Timing Attack against RSA OAEP Code

Werner Koch wk at gnupg.org
Fri Jun 3 09:25:21 CEST 2011

On Fri,  3 Jun 2011 03:36, ueno at unixuser.org said:

> I'm attaching a fix in this direction.  Also, probably oaep_decode
> should never return "inspectable" error codes like GPG_ERR_TOO_SHORT on
> non-fatal errors.

FWIW, I did some restructuring of the oaep_encode stuff to better match
the RFC.  I planned for today to do the same for oaep_decode.  Thus you
may want to wait before applying the patch.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list