Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
Fixes for RSA and ElGamal
gniibe at fsij
Nov 1, 2023, 6:34 PM
Post #1 of 2 (129 views)
Permalink
Hello,

In master, I pushed my fixes for RSA and ElGamal. It is to minimize
timing difference (between success case and failure case) in unpadding
PKCS#1 v1.5 padding and OAEP padding.
--

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: Fixes for RSA and ElGamal [ In reply to ]
gniibe at fsij
Nov 6, 2023, 5:24 PM
Post #2 of 2 (127 views)
Permalink
NIIBE Yutaka <gniibe@fsij.org> wrote:
> In master, I pushed my fixes for RSA and ElGamal.

And then, thanks to Jussi, more fixes are pushed for constant time
operations and their use cases in the implementation. Those are applied
to 1.10 branch, too.

Once, I introduced POSSIBLE_CONDITIONAL_BRANCH_IN_BYTE_COMPARISON, but
it was removed to prefer having same code for every architecture.

For those who build libgcrypt with MSVC, you may see the difference.
--

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal