mpi: Avoid data-dependent timing variations in mpi_powm.
6636c4fd0c6cUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

mpi: Avoid data-dependent timing variations in mpi_powm.

* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
mpi_set_cond.

Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.

Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287
in LIBGCRYPT-1-6-BRANCH.

Details

Provenance

• gniibe

Authored on Feb 26 2015, 1:07 PM

Parents

rC1fa8cdb93350: mpi: Revise mpi_powm.

Branches

Unknown

Tags

Unknown

Event Timeline

NIIBE Yutaka <gniibe@fsij.org> committed rC6636c4fd0c6c: mpi: Avoid data-dependent timing variations in mpi_powm. (authored by NIIBE Yutaka <gniibe@fsij.org>).Feb 27 2015, 6:06 AM

Changes (1)

Path

Size

mpi/

mpi-pow.c

rC6636c4fd0c6c

View Options

mpi: Avoid data-dependent timing variations in mpi_powm.6636c4fd0c6cUnpublishedActions