diff options
| author | tb <> | 2023-07-03 14:51:09 +0000 |
|---|---|---|
| committer | tb <> | 2023-07-03 14:51:09 +0000 |
| commit | a16bf3b65a06ce3dfb501497e091210ecb1548ce (patch) | |
| tree | be51ec1e1a3ad069db20c45bcf902ae3d9702e6b /src/lib | |
| parent | 556ac59e012f4b9c05b4a8fec4d7245bbd9dc1a3 (diff) | |
| download | openbsd-a16bf3b65a06ce3dfb501497e091210ecb1548ce.tar.gz openbsd-a16bf3b65a06ce3dfb501497e091210ecb1548ce.tar.bz2 openbsd-a16bf3b65a06ce3dfb501497e091210ecb1548ce.zip | |
sign_sig: drop ckinv
The only reason ckinv exists is to be able to avoid a copy. This copy
leaks some timing info, that will be mitigated in a subsequent step.
It is an unused or at least uncommonly used codepath.
ok jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/ecdsa/ecs_ossl.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index d935d237ba..2140f8a8e1 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecs_ossl.c,v 1.60 2023/07/03 13:53:54 tb Exp $ */ | 1 | /* $OpenBSD: ecs_ossl.c,v 1.61 2023/07/03 14:51:09 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project | 3 | * Written by Nils Larsch for the OpenSSL project |
| 4 | */ | 4 | */ |
| @@ -274,7 +274,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, | |||
| 274 | BN_CTX *ctx = NULL; | 274 | BN_CTX *ctx = NULL; |
| 275 | BIGNUM *kinv = NULL, *r = NULL, *s = NULL; | 275 | BIGNUM *kinv = NULL, *r = NULL, *s = NULL; |
| 276 | BIGNUM *b, *binv, *bm, *bxr, *m; | 276 | BIGNUM *b, *binv, *bm, *bxr, *m; |
| 277 | const BIGNUM *ckinv, *order, *priv_key; | 277 | const BIGNUM *order, *priv_key; |
| 278 | int caller_supplied_values = 0; | 278 | int caller_supplied_values = 0; |
| 279 | int attempts = 0; | 279 | int attempts = 0; |
| 280 | ECDSA_SIG *sig = NULL; | 280 | ECDSA_SIG *sig = NULL; |
| @@ -331,7 +331,10 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, | |||
| 331 | */ | 331 | */ |
| 332 | caller_supplied_values = 1; | 332 | caller_supplied_values = 1; |
| 333 | 333 | ||
| 334 | ckinv = in_kinv; | 334 | if ((kinv = BN_dup(in_kinv)) == NULL) { |
| 335 | ECDSAerror(ERR_R_MALLOC_FAILURE); | ||
| 336 | goto err; | ||
| 337 | } | ||
| 335 | if (!bn_copy(r, in_r)) { | 338 | if (!bn_copy(r, in_r)) { |
| 336 | ECDSAerror(ERR_R_MALLOC_FAILURE); | 339 | ECDSAerror(ERR_R_MALLOC_FAILURE); |
| 337 | goto err; | 340 | goto err; |
| @@ -344,7 +347,6 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, | |||
| 344 | ECDSAerror(ERR_R_ECDSA_LIB); | 347 | ECDSAerror(ERR_R_ECDSA_LIB); |
| 345 | goto err; | 348 | goto err; |
| 346 | } | 349 | } |
| 347 | ckinv = kinv; | ||
| 348 | } | 350 | } |
| 349 | 351 | ||
| 350 | /* | 352 | /* |
| @@ -386,7 +388,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, | |||
| 386 | ECDSAerror(ERR_R_BN_LIB); | 388 | ECDSAerror(ERR_R_BN_LIB); |
| 387 | goto err; | 389 | goto err; |
| 388 | } | 390 | } |
| 389 | if (!BN_mod_mul(s, s, ckinv, order, ctx)) { /* s = b(m + xr)k^-1 */ | 391 | if (!BN_mod_mul(s, s, kinv, order, ctx)) { /* s = b(m + xr)k^-1 */ |
| 390 | ECDSAerror(ERR_R_BN_LIB); | 392 | ECDSAerror(ERR_R_BN_LIB); |
| 391 | goto err; | 393 | goto err; |
| 392 | } | 394 | } |