eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'mbedtls-1.3' into development

Browse source 
* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.

Conflicts:
	library/bignum.c
	library/ssl_srv.c
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-17 20:15:36 +02:00
commit 53c76c07de
4 changed files with 46 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

18
library/ssl_srv.c
View file

@ -3235,7 +3235,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
unsigned char ver[2];
unsigned char fake_pms[48], peer_pms[48];
unsigned char mask;
size_t i;
size_t i, diff, peer_pmslen;
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
{
@ -3280,16 +3280,17 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
return( ret );
ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
peer_pms, &ssl->handshake->pmslen,
peer_pms, &peer_pmslen,
sizeof( peer_pms ),
ssl->f_rng, ssl->p_rng );
ret |= ssl->handshake->pmslen - 48;
ret |= peer_pms[0] - ver[0];
ret |= peer_pms[1] - ver[1];
diff = (size_t) ret;
diff |= peer_pmslen ^ 48;
diff |= peer_pms[0] ^ ssl->handshake->max_major_ver;
diff |= peer_pms[1] ^ ssl->handshake->max_minor_ver;
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( ret != 0 )
#if defined(POLARSSL_SSL_DEBUG_ALL)
if( diff != 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
#endif
@ -3301,7 +3302,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
}
ssl->handshake->pmslen = 48;
mask = (unsigned char)( - ( ret != 0 ) ); /* ret ? 0xff : 0x00 */
mask = ( diff | - diff ) >> ( sizeof( size_t ) * 8 - 1 );
mask = (unsigned char)( - ( ret != 0 ) ); /* mask = diff ? 0xff : 0x00 */
for( i = 0; i < ssl->handshake->pmslen; i++ )
pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );