[svn] gcry - r1357 - trunk/cipher

svn author wk cvs at cvs.gnupg.org
Wed Nov 19 14:52:49 CET 2008


Author: wk
Date: 2008-11-19 14:52:48 +0100 (Wed, 19 Nov 2008)
New Revision: 1357

Modified:
   trunk/cipher/ChangeLog
   trunk/cipher/rsa.c
Log:
Minor cleanups.


Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog	2008-11-07 16:07:02 UTC (rev 1356)
+++ trunk/cipher/ChangeLog	2008-11-19 13:52:48 UTC (rev 1357)
@@ -1,3 +1,8 @@
+2008-11-19  Werner Koch  <wk at g10code.com>
+
+	* rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
+	(generate): Rename to generate_std.
+
 2008-11-05  Werner Koch  <wk at g10code.com>
 
 	* md.c (md_open): Use a switch to set the Bsize.

Modified: trunk/cipher/rsa.c
===================================================================
--- trunk/cipher/rsa.c	2008-11-07 16:07:02 UTC (rev 1356)
+++ trunk/cipher/rsa.c	2008-11-19 13:52:48 UTC (rev 1357)
@@ -85,9 +85,6 @@
 
 
 static int test_keys (RSA_secret_key *sk, unsigned nbits);
-static gpg_err_code_t generate (RSA_secret_key *sk,
-                                unsigned int nbits, unsigned long use_e,
-                                int transient_key);
 static int  check_secret_key (RSA_secret_key *sk);
 static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
 static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
@@ -181,8 +178,8 @@
  * Returns: 2 structures filled with all needed values
  */
 static gpg_err_code_t
-generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
-          int transient_key)
+generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+              int transient_key)
 {
   gcry_mpi_t p, q; /* the two primes */
   gcry_mpi_t d;    /* the private key */
@@ -548,8 +545,8 @@
   (void)name;
   (void)domain;
 
-  ec = generate (&sk, nbits, use_e,
-                 !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) );
+  ec = generate_std (&sk, nbits, use_e,
+                     !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) );
   if (!ec)
     {
       skey[0] = sk.n;
@@ -661,12 +658,14 @@
       /* Initialize blinding.  */
       
       /* First, we need a random number r between 0 and n - 1, which
-	 is relatively prime to n (i.e. it is neither p nor q).  */
+	 is relatively prime to n (i.e. it is neither p nor q).  The
+	 random number needs to be only unpredictable, thus we employ
+	 the gcry_create_nonce function by using GCRY_WEAK_RANDOM with
+	 gcry_mpi_randomize.  */
       r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
       ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
       
-      gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n),
-			  GCRY_STRONG_RANDOM);
+      gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM);
       gcry_mpi_mod (r, r, sk.n);
 
       /* Calculate inverse of r.  It practically impossible that the




More information about the Gnupg-commits mailing list