This commit was generated by cvs2git to track changes on a CVS vendor

branch.
author: djm <> 2011-11-03 02:32:23 +0000
committer: djm <> 2011-11-03 02:32:23 +0000
commit: fa3384eda96e42a23f6d3208998246abda2535c1 (patch)
tree: d7ee8f9bcd8062ffa41dd1e250e04de24159ee80 /src/lib/libcrypto/ecdsa/ecs_ossl.c
parent: 154527e9cde3004ed29ea1316880670ec73dcafa (diff)
parent: 113f799ec7d1728f0a5d7ab5b0e3b42e3de56407 (diff)
download: openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.tar.gz
openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.tar.bz2
openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 551cf5068f..1bbf328de5 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                        }
                while (BN_is_zero(k));
+                /* We do not want timing information to leak the length of k,
+                 * so we compute G*k using an equivalent scalar of fixed
+                 * bit-length. */
+                if (!BN_add(k, k, order)) goto err;
+                if (BN_num_bits(k) <= BN_num_bits(order))
+                        if (!BN_add(k, k, order)) goto err;
                /* compute r the x-coordinate of generator * k */
                if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
                {
author	djm <>	2011-11-03 02:32:23 +0000
committer	djm <>	2011-11-03 02:32:23 +0000
commit	fa3384eda96e42a23f6d3208998246abda2535c1 (patch)
tree	d7ee8f9bcd8062ffa41dd1e250e04de24159ee80 /src/lib/libcrypto/ecdsa/ecs_ossl.c
parent	154527e9cde3004ed29ea1316880670ec73dcafa (diff)
parent	113f799ec7d1728f0a5d7ab5b0e3b42e3de56407 (diff)
download	openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.tar.gz openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.tar.bz2 openbsd-fa3384eda96e42a23f6d3208998246abda2535c1.zip

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 551cf5068f..1bbf328de5 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY eckey, BN_CTX ctx_in, BIGNUM **kinvp,
144	}	144	}
145	while (BN_is_zero(k));	145	while (BN_is_zero(k));
146		146
		147	/* We do not want timing information to leak the length of k,
		148	* so we compute G*k using an equivalent scalar of fixed
		149	* bit-length. */
		150
		151	if (!BN_add(k, k, order)) goto err;
		152	if (BN_num_bits(k) <= BN_num_bits(order))
		153	if (!BN_add(k, k, order)) goto err;
		154
147	/* compute r the x-coordinate of generator * k */	155	/* compute r the x-coordinate of generator * k */
148	if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))	156	if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
149	{	157	{