Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:mcaj
libgcrypt11
0001-rsa-Add-verify-after-sign-to-avoid-Lenstra...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-rsa-Add-verify-after-sign-to-avoid-Lenstra-s-CRT-att.patch of Package libgcrypt11
From b85c8d6645039fc9d403791750510e439731d479 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Mon, 31 Aug 2015 23:13:27 +0200 Subject: [PATCH] rsa: Add verify after sign to avoid Lenstra's CRT attack. * cipher/rsa.c (rsa_sign): Check the CRT. -- Failures in the computation of the CRT (e.g. due faulty hardware) can lead to a leak of the private key. The standard precaution against this is to verify the signature after signing. GnuPG does this itself and even has an option to disable this. However, the low performance impact of this extra precaution suggest that it should always be done and Libgcrypt is the right place here. For decryption is not done because the application will detect the failure due to garbled plaintext and in any case no key derived material will be send to the user. Signed-off-by: Werner Koch <wk@gnupg.org> --- cipher/rsa.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) Index: libgcrypt-1.5.4/cipher/rsa.c =================================================================== --- libgcrypt-1.5.4.orig/cipher/rsa.c 2014-08-07 17:21:31.000000000 +0200 +++ libgcrypt-1.5.4/cipher/rsa.c 2015-09-08 11:20:27.063040413 +0200 @@ -996,6 +996,8 @@ static gcry_err_code_t rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { RSA_secret_key sk; + RSA_public_key pk; + gcry_mpi_t result = NULL; (void)algo; @@ -1008,6 +1010,19 @@ rsa_sign (int algo, gcry_mpi_t *resarr, resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n)); secret (resarr[0], data, &sk); + /* Check that the created signature is good. This detects a failure + of the CRT algorithm (Lenstra's attack on RSA's use of the CRT). */ + result = gcry_mpi_new (0); + pk.n = sk.n; + pk.e = sk.e; + public (result, resarr[0], &pk); + if (mpi_cmp (result, data)) + { + gcry_mpi_release (result); + return GPG_ERR_BAD_SIGNATURE; + } + + gcry_mpi_release (result); return GPG_ERR_NO_ERROR; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor