ecc: Add mitigation against timing attack.

* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Add the order N to K. * mpi/ec.c (_gcry_mpi_ec_mul_point): Compute with NBITS of P or larger. CVE-id: CVE-2019-13627 GnuPG-bug-id: 4626 Co-authored-by: Ján Jančár <johny@neuromancer.sk> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2019-07-17 12:44:50 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2019-08-07 14:26:41 +0900
commit: b9577f7c89b4327edc09f2231bc8b31521102c79 (patch)
tree: 0f110e74421b34fa9ac7868ceb6a3816ed2244ad /mpi/ec.c
parent: 75c2fbc43d2f2cf5f4c60cb28001fda7324185c2 (diff)
download: libgcrypt-b9577f7c89b4327edc09f2231bc8b31521102c79.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 97afbfed..ed936d74 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1509,7 +1509,11 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
       unsigned int nbits;
       int j;
 
-      nbits = mpi_get_nbits (scalar);
+      if (mpi_cmp (scalar, ctx->p) >= 0)
+        nbits = mpi_get_nbits (scalar);
+      else
+        nbits = mpi_get_nbits (ctx->p);
+
       if (ctx->model == MPI_EC_WEIERSTRASS)
         {
           mpi_set_ui (result->x, 1);
author	NIIBE Yutaka <gniibe@fsij.org>	2019-07-17 12:44:50 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2019-08-07 14:26:41 +0900
commit	b9577f7c89b4327edc09f2231bc8b31521102c79 (patch)
tree	0f110e74421b34fa9ac7868ceb6a3816ed2244ad /mpi/ec.c
parent	75c2fbc43d2f2cf5f4c60cb28001fda7324185c2 (diff)
download	libgcrypt-b9577f7c89b4327edc09f2231bc8b31521102c79.tar.gz