mpi_powm changes and t-sexp.c change of mine
NIIBE Yutaka
gniibe at fsij.org
Fri Feb 27 09:29:49 CET 2015
Hello,
I pushed three changes to master. Two are forward port from 1.6
branch, and the last one is the one I found by running test program
with valgrind.
commit 505decf5369970219ddc9e78a20f97c623957b78
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Fri Feb 27 17:24:49 2015 +0900
tests: fix t-sexp.c.
* tests/t-sexp.c (bug_1594): Free N and PUBKEY.
commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Feb 26 21:07:01 2015 +0900
mpi: Avoid data-dependent timing variations in mpi_powm.
* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
mpi_set_cond.
--
Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack. This change fixes
this particular data-dependent access pattern.
Cherry-picked from commit 5e72b6c76ebee720f69b8a5c212f52d38eb50287
in LIBGCRYPT-1-6-BRANCH.
commit 1fa8cdb933505960d4e4b4842b122d4e06953e88
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Wed Feb 11 22:30:02 2015 +0900
mpi: Revise mpi_powm.
* mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.
--
The name of precomputed table was b_2i3 which stands for BASE^(2*I+3).
But it's too cryptic, so, it's renamed. Besides, we needed to
distinguish the case of I==0, that was not good. Since it's OK to
increase the size of table by one, it's BASE^(2*I+1), now.
--
More information about the Gcrypt-devel
mailing list