diff options
| author | marha <marha@users.sourceforge.net> | 2011-09-30 08:40:25 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2011-09-30 08:40:25 +0200 |
| commit | 60adbfdea1ee754341d64454274e7aa83bae8971 (patch) | |
| tree | 1b56329c88f1a881b0e7297bb4283cfbb7e39c97 /openssl/crypto/ecdsa | |
| parent | af72dcd109d7610b96863035541250997c7a172e (diff) | |
| download | vcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.tar.gz vcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.tar.bz2 vcxsrv-60adbfdea1ee754341d64454274e7aa83bae8971.zip | |
Upgraded to openssl-1.0.0e
Diffstat (limited to 'openssl/crypto/ecdsa')
| -rw-r--r-- | openssl/crypto/ecdsa/ecdsatest.c | 5 | ||||
| -rw-r--r-- | openssl/crypto/ecdsa/ecs_ossl.c | 8 |
2 files changed, 10 insertions, 3 deletions
diff --git a/openssl/crypto/ecdsa/ecdsatest.c b/openssl/crypto/ecdsa/ecdsatest.c index aa4e1481a..26a4a9ee7 100644 --- a/openssl/crypto/ecdsa/ecdsatest.c +++ b/openssl/crypto/ecdsa/ecdsatest.c @@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num) return 0; } fbytes_counter ++; - ret = BN_bn2bin(tmp, buf); - if (ret == 0 || ret != num) + if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) ret = 0; - else + else ret = 1; if (tmp) BN_free(tmp); diff --git a/openssl/crypto/ecdsa/ecs_ossl.c b/openssl/crypto/ecdsa/ecs_ossl.c index 551cf5068..1bbf328de 100644 --- a/openssl/crypto/ecdsa/ecs_ossl.c +++ b/openssl/crypto/ecdsa/ecs_ossl.c @@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, } while (BN_is_zero(k)); + /* We do not want timing information to leak the length of k, + * so we compute G*k using an equivalent scalar of fixed + * bit-length. */ + + if (!BN_add(k, k, order)) goto err; + if (BN_num_bits(k) <= BN_num_bits(order)) + if (!BN_add(k, k, order)) goto err; + /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { |