39 lines
1.1 KiB
Diff
39 lines
1.1 KiB
Diff
--- wpa_supplicant-2.6-bak/src/crypto/crypto_openssl.c 2019-06-30 21:39:30.605000000 -0400
|
|
+++ wpa_supplicant-2.6/src/crypto/crypto_openssl.c 2019-07-01 02:49:34.765000000 -0400
|
|
@@ -24,6 +24,7 @@
|
|
#endif /* CONFIG_ECC */
|
|
|
|
#include "common.h"
|
|
+#include "utils/const_time.h"
|
|
#include "wpabuf.h"
|
|
#include "dh_group5.h"
|
|
#include "sha1.h"
|
|
@@ -1306,6 +1307,7 @@ int crypto_bignum_legendre(const struct
|
|
BN_CTX *bnctx;
|
|
BIGNUM *exp = NULL, *tmp = NULL;
|
|
int res = -2;
|
|
+ unsigned int mask;
|
|
|
|
if (TEST_FAIL())
|
|
return -2;
|
|
@@ -1324,12 +1326,13 @@ int crypto_bignum_legendre(const struct
|
|
bnctx))
|
|
goto fail;
|
|
|
|
- if (BN_is_word(tmp, 1))
|
|
- res = 1;
|
|
- else if (BN_is_zero(tmp))
|
|
- res = 0;
|
|
- else
|
|
- res = -1;
|
|
+ /* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
|
|
+ * constant time selection to avoid branches here. */
|
|
+ res = -1;
|
|
+ mask = const_time_eq(BN_is_word(tmp, 1), 1);
|
|
+ res = const_time_select_int(mask, 1, res);
|
|
+ mask = const_time_eq(BN_is_zero(tmp), 1);
|
|
+ res = const_time_select_int(mask, 0, res);
|
|
|
|
fail:
|
|
BN_clear_free(tmp);
|