CVS commit: src/external/bsd/wpa/dist/src/crypto

["Christos Zoulas" <christos%netbsd.org@localhost>]

Module Name:    src
Committed By:   christos
Date:           Wed Apr 10 17:55:31 UTC 2019

Modified Files:
        src/external/bsd/wpa/dist/src/crypto: crypto_openssl.c

Log Message:
This helps in reducing measurable timing differences in operations
involving private information. BoringSSL has removed BN_FLG_CONSTTIME
and expects specific constant time functions to be called instead, so a
bit different approach is needed depending on which library is used.

The main operation that needs protection against side channel attacks is
BN_mod_exp() that depends on private keys (the public key validation
step in crypto_dh_derive_secret() is an exception that can use the
faster version since it does not depend on private keys).

crypto_bignum_div() is currently used only in SAE FFC case with not
safe-prime groups and only with values that do not depend on private
keys, so it is not critical to protect it.

crypto_bignum_inverse() is currently used only in SAE FFC PWE
derivation. The additional protection here is targeting only OpenSSL.
BoringSSL may need conversion to using BN_mod_inverse_blinded().

This is related to CVE-2019-9494 and CVE-2019-9495.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 \
    src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.