Home GnuPG
Diffusion libgcrypt dec048b2ec79

cipher: Normalize the MPIs used as input to secret key functions.
dec048b2ec79Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

cipher: Normalize the MPIs used as input to secret key functions.

* cipher/dsa.c (sign): Normalize INPUT.
* cipher/elgamal.c (decrypt): Normalize A and B.
* cipher/rsa.c (secret): Normalize the INPUT.
(rsa_decrypt): Reduce DATA before passing to secret.

mpi_normalize is in general not required because extra leading zeroes
do not harm the computation. However, adding extra all zero limbs or
padding with multiples of N may be useful in side-channel attacks.
This is an extra pre-caution in case RSA blinding has been disabled.

CVE-id: CVE-2013-4576

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Dec 16 2013, 9:22 AM
Parents
rC953535a7de68: Change dummy variable in mpih-div.c to mpi_limb_t type
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rCdec048b2ec79: cipher: Normalize the MPIs used as input to secret key functions. (authored by Werner Koch <wk@gnupg.org>).Dec 16 2013, 11:44 AM

Changes (3)

PathSize
cipher/

rCdec048b2ec79

View Options

cipher/dsa.c

Loading...
View Options

cipher/elgamal.c

Loading...
View Options

cipher/rsa.c

Loading...