[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-259-gc17f84b
by Werner Koch
cvs at cvs.gnupg.org
Tue Sep 1 07:35:36 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via c17f84bd02d7ee93845e92e20f6ddba814961588 (commit)
via dd87639abd38afc91a6f27af33f0ba17402ad02d (commit)
from a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c17f84bd02d7ee93845e92e20f6ddba814961588
Author: Werner Koch <wk at gnupg.org>
Date: Mon Aug 31 23:13:27 2015 +0200
rsa: Add verify after sign to avoid Lenstra's CRT attack.
* cipher/rsa.c (rsa_sign): Check the CRT.
--
Failures in the computation of the CRT (e.g. due faulty hardware) can
lead to a leak of the private key. The standard precaution against
this is to verify the signature after signing. GnuPG does this itself
and even has an option to disable this. However, the low performance
impact of this extra precaution suggest that it should always be done
and Libgcrypt is the right place here. For decryption is not done
because the application will detect the failure due to garbled
plaintext and in any case no key derived material will be send to the
user.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/rsa.c b/cipher/rsa.c
index e4f73d5..45a481b 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -1112,7 +1112,9 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
struct pk_encoding_ctx ctx;
gcry_mpi_t data = NULL;
RSA_secret_key sk = {NULL, NULL, NULL, NULL, NULL, NULL};
+ RSA_public_key pk;
gcry_mpi_t sig = NULL;
+ gcry_mpi_t result = NULL;
_gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN,
rsa_get_nbits (keyparms));
@@ -1148,11 +1150,25 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
}
- /* Do RSA computation and build the result. */
+ /* Do RSA computation. */
sig = mpi_new (0);
secret (sig, data, &sk);
if (DBG_CIPHER)
log_printmpi ("rsa_sign res", sig);
+
+ /* Check that the created signature is good. This detects a failure
+ of the CRT algorithm (Lenstra's attack on RSA's use of the CRT). */
+ result = mpi_new (0);
+ pk.n = sk.n;
+ pk.e = sk.e;
+ public (result, sig, &pk);
+ if (mpi_cmp (result, data))
+ {
+ rc = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+
+ /* Convert the result. */
if ((ctx.flags & PUBKEY_FLAG_FIXEDLEN))
{
/* We need to make sure to return the correct length to avoid
@@ -1172,6 +1188,7 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
leave:
+ _gcry_mpi_release (result);
_gcry_mpi_release (sig);
_gcry_mpi_release (sk.n);
_gcry_mpi_release (sk.e);
commit dd87639abd38afc91a6f27af33f0ba17402ad02d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Aug 31 22:41:12 2015 +0200
Add pubkey algo id for EdDSA.
* src/gcrypt.h.in (GCRY_PK_EDDSA): New.
--
These ids are not actually used by Libgcrypt but other software makes
use of such algorithm ids. Thus we provide them here.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index d90ee6d..22565ed 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,7 @@ Noteworthy changes in version 1.7.0 (unreleased)
GCRY_CIPHER_MODE_OCB NEW.
GCRYCTL_SET_TAGLEN NEW.
gcry_cipher_final NEW macro.
+ GCRY_PK_EDDSA NEW constant.
Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 884034c..585da6a 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1053,8 +1053,9 @@ enum gcry_pk_algos
GCRY_PK_DSA = 17, /* Digital Signature Algorithm. */
GCRY_PK_ECC = 18, /* Generic ECC. */
GCRY_PK_ELG = 20, /* Elgamal */
- GCRY_PK_ECDSA = 301, /* (deprecated: use 18). */
- GCRY_PK_ECDH = 302 /* (deprecated: use 18). */
+ GCRY_PK_ECDSA = 301, /* (only for external use). */
+ GCRY_PK_ECDH = 302, /* (only for external use). */
+ GCRY_PK_EDDSA = 303 /* (only for external use). */
};
/* Flags describing usage capabilities of a PK algorithm. */
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
cipher/rsa.c | 19 ++++++++++++++++++-
src/gcrypt.h.in | 5 +++--
3 files changed, 22 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list