From e3277c19b7f484e260306afc2bc9e58afffa7e21 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 10 Jan 2017 15:00:00 -0700 Subject: [PATCH] fix location in tfm.c that could result in potential cache attack --- wolfcrypt/src/tfm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 499c6a6c0..cfb647fb1 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -480,12 +480,11 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C) pa = FP_SIZE-1; } - if (A == C || B == C) { + /* Always take branch to use tmp variable. This avoids a cache attack for + * determining if C equals A */ + if (1) { fp_init(&tmp); dst = &tmp; - } else { - fp_zero(C); - dst = C; } for (ix = 0; ix < pa; ix++) {