Home GnuPG

rsa: Fix decoding of PKCS#1 v1.5 and OAEP padding.
45c992020168Unpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

rsa: Fix decoding of PKCS#1 v1.5 and OAEP padding.

* src/Makefile.am (libgcrypt_la_SOURCES): Add const-time.h and
const-time.c.
* src/const-time.h (ct_not_equal_byte, sexp_null_cond): New.
(ct_memequal): New from NetBSD, modified return type and name.
* src/const-time.c: New.
* cipher/rsa-common.c (_gcry_rsa_pkcs1_decode_for_enc): Examine whole
sequence of the byte-array.  Use N0 to find the separator position, with
ct_not_equal_byte.  Return the MPI even when the case of an error.
* cipher/rsa-common.c (_gcry_rsa_oaep_decode): Use ct_memequal to
check LHASH.  Examine all the sequence of the byte-array.  Use N1 to
find the separator of 0x01.  Return the MPI even when the case of an
error.
* cipher/rsa.c (rsa_decrypt): Always build a SEXP.

Cherry-pick master commit of:
34c20427926010d6fa95b1666e4b1b60f60a8742

Note: For architecture(s) which may result branch in comparison of
byte, configure script should emit POSSIBLE_BRANCH_IN_BYTE_COMPARISON.

  • Reported-by: Hubert Kario <hkario@redhat.com>
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Oct 27 2023, 7:03 AM
Parents
rCb115bdf33f2e: Remove some //-style comments
Branches
Unknown
Tags
Unknown

Event Timeline