aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/ecdsa
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2011-09-30 08:40:25 +0200
committermarha <marha@users.sourceforge.net>2011-09-30 08:40:25 +0200
commit60adbfdea1ee754341d64454274e7aa83bae8971 (patch)
tree1b56329c88f1a881b0e7297bb4283cfbb7e39c97 /openssl/crypto/ecdsa
parentaf72dcd109d7610b96863035541250997c7a172e (diff)
downloadvcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.tar.gz
vcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.tar.bz2
vcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.zip
Upgraded to openssl-1.0.0e
Diffstat (limited to 'openssl/crypto/ecdsa')
-rw-r--r--openssl/crypto/ecdsa/ecdsatest.c5
-rw-r--r--openssl/crypto/ecdsa/ecs_ossl.c8
2 files changed, 10 insertions, 3 deletions
diff --git a/openssl/crypto/ecdsa/ecdsatest.c b/openssl/crypto/ecdsa/ecdsatest.c
index aa4e1481a..26a4a9ee7 100644
--- a/openssl/crypto/ecdsa/ecdsatest.c
+++ b/openssl/crypto/ecdsa/ecdsatest.c
@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
return 0;
}
fbytes_counter ++;
- ret = BN_bn2bin(tmp, buf);
- if (ret == 0 || ret != num)
+ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
ret = 0;
- else
+ else
ret = 1;
if (tmp)
BN_free(tmp);
diff --git a/openssl/crypto/ecdsa/ecs_ossl.c b/openssl/crypto/ecdsa/ecs_ossl.c
index 551cf5068..1bbf328de 100644
--- a/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/openssl/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
}
while (BN_is_zero(k));
+ /* We do not want timing information to leak the length of k,
+ * so we compute G*k using an equivalent scalar of fixed
+ * bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
+
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{