security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

mpi: Avoid data-dependent timing variations in mpi_powm.

Browse source 
* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
(mpi_powm): Access all data in the table and use mpi_set_cond.

--

Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack.  This change fixes
this particular data-dependent access pattern.
This commit is contained in:
NIIBE Yutaka 2015-02-26 21:00:05 +09:00
parent 6186637cc9
commit 6cbc75e712
3 changed files with 82 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/mpi.h
View file

@ -81,6 +81,7 @@ void *mpi_get_opaque( MPI a, unsigned int *len );
void mpi_set_secure( MPI a );
void mpi_clear( MPI a );
void mpi_set( MPI w, MPI u);
void mpi_set_cond( MPI w, MPI u, unsigned long set);
void mpi_set_ui( MPI w, ulong u);
MPI mpi_alloc_set_ui( unsigned long u);
void mpi_m_check( MPI a );