mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 09:05:39 +01:00
Move constant time memcmp for signature verification
This commit replaces the ad-hoc code for constant-time double-checking the PKCS1 v1.5 RSA signature by an invocation of `mbedtls_safer_memcmp`.
This commit is contained in:
parent
558477d073
commit
171a8f1c95
@ -71,6 +71,20 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||||||
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* constant-time buffer comparison */
|
||||||
|
static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
const unsigned char *A = (const unsigned char *) a;
|
||||||
|
const unsigned char *B = (const unsigned char *) b;
|
||||||
|
unsigned char diff = 0;
|
||||||
|
|
||||||
|
for( i = 0; i < n; i++ )
|
||||||
|
diff |= A[i] ^ B[i];
|
||||||
|
|
||||||
|
return( diff );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize an RSA context
|
* Initialize an RSA context
|
||||||
*/
|
*/
|
||||||
@ -1162,9 +1176,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||||||
unsigned char *p = sig;
|
unsigned char *p = sig;
|
||||||
const char *oid = NULL;
|
const char *oid = NULL;
|
||||||
unsigned char *sig_try = NULL, *verif = NULL;
|
unsigned char *sig_try = NULL, *verif = NULL;
|
||||||
size_t i;
|
|
||||||
unsigned char diff;
|
|
||||||
volatile unsigned char diff_no_optimize;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
|
||||||
@ -1249,12 +1260,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||||||
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
|
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
|
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
|
||||||
|
|
||||||
/* Compare in constant time just in case */
|
if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 )
|
||||||
for( diff = 0, i = 0; i < ctx->len; i++ )
|
|
||||||
diff |= verif[i] ^ sig[i];
|
|
||||||
diff_no_optimize = diff;
|
|
||||||
|
|
||||||
if( diff_no_optimize != 0 )
|
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
|
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
Loading…
Reference in New Issue
Block a user