Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/wpa/dist/src/crypto Get rid of the branches tha...



details:   https://anonhg.NetBSD.org/src/rev/ddadc8d2594a
branches:  trunk
changeset: 998202:ddadc8d2594a
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Apr 10 17:56:43 2019 +0000

description:
Get rid of the branches that depend on the result of the Legendre
operation. This is needed to avoid leaking information about different
temporary results in blinding mechanisms.

This is related to CVE-2019-9494 and CVE-2019-9495.

diffstat:

 external/bsd/wpa/dist/src/crypto/crypto_openssl.c |  15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diffs (39 lines):

diff -r 90b6d76b1c57 -r ddadc8d2594a external/bsd/wpa/dist/src/crypto/crypto_openssl.c
--- a/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 17:56:13 2019 +0000
+++ b/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Wed Apr 10 17:56:43 2019 +0000
@@ -24,6 +24,7 @@
 #endif /* CONFIG_ECC */
 
 #include "common.h"
+#include "utils/const_time.h"
 #include "wpabuf.h"
 #include "dh_group5.h"
 #include "sha1.h"
@@ -1435,6 +1436,7 @@
        BN_CTX *bnctx;
        BIGNUM *exp = NULL, *tmp = NULL;
        int res = -2;
+       unsigned int mask;
 
        if (TEST_FAIL())
                return -2;
@@ -1453,12 +1455,13 @@
                                       (const BIGNUM *) p, bnctx, NULL))
                goto fail;
 
-       if (BN_is_word(tmp, 1))
-               res = 1;
-       else if (BN_is_zero(tmp))
-               res = 0;
-       else
-               res = -1;
+       /* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
+        * constant time selection to avoid branches here. */
+       res = -1;
+       mask = const_time_eq(BN_is_word(tmp, 1), 1);
+       res = const_time_select_int(mask, 1, res);
+       mask = const_time_eq(BN_is_zero(tmp), 1);
+       res = const_time_select_int(mask, 0, res);
 
 fail:
        BN_clear_free(tmp);



Home | Main Index | Thread Index | Old Index