Remove the blinding later to avoid leaking information on the length

of ckinv. Pointed out and fix suggested by David Schrammel and Samuel Weiser ok jsing
author: tb <> 2019-06-04 18:13:44 +0000
committer: tb <> 2019-06-04 18:13:44 +0000
commit: 071792528ca0cae75abd5ab411ce3728c0729158 (patch)
tree: d4eff2d4d06e570ab32848f8f375af23bf3d482e /src/lib/libcrypto/ecdsa
parent: c37acb14ff755777750095c3edd59e1923c97c17 (diff)
download: openbsd-071792528ca0cae75abd5ab411ce3728c0729158.tar.gz
openbsd-071792528ca0cae75abd5ab411ce3728c0729158.tar.bz2
openbsd-071792528ca0cae75abd5ab411ce3728c0729158.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 791a5c48e1..c9d23013a9 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.19 2019/06/04 18:13:44 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -369,11 +369,11 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
                        ECDSAerror(ERR_R_BN_LIB);
                        goto err;
                }
-                if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = m + xr */
+                if (!BN_mod_mul(s, s, ckinv, order, ctx)) { /* s = b(m + xr)k^-1 */
                        ECDSAerror(ERR_R_BN_LIB);
                        goto err;
                }
-                if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+                if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = (m + xr)k^-1 */
                        ECDSAerror(ERR_R_BN_LIB);
                        goto err;
                }
author	tb <>	2019-06-04 18:13:44 +0000
committer	tb <>	2019-06-04 18:13:44 +0000
commit	071792528ca0cae75abd5ab411ce3728c0729158 (patch)
tree	d4eff2d4d06e570ab32848f8f375af23bf3d482e /src/lib/libcrypto/ecdsa
parent	c37acb14ff755777750095c3edd59e1923c97c17 (diff)
download	openbsd-071792528ca0cae75abd5ab411ce3728c0729158.tar.gz openbsd-071792528ca0cae75abd5ab411ce3728c0729158.tar.bz2 openbsd-071792528ca0cae75abd5ab411ce3728c0729158.zip

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 791a5c48e1..c9d23013a9 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */	1	/* $OpenBSD: ecs_ossl.c,v 1.19 2019/06/04 18:13:44 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -369,11 +369,11 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
369	ECDSAerror(ERR_R_BN_LIB);	369	ECDSAerror(ERR_R_BN_LIB);
370	goto err;	370	goto err;
371	}	371	}
372	if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = m + xr */	372	if (!BN_mod_mul(s, s, ckinv, order, ctx)) { /* s = b(m + xr)k^-1 */
373	ECDSAerror(ERR_R_BN_LIB);	373	ECDSAerror(ERR_R_BN_LIB);
374	goto err;	374	goto err;
375	}	375	}
376	if (!BN_mod_mul(s, s, ckinv, order, ctx)) {	376	if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = (m + xr)k^-1 */
377	ECDSAerror(ERR_R_BN_LIB);	377	ECDSAerror(ERR_R_BN_LIB);
378	goto err;	378	goto err;
379	}	379	}