mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
Normalize the MPIs used as input to secret key functions.
* cipher/rsa.c (secret): Normalize the INPUT. (rsa_decrypt): Pass reduced data to secret. * cipher/elgamal.c (decrypt): Normalize A and B. * cipher/dsa.c (sign): Normalize HASH. -- mpi_normalize is in general not required because extra leading zeroes do not harm the computation. However, adding extra all zero limbs or padding with multiples of N may be useful in side-channel attacks. In particular they are used by the acoustic crypt-analysis. This is an extra pre-caution which alone would not be sufficient to mitigate the described attack. CVE-id: CVE-2013-4576 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
93a96e3c0c
commit
d0d72d98f3
3 changed files with 25 additions and 6 deletions
|
@ -274,7 +274,7 @@ check_secret_key( DSA_secret_key *sk )
|
|||
/****************
|
||||
* Make a DSA signature from HASH and put it into r and s.
|
||||
*
|
||||
* Without generating the k this function runs in
|
||||
* Without generating the k this function runs in
|
||||
* about 26ms on a 300 Mhz Mobile Pentium
|
||||
*/
|
||||
|
||||
|
@ -285,6 +285,8 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey )
|
|||
MPI kinv;
|
||||
MPI tmp;
|
||||
|
||||
mpi_normalize (hash);
|
||||
|
||||
/* select a random k with 0 < k < q */
|
||||
k = gen_k( skey->q );
|
||||
|
||||
|
@ -311,7 +313,7 @@ sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey )
|
|||
/****************
|
||||
* Returns true if the signature composed from R and S is valid.
|
||||
*
|
||||
* Without the checks this function runs in
|
||||
* Without the checks this function runs in
|
||||
* about 31ms on a 300 Mhz Mobile Pentium
|
||||
*/
|
||||
static int
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue