Home GnuPG
Diffusion GnuPG d0d72d98f345

Normalize the MPIs used as input to secret key functions.
d0d72d98f345Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Normalize the MPIs used as input to secret key functions.

* cipher/rsa.c (secret): Normalize the INPUT.
(rsa_decrypt): Pass reduced data to secret.
* cipher/elgamal.c (decrypt): Normalize A and B.
* cipher/dsa.c (sign): Normalize HASH.

mpi_normalize is in general not required because extra leading zeroes
do not harm the computation. However, adding extra all zero limbs or
padding with multiples of N may be useful in side-channel attacks. In
particular they are used by the acoustic crypt-analysis. This is an
extra pre-caution which alone would not be sufficient to mitigate the
described attack.

CVE-id: CVE-2013-4576

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Nov 27 2013, 2:22 PM
Parents
rG93a96e3c0c33: Use blinding for the RSA secret operation.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGd0d72d98f345: Normalize the MPIs used as input to secret key functions. (authored by Werner Koch <wk@gnupg.org>).Dec 3 2013, 9:26 AM

Changes (3)

PathSize
cipher/

rGd0d72d98f345

View Options

cipher/dsa.c

Loading...
View Options

cipher/elgamal.c

Loading...
View Options

cipher/rsa.c

Loading...