diff options
| author |   tb <tb@openbsd.org> | 2019-06-04 18:13:44 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2019-06-04 18:13:44 +0000 |
| commit | eb2dca2073870073536057ba5bdbe19cb230cf52 (patch) | |
| tree | 7d1e85d0d52da9632d7a20dd9a5bfab50bbed50b /lib/libcrypto/ecdsa | |
| parent | Readability tweaks for comments that explain the blinding. (diff) | |
| download | wireguard-openbsd-eb2dca2073870073536057ba5bdbe19cb230cf52.tar.xz wireguard-openbsd-eb2dca2073870073536057ba5bdbe19cb230cf52.zip | |
Remove the blinding later to avoid leaking information on the length
of ckinv.
Pointed out and fix suggested by David Schrammel and Samuel Weiser
ok jsing
Diffstat (limited to 'lib/libcrypto/ecdsa')
| -rw-r--r-- | lib/libcrypto/ecdsa/ecs_ossl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/ecdsa/ecs_ossl.c b/lib/libcrypto/ecdsa/ecs_ossl.c index 791a5c48e1f..c9d23013a99 100644 --- a/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.19 2019/06/04 18:13:44 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -369,11 +369,11 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerror(ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = m + xr */ + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { /* s = b(m + xr)k^-1 */ ECDSAerror(ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = (m + xr)k^-1 */ ECDSAerror(ERR_R_BN_LIB); goto err; } |