Changeset View
Changeset View
Standalone View
Standalone View
security/openssl-chelsio/files/patch-CVE-2018-0735
- This file was added.
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
Timing vulnerability in ECDSA signature generation (CVE-2018-0735) | |||||
Preallocate an extra limb for some of the big numbers to avoid a reallocation | |||||
that can potentially provide a side channel. | |||||
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> | |||||
(Merged from #7486) | |||||
(cherry picked from commit 99540ec) | |||||
https://www.openssl.org/news/secadv/20181029.txt | |||||
--- crypto/ec/ec_mult.c.orig 2018-09-11 12:48:21 UTC | |||||
+++ crypto/ec/ec_mult.c | |||||
@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP | |||||
*/ | |||||
cardinality_bits = BN_num_bits(cardinality); | |||||
group_top = bn_get_top(cardinality); | |||||
- if ((bn_wexpand(k, group_top + 1) == NULL) | |||||
- || (bn_wexpand(lambda, group_top + 1) == NULL)) { | |||||
+ if ((bn_wexpand(k, group_top + 2) == NULL) | |||||
+ || (bn_wexpand(lambda, group_top + 2) == NULL)) { | |||||
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); | |||||
goto err; | |||||
} | |||||
@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP | |||||
* k := scalar + 2*cardinality | |||||
*/ | |||||
kbit = BN_is_bit_set(lambda, cardinality_bits); | |||||
- BN_consttime_swap(kbit, k, lambda, group_top + 1); | |||||
+ BN_consttime_swap(kbit, k, lambda, group_top + 2); | |||||
group_top = bn_get_top(group->field); | |||||
if ((bn_wexpand(s->X, group_top) == NULL) |