From 6873ed407bbd1fe6c075ba24d4b713e732e6d721 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 3 Jul 2023 14:51:09 +0000 Subject: [PATCH] sign_sig: drop ckinv The only reason ckinv exists is to be able to avoid a copy. This copy leaks some timing info, that will be mitigated in a subsequent step. It is an unused or at least uncommonly used codepath. ok jsing --- lib/libcrypto/ecdsa/ecs_ossl.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index d935d237bab..2140f8a8e1f 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.60 2023/07/03 13:53:54 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.61 2023/07/03 14:51:09 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -274,7 +274,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, BN_CTX *ctx = NULL; BIGNUM *kinv = NULL, *r = NULL, *s = NULL; BIGNUM *b, *binv, *bm, *bxr, *m; - const BIGNUM *ckinv, *order, *priv_key; + const BIGNUM *order, *priv_key; int caller_supplied_values = 0; int attempts = 0; ECDSA_SIG *sig = NULL; @@ -331,7 +331,10 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, */ caller_supplied_values = 1; - ckinv = in_kinv; + if ((kinv = BN_dup(in_kinv)) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } if (!bn_copy(r, in_r)) { ECDSAerror(ERR_R_MALLOC_FAILURE); goto err; @@ -344,7 +347,6 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSAerror(ERR_R_ECDSA_LIB); goto err; } - ckinv = kinv; } /* @@ -386,7 +388,7 @@ ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSAerror(ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { /* s = b(m + xr)k^-1 */ + if (!BN_mod_mul(s, s, kinv, order, ctx)) { /* s = b(m + xr)k^-1 */ ECDSAerror(ERR_R_BN_LIB); goto err; } -- 2.20.1