Merge pull request #2982 from SparkiDev/ecc_sc

ECC now calls mp_submod_ct and mp_addmod_ct
2026-01-30 02:42:13 +01:00 · 2020-08-11 09:26:56 -07:00
parent 8b7f588aaf 6467de5a88
commit 4e6bc02257
15 changed files with 1148 additions and 364 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -4243,7 +4243,13 @@ int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
    else
 #endif
    {
-        ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) && \
+    !defined(HAVE_SELFTEST)
+        ret = wc_ecc_set_rng(priv_key, ssl->rng);
+        if (ret == 0)
+#endif
+            ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
    }

    /* Handle async pending response */
--- a/src/tls.c
+++ b/src/tls.c
@@ -7509,6 +7509,15 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
    }
    ssl->ecdhCurveOID = ssl->peerEccKey->dp->oidSum;

+#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) && \
+    !defined(HAVE_SELFTEST)
+    ret = wc_ecc_set_rng(keyShareKey, ssl->rng);
+    if (ret != 0) {
+        return ret;
+    }
+#endif
+
    do {
    #if defined(WOLFSSL_ASYNC_CRYPT)
        ret = wc_AsyncWait(ret, &keyShareKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);