[svn] gcry - r1357 - trunk/cipher
svn author wk
cvs at cvs.gnupg.org
Wed Nov 19 14:52:49 CET 2008
Author: wk
Date: 2008-11-19 14:52:48 +0100 (Wed, 19 Nov 2008)
New Revision: 1357
Modified:
trunk/cipher/ChangeLog
trunk/cipher/rsa.c
Log:
Minor cleanups.
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2008-11-07 16:07:02 UTC (rev 1356)
+++ trunk/cipher/ChangeLog 2008-11-19 13:52:48 UTC (rev 1357)
@@ -1,3 +1,8 @@
+2008-11-19 Werner Koch <wk at g10code.com>
+
+ * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
+ (generate): Rename to generate_std.
+
2008-11-05 Werner Koch <wk at g10code.com>
* md.c (md_open): Use a switch to set the Bsize.
Modified: trunk/cipher/rsa.c
===================================================================
--- trunk/cipher/rsa.c 2008-11-07 16:07:02 UTC (rev 1356)
+++ trunk/cipher/rsa.c 2008-11-19 13:52:48 UTC (rev 1357)
@@ -85,9 +85,6 @@
static int test_keys (RSA_secret_key *sk, unsigned nbits);
-static gpg_err_code_t generate (RSA_secret_key *sk,
- unsigned int nbits, unsigned long use_e,
- int transient_key);
static int check_secret_key (RSA_secret_key *sk);
static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
@@ -181,8 +178,8 @@
* Returns: 2 structures filled with all needed values
*/
static gpg_err_code_t
-generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
- int transient_key)
+generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ int transient_key)
{
gcry_mpi_t p, q; /* the two primes */
gcry_mpi_t d; /* the private key */
@@ -548,8 +545,8 @@
(void)name;
(void)domain;
- ec = generate (&sk, nbits, use_e,
- !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) );
+ ec = generate_std (&sk, nbits, use_e,
+ !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) );
if (!ec)
{
skey[0] = sk.n;
@@ -661,12 +658,14 @@
/* Initialize blinding. */
/* First, we need a random number r between 0 and n - 1, which
- is relatively prime to n (i.e. it is neither p nor q). */
+ is relatively prime to n (i.e. it is neither p nor q). The
+ random number needs to be only unpredictable, thus we employ
+ the gcry_create_nonce function by using GCRY_WEAK_RANDOM with
+ gcry_mpi_randomize. */
r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
- gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n),
- GCRY_STRONG_RANDOM);
+ gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM);
gcry_mpi_mod (r, r, sk.n);
/* Calculate inverse of r. It practically impossible that the
More information about the Gnupg-commits
mailing list