Home GnuPG
Diffusion libgcrypt 34c204279260

rsa: Fix decoding of PKCS#1 v1.5 and OAEP padding.
34c204279260
Actions

Description

rsa: Fix decoding of PKCS#1 v1.5 and OAEP padding.

* src/Makefile.am (libgcrypt_la_SOURCES): Add const-time.h and
const-time.c.
* src/const-time.h (ct_not_equal_byte, sexp_null_cond): New.
(ct_memequal): New from NetBSD, modified return type and name.
* src/const-time.c: New.
* cipher/rsa-common.c (_gcry_rsa_pkcs1_decode_for_enc): Examine whole
sequence of the byte-array.  Use N0 to find the separator position, with
ct_not_equal_byte.  Return the MPI even when the case of an error.
* cipher/rsa-common.c (_gcry_rsa_oaep_decode): Use ct_memequal to
check LHASH.  Examine all the sequence of the byte-array.  Use N1 to
find the separator of 0x01.  Return the MPI even when the case of an
error.
* cipher/rsa.c (rsa_decrypt): Always build a SEXP.

Note: For architecture(s) which may result branch in comparison of
byte, configure script should emit POSSIBLE_BRANCH_IN_BYTE_COMPARISON.

  • Reported-by: Hubert Kario <hkario@redhat.com>
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Oct 27 2023, 7:03 AM
Parents
rCd473d02a0e37: Remove some //-style comments
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
cipher/
src/
const-time.c
missing-string.c

rC34c204279260

View Options

cipher/rsa-common.c

Loading...
View Options

cipher/rsa.c

Loading...
View Options

src/Makefile.am

Loading...
View Options

src/const-time.c

Loading...
View Options

src/const-time.h

Loading...