diff options
| author | Simo Sorce <simo@redhat.com> | 2018-10-03 13:12:38 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2018-11-30 13:51:24 -0500 |
| commit | 4804febddc2ed958e5ae774de2a8f85edeeff538 (patch) | |
| tree | a7a693c3e8fb686581425217d0545b85612616c5 /lib/pk.h | |
| parent | ed3bdddab73c792364deec423b2c2c498a939a64 (diff) | |
| download | gnutls-tmp-fix-CVE-2018-16868.tar.gz | |
Constant time/cache PKCS#1 RSA decryptiontmp-fix-CVE-2018-16868
This patch tries to make the code have the same time and memory access
aptterns across all branches of the decryption function so that timining
or cache side channels are minimized or neutralized.
To do so it uses a new nettle rsa decryption function that is
side-channel silent.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'lib/pk.h')
| -rw-r--r-- | lib/pk.h | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -28,6 +28,7 @@ extern gnutls_crypto_pk_st _gnutls_pk_ops; #define _gnutls_pk_encrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.encrypt( algo, ciphertext, plaintext, params) #define _gnutls_pk_decrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.decrypt( algo, ciphertext, plaintext, params) +#define _gnutls_pk_decrypt2( algo, ciphertext, plaintext, size, params) _gnutls_pk_ops.decrypt2( algo, ciphertext, plaintext, size, params) #define _gnutls_pk_sign( algo, sig, data, params, sign_params) _gnutls_pk_ops.sign( algo, sig, data, params, sign_params) #define _gnutls_pk_verify( algo, data, sig, params, sign_params) _gnutls_pk_ops.verify( algo, data, sig, params, sign_params) #define _gnutls_pk_verify_priv_params( algo, params) _gnutls_pk_ops.verify_priv_params( algo, params) |