Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/wpa/dist/src/crypto Get rid of the branches tha...
details: https://anonhg.NetBSD.org/src/rev/453d2dca1bf5
branches: trunk
changeset: 455706:453d2dca1bf5
user: christos <christos%NetBSD.org@localhost>
date: Wed Apr 10 17:56:43 2019 +0000
description:
Get rid of the branches that depend on the result of the Legendre
operation. This is needed to avoid leaking information about different
temporary results in blinding mechanisms.
This is related to CVE-2019-9494 and CVE-2019-9495.
diffstat:
external/bsd/wpa/dist/src/crypto/crypto_openssl.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diffs (39 lines):
diff -r a04afd58c57d -r 453d2dca1bf5 external/bsd/wpa/dist/src/crypto/crypto_openssl.c
--- a/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 17:56:13 2019 +0000
+++ b/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 17:56:43 2019 +0000
@@ -24,6 +24,7 @@
#endif /* CONFIG_ECC */
#include "common.h"
+#include "utils/const_time.h"
#include "wpabuf.h"
#include "dh_group5.h"
#include "sha1.h"
@@ -1435,6 +1436,7 @@
BN_CTX *bnctx;
BIGNUM *exp = NULL, *tmp = NULL;
int res = -2;
+ unsigned int mask;
if (TEST_FAIL())
return -2;
@@ -1453,12 +1455,13 @@
(const BIGNUM *) p, bnctx, NULL))
goto fail;
- if (BN_is_word(tmp, 1))
- res = 1;
- else if (BN_is_zero(tmp))
- res = 0;
- else
- res = -1;
+ /* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
+ * constant time selection to avoid branches here. */
+ res = -1;
+ mask = const_time_eq(BN_is_word(tmp, 1), 1);
+ res = const_time_select_int(mask, 1, res);
+ mask = const_time_eq(BN_is_zero(tmp), 1);
+ res = const_time_select_int(mask, 0, res);
fail:
BN_clear_free(tmp);
Home |
Main Index |
Thread Index |
Old Index