mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 18:45:43 +01:00
047986c2f8
Currently we draw pseudo-random numbers at the beginning and end of the main loop. With ECP_RESTARTABLE, it's possible that between those two occasions we returned from the multiplication function, hence lost our internal DRBG context that lives in this function's stack frame. This would result in the same pseudo-random numbers being used for blinding in multiple places. While it's not immediately clear that this would give rise to an attack, it's also absolutely not clear that it doesn't. So let's avoid that by using a DRBG context that lives inside the restart context and persists across return/resume cycles. That way the RESTARTABLE case uses exactly the same pseudo-random numbers as the non-restartable case. Testing and compile-time options: - The case ECP_RESTARTABLE && !ECP_NO_INTERNAL_RNG is already tested by component_test_no_use_psa_crypto_full_cmake_asan. - The case ECP_RESTARTABLE && ECP_NO_INTERNAL_RNG didn't have a pre-existing test so a component is added. Testing and runtime options: when ECP_RESTARTABLE is enabled, the test suites already contain cases where restart happens and cases where it doesn't (because the operation is short enough or because restart is disabled (NULL restart context)). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> |
||
|---|---|---|
| .. | ||
| .jenkins | ||
| configs | ||
| data_files | ||
| git-scripts | ||
| scripts | ||
| suites | ||
| .gitignore | ||
| CMakeLists.txt | ||
| compat.sh | ||
| Descriptions.txt | ||
| Makefile | ||
| ssl-opt.sh | ||