Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (56fb454d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/ec/ec_mult.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -177,8 +177,8 @@ static int ec_mul_consttime(const EC_GROUP group, EC_POINT r,
		*/
		cardinality_bits = BN_num_bits(cardinality);
		group_top = bn_get_top(cardinality);
		if ((bn_wexpand(k, group_top + 1) == NULL)
		\|\| (bn_wexpand(lambda, group_top + 1) == NULL))
		if ((bn_wexpand(k, group_top + 2) == NULL)
		\|\| (bn_wexpand(lambda, group_top + 2) == NULL)) {
		goto err;

		if (!BN_copy(k, scalar))
		@@ -205,7 +205,7 @@ static int ec_mul_consttime(const EC_GROUP group, EC_POINT r,
		* k := scalar + 2*cardinality
		*/
		kbit = BN_is_bit_set(lambda, cardinality_bits);
		BN_consttime_swap(kbit, k, lambda, group_top + 1);
		BN_consttime_swap(kbit, k, lambda, group_top + 2);

		group_top = bn_get_top(group->field);
		if ((bn_wexpand(s->X, group_top) == NULL)