diff options
| author | Simo Sorce <simo@redhat.com> | 2018-10-03 13:12:38 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2018-11-30 13:51:24 -0500 |
| commit | 4804febddc2ed958e5ae774de2a8f85edeeff538 (patch) | |
| tree | a7a693c3e8fb686581425217d0545b85612616c5 /tests | |
| parent | ed3bdddab73c792364deec423b2c2c498a939a64 (diff) | |
| download | gnutls-4804febddc2ed958e5ae774de2a8f85edeeff538.tar.gz | |
Constant time/cache PKCS#1 RSA decryptiontmp-fix-CVE-2018-16868
This patch tries to make the code have the same time and memory access
aptterns across all branches of the decryption function so that timining
or cache side channels are minimized or neutralized.
To do so it uses a new nettle rsa decryption function that is
side-channel silent.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/rsa-encrypt-decrypt.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c index 374684388c..95fdc64fb0 100644 --- a/tests/rsa-encrypt-decrypt.c +++ b/tests/rsa-encrypt-decrypt.c @@ -165,6 +165,15 @@ void doit(void) if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) fail("Decrypted data don't match original (2)\n"); + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) + fail("Decrypted data don't match original (2b)\n"); + gnutls_free(out.data); gnutls_free(out2.data); @@ -183,6 +192,15 @@ void doit(void) if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) fail("Decrypted data don't match original (4)\n"); + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) + fail("Decrypted data don't match original (4b)\n"); + if (debug) success("ok\n"); |