P else R = 2R,
else * which is:
MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); * if (b) double_add( RP, R, RP, R )
* else double_add( R, RP, R, RP )
* but using safe conditional swaps to avoid leaks
*/
MPI_CHK( mpi_safe_cond_swap( &R->X, &RP.X, b ) );
MPI_CHK( mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
MPI_CHK( mpi_safe_cond_swap( &R->X, &RP.X, b ) );
MPI_CHK( mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
} }
MPI_CHK( ecp_normalize_mxz( grp, R ) ); MPI_CHK( ecp_normalize_mxz( grp, R ) );