Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a timing leak in ecp_mul_mxz() - 2.28 backport #6492

Merged
merged 1 commit into from
Oct 27, 2022
Merged

Fix a timing leak in ecp_mul_mxz() - 2.28 backport #6492

merged 1 commit into from
Oct 27, 2022
+1 −1

Conversation

daverodgman
Copy link
Contributor

@daverodgman daverodgman commented Oct 27, 2022
edited
Loading

Trivial backport of #5841
Changelog: Not needed

@aurel32 @daverodgman
Fix a timing leak in ecp_mul_mxz()
edc110d 
The bit length of m is leaked through through timing in ecp_mul_mxz().
Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has
been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR.
See: Mbed-TLS#3245 (comment)

Fix that by using grp->nbits + 1 instead, which anyway is very close to
the length of m, which means there is no significant performance impact.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
@daverodgman daverodgman mentioned this pull request Oct 27, 2022
Merged
4 tasks
@daverodgman daverodgman changed the title Fix a timing leak in ecp_mul_mxz() Fix a timing leak in ecp_mul_mxz() - 2.28 backport Oct 27, 2022
@daverodgman daverodgman requested a review from mpg October 27, 2022 11:01
@daverodgman daverodgman added bug needs-review Every commit must be reviewed by at least two team members, needs-ci Needs to pass CI tests size-s Estimated task size: small (~2d) single-reviewer This PR qualifies for having only one reviewer priority-medium Medium priority - this can be reviewed as time permits component-crypto Crypto primitives and low-level interfaces and removed needs-ci Needs to pass CI tests labels Oct 27, 2022
@daverodgman daverodgman removed the request for review from mpg October 27, 2022 16:39
@daverodgman daverodgman added the needs-reviewer This PR needs someone to pick it up for review label Oct 27, 2022
gilles-peskine-arm
gilles-peskine-arm approved these changes Oct 27, 2022
View reviewed changes
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved as a faithful backport of #5841, no need to do anything different in 2.28.

@gilles-peskine-arm gilles-peskine-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Oct 27, 2022
@gilles-peskine-arm gilles-peskine-arm merged commit e0917c0 into Mbed-TLS:mbedtls-2.28 Oct 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gilles-peskine-arm gilles-peskine-arm

Assignees
No one assigned
Labels
approved Design and code approved - may be waiting for CI or backports bug component-crypto Crypto primitives and low-level interfaces priority-medium Medium priority - this can be reviewed as time permits single-reviewer This PR qualifies for having only one reviewer size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@daverodgman @gilles-peskine-arm @aurel32