feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3711 from dgarske/ecc_encrypt_rng

Browse Source 
Fix for `--enable-eccencrypt` with timing resistance enabled
This commit is contained in:
toddouska
2021-02-11 12:28:13 -08:00
committed by GitHub
parent 80b9949052 72a8a1069a
commit 3eeeb39fb7
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
wolfcrypt/src/ecc.c
View File

@ -10347,6 +10347,7 @@ struct ecEncCtx {
byte protocol; /* are we REQ_RESP client or server ? */
byte cliSt; /* protocol state, for sanity checks */
byte srvSt; /* protocol state, for sanity checks */
WC_RNG* rng;
};
@ -10444,20 +10445,20 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
}
static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng)
static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags)
{
byte* saltBuffer = NULL;
if (ctx == NULL || rng == NULL || flags == 0)
if (ctx == NULL || flags == 0)
return BAD_FUNC_ARG;
saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt;
return wc_RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ);
return wc_RNG_GenerateBlock(ctx->rng, saltBuffer, EXCHANGE_SALT_SZ);
}
static void ecc_ctx_init(ecEncCtx* ctx, int flags)
static void ecc_ctx_init(ecEncCtx* ctx, int flags, WC_RNG* rng)
{
if (ctx) {
XMEMSET(ctx, 0, sizeof(ecEncCtx));
@ -10466,6 +10467,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags)
ctx->kdfAlgo = ecHKDF_SHA256;
ctx->macAlgo = ecHMAC_SHA256;
ctx->protocol = (byte)flags;
ctx->rng = rng;
if (flags == REQ_RESP_CLIENT)
ctx->cliSt = ecCLI_INIT;
@ -10481,8 +10483,8 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
if (ctx == NULL || rng == NULL)
return BAD_FUNC_ARG;
ecc_ctx_init(ctx, ctx->protocol);
return ecc_ctx_set_salt(ctx, ctx->protocol, rng);
ecc_ctx_init(ctx, ctx->protocol, rng);
return ecc_ctx_set_salt(ctx, ctx->protocol);
}
@ -10586,7 +10588,7 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
return BAD_FUNC_ARG;
if (ctx == NULL) { /* use defaults */
ecc_ctx_init(&localCtx, 0);
ecc_ctx_init(&localCtx, 0, NULL);
ctx = &localCtx;
}
@ -10620,6 +10622,11 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (*outSz < (msgSz + digestSz))
return BUFFER_E;
#ifdef ECC_TIMING_RESISTANT
if (ctx->rng != NULL && privKey->rng == NULL)
privKey->rng = ctx->rng;
#endif
#ifdef WOLFSSL_SMALL_STACK
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (sharedSecret == NULL)
@ -10779,7 +10786,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
return BAD_FUNC_ARG;
if (ctx == NULL) { /* use defaults */
ecc_ctx_init(&localCtx, 0);
ecc_ctx_init(&localCtx, 0, NULL);
ctx = &localCtx;
}
@ -10813,6 +10820,11 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
if (*outSz < (msgSz - digestSz))
return BUFFER_E;
#ifdef ECC_TIMING_RESISTANT
if (ctx->rng != NULL && privKey->rng == NULL)
privKey->rng = ctx->rng;
#endif
#ifdef WOLFSSL_SMALL_STACK
sharedSecret = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (sharedSecret == NULL)