From a4b421819bb9e767f445bdec27f22a6fea0a01f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Dec 2019 10:29:58 +0100 Subject: [PATCH] Fix way to access the RNG for ECDSA counter-measures Duplicating the g_rng_function variable in ecc_dsa.c means it's not the same as set in ecc.c, resulting if no randomisation here. The proper way to access the RNG function from outside ecc.c is uECC_get_rng(), so use that. This is a side-port of upstream commit 87d74dd8d64a99aaa188961fe763d0841c5abfef I've verified that there are no other occurrences (the duplication of g_rng_function in ecc_dh.c had already been removed earlier when centralising projective coordinate randomisation to mult_safer()). --- tinycrypt/ecc_dsa.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index 67b33a461..f1620d08f 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -68,12 +68,6 @@ #include #include "mbedtls/platform_util.h" -#if default_RNG_defined -static uECC_RNG_Function g_rng_function = &default_CSPRNG; -#else -static uECC_RNG_Function g_rng_function = 0; -#endif - static void bits2int(uECC_word_t *native, const uint8_t *bits, unsigned bits_size, uECC_Curve curve) { @@ -132,7 +126,7 @@ int uECC_sign_with_k(const uint8_t *private_key, const uint8_t *message_hash, /* If an RNG function was specified, get a random number to prevent side channel analysis of k. */ - if (!g_rng_function) { + if (!uECC_get_rng()) { uECC_vli_clear(tmp); tmp[0] = 1; }