mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 03:05:43 +01:00
Don't use DH blinding for ephemeral DH
This commit is contained in:
parent
ce6352a791
commit
032c34e206
@ -228,7 +228,12 @@ int dhm_make_public( dhm_context *ctx, int x_size,
|
|||||||
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
|
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
|
||||||
*
|
*
|
||||||
* \note If f_rng is not NULL, it is used to blind the input as
|
* \note If f_rng is not NULL, it is used to blind the input as
|
||||||
* countermeasure against timing attacks.
|
* countermeasure against timing attacks. This is only useful
|
||||||
|
* when this function is called repeatedly with the same
|
||||||
|
* secret value (X field), eg when using DH key exchange as
|
||||||
|
* opposed to DHE. It is recommended to use a non-NULL f_rng
|
||||||
|
* only when needed, since otherwise this countermeasure has
|
||||||
|
* high overhead.
|
||||||
*/
|
*/
|
||||||
int dhm_calc_secret( dhm_context *ctx,
|
int dhm_calc_secret( dhm_context *ctx,
|
||||||
unsigned char *output, size_t *olen,
|
unsigned char *output, size_t *olen,
|
||||||
|
@ -1711,10 +1711,11 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
|
/* No blinding needed for DHE, but will be needed for fixed DH! */
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
NULL, NULL ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
@ -1842,8 +1843,9 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
|
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
|
||||||
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
|
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
|
||||||
|
/* No blinding needed since this is ephemeral DHM */
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
p, &n, NULL, NULL ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2384,10 +2384,11 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
|
/* No blinding needed for DHE, but will be needed for fixed DH! */
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
NULL, NULL ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||||
@ -2472,8 +2473,9 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl )
|
|||||||
|
|
||||||
n = ssl->handshake->dhm_ctx.len;
|
n = ssl->handshake->dhm_ctx.len;
|
||||||
|
|
||||||
|
/* No blinding needed since this is ephemeral DHM */
|
||||||
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
p, &n, ssl->f_rng, ssl->p_rng ) ) != 0 )
|
p, &n, NULL, NULL ) ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
SSL_DEBUG_RET( 1, "dhm_calc_secret", ret );
|
||||||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
|
||||||
|
Loading…
Reference in New Issue
Block a user