Changeset View
Changeset View
Standalone View
Standalone View
security/openssl-chelsio/files/patch-CVE-2018-0735
- This file was added.
| Property | Old Value | New Value |
|---|---|---|
| fbsd:nokeywords | null | yes \ No newline at end of property |
| svn:eol-style | null | native \ No newline at end of property |
| svn:mime-type | null | text/plain \ No newline at end of property |
| Timing vulnerability in ECDSA signature generation (CVE-2018-0735) | |||||
| Preallocate an extra limb for some of the big numbers to avoid a reallocation | |||||
| that can potentially provide a side channel. | |||||
| Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> | |||||
| (Merged from #7486) | |||||
| (cherry picked from commit 99540ec) | |||||
| https://www.openssl.org/news/secadv/20181029.txt | |||||
| --- crypto/ec/ec_mult.c.orig 2018-09-11 12:48:21 UTC | |||||
| +++ crypto/ec/ec_mult.c | |||||
| @@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP | |||||
| */ | |||||
| cardinality_bits = BN_num_bits(cardinality); | |||||
| group_top = bn_get_top(cardinality); | |||||
| - if ((bn_wexpand(k, group_top + 1) == NULL) | |||||
| - || (bn_wexpand(lambda, group_top + 1) == NULL)) { | |||||
| + if ((bn_wexpand(k, group_top + 2) == NULL) | |||||
| + || (bn_wexpand(lambda, group_top + 2) == NULL)) { | |||||
| ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); | |||||
| goto err; | |||||
| } | |||||
| @@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP | |||||
| * k := scalar + 2*cardinality | |||||
| */ | |||||
| kbit = BN_is_bit_set(lambda, cardinality_bits); | |||||
| - BN_consttime_swap(kbit, k, lambda, group_top + 1); | |||||
| + BN_consttime_swap(kbit, k, lambda, group_top + 2); | |||||
| group_top = bn_get_top(group->field); | |||||
| if ((bn_wexpand(s->X, group_top) == NULL) | |||||