mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 09:14:14 +01:00
Merge pull request #665 from ARMmbed/dev/yanesca/iotcrypt-958-ecdsa-side-channel-fix-2.16
Backport 2.16: ECDSA side channel fix
This commit is contained in:
commit
3f1c68a1e2
@ -2,6 +2,13 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
|
|
||||||
= mbed TLS 2.16.x branch released xxxx-xx-xx
|
= mbed TLS 2.16.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix side channel vulnerability in ECDSA. Our bignum implementation is not
|
||||||
|
constant time/constant trace, so side channel attacks can retrieve the
|
||||||
|
blinded value, factor it (as it is smaller than RSA keys and not guaranteed
|
||||||
|
to have only large prime factors), and then, by brute force, recover the
|
||||||
|
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
||||||
holding the returned value is overwritten a line after.
|
holding the returned value is overwritten a line after.
|
||||||
|
@ -363,6 +363,7 @@ modn:
|
|||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
|
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
|
||||||
|
Loading…
Reference in New Issue
Block a user