Module Name: src
Committed By: christos
Date: Wed Apr 10 17:55:31 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/crypto: crypto_openssl.c
Log Message:
This helps in reducing measurable timing differences in operations
involving private information. BoringSSL has removed BN_FLG_CONSTTIME
and expects specific constant time functions to be called instead, so a
bit different approach is needed depending on which library is used.
The main operation that needs protection against side channel attacks is
BN_mod_exp() that depends on private keys (the public key validation
step in crypto_dh_derive_secret() is an exception that can use the
faster version since it does not depend on private keys).
crypto_bignum_div() is currently used only in SAE FFC case with not
safe-prime groups and only with values that do not depend on private
keys, so it is not critical to protect it.
crypto_bignum_inverse() is currently used only in SAE FFC PWE
derivation. The additional protection here is targeting only OpenSSL.
BoringSSL may need conversion to using BN_mod_inverse_blinded().
This is related to CVE-2019-9494 and CVE-2019-9495.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.7 -r1.2 \
src/external/bsd/wpa/dist/src/crypto/crypto_openssl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
