mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 15:15:47 +01:00
Fix side channel vulnerability in ECDSA
This commit is contained in:
parent
e9ae6305ea
commit
4c3408b140
@ -2724,6 +2724,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||
{
|
||||
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||
int count = 0;
|
||||
int cmp = 0;
|
||||
|
||||
/*
|
||||
* Match the procedure given in RFC 6979 (deterministic ECDSA):
|
||||
@ -2734,6 +2735,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||
*/
|
||||
do
|
||||
{
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
|
||||
|
||||
@ -2748,9 +2750,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
|
||||
*/
|
||||
if( ++count > 30 )
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
|
||||
ret = mbedtls_mpi_cmp_mpi_ct( d, &grp->N, &cmp );
|
||||
if( ret != 0 )
|
||||
{
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
|
||||
mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
|
||||
while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp >= 0 );
|
||||
}
|
||||
#endif /* ECP_SHORTWEIERSTRASS */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user