mpi_powm changes and t-sexp.c change of mine

NIIBE Yutaka gniibe at fsij.org
Fri Feb 27 09:29:49 CET 2015


Hello,

I pushed three changes to master.  Two are forward port from 1.6
branch, and the last one is the one I found by running test program
with valgrind.


commit 505decf5369970219ddc9e78a20f97c623957b78
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Feb 27 17:24:49 2015 +0900

    tests: fix t-sexp.c.

    * tests/t-sexp.c (bug_1594): Free N and PUBKEY.

commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Thu Feb 26 21:07:01 2015 +0900

    mpi: Avoid data-dependent timing variations in mpi_powm.

    * mpi/mpi-pow.c (mpi_powm): Access all data in the table by
    mpi_set_cond.

    --

    Access to the precomputed table was indexed by a portion of EXPO,
    which could be mounted by a side channel attack.  This change fixes
    this particular data-dependent access pattern.

    Cherry-picked from commit  5e72b6c76ebee720f69b8a5c212f52d38eb50287
    in LIBGCRYPT-1-6-BRANCH.

commit 1fa8cdb933505960d4e4b4842b122d4e06953e88
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Feb 11 22:30:02 2015 +0900

    mpi: Revise mpi_powm.

    * mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.

    --

    The name of precomputed table was b_2i3 which stands for BASE^(2*I+3).
    But it's too cryptic, so, it's renamed.  Besides, we needed to
    distinguish the case of I==0, that was not good.  Since it's OK to
    increase the size of table by one, it's BASE^(2*I+1), now.

--



More information about the Gcrypt-devel mailing list