Home GnuPG
Diffusion GnuPG 6cbc75e71295

mpi: Avoid data-dependent timing variations in mpi_powm.
6cbc75e71295Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

mpi: Avoid data-dependent timing variations in mpi_powm.

* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
(mpi_powm): Access all data in the table and use mpi_set_cond.

Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.

Details

Provenance
gniibeAuthored on Feb 26 2015, 1:00 PM
Parents
rG6186637cc9a4: doc: Add warning note about not acting as an oracle to --batch.
Branches
Unknown
Tags
Unknown

Event Timeline

NIIBE Yutaka <gniibe@fsij.org> committed rG6cbc75e71295: mpi: Avoid data-dependent timing variations in mpi_powm. (authored by NIIBE Yutaka <gniibe@fsij.org>).Feb 26 2015, 1:00 PM

Changes (3)

PathSize
include/
mpi/

rG6cbc75e71295

View Options

include/mpi.h

Loading...
View Options

mpi/mpi-pow.c

Loading...
View Options

mpi/mpiutil.c

Loading...