diff options
author | Simo Sorce <simo@redhat.com> | 2018-10-03 13:12:38 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2018-11-30 13:51:24 -0500 |
commit | 4804febddc2ed958e5ae774de2a8f85edeeff538 (patch) | |
tree | a7a693c3e8fb686581425217d0545b85612616c5 /lib/errors.h | |
parent | ed3bdddab73c792364deec423b2c2c498a939a64 (diff) | |
download | gnutls-tmp-fix-CVE-2018-16868.tar.gz |
Constant time/cache PKCS#1 RSA decryptiontmp-fix-CVE-2018-16868
This patch tries to make the code have the same time and memory access
aptterns across all branches of the decryption function so that timining
or cache side channels are minimized or neutralized.
To do so it uses a new nettle rsa decryption function that is
side-channel silent.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'lib/errors.h')
-rw-r--r-- | lib/errors.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/errors.h b/lib/errors.h index e0f6b906c2..baadc0e67e 100644 --- a/lib/errors.h +++ b/lib/errors.h @@ -108,6 +108,7 @@ void _gnutls_mpi_log(const char *prefix, bigint_t a); #define _gnutls_write_log(...) LEVEL(11, __VA_ARGS__) #define _gnutls_io_log(...) LEVEL(12, __VA_ARGS__) #define _gnutls_buffers_log(...) LEVEL(13, __VA_ARGS__) +#define _gnutls_no_log(...) LEVEL(INT_MAX, __VA_ARGS__) #else #define _gnutls_debug_log _gnutls_null_log #define _gnutls_assert_log _gnutls_null_log @@ -119,6 +120,7 @@ void _gnutls_mpi_log(const char *prefix, bigint_t a); #define _gnutls_dtls_log _gnutls_null_log #define _gnutls_read_log _gnutls_null_log #define _gnutls_write_log _gnutls_null_log +#define _gnutls_no_log _gnutle_null_log void _gnutls_null_log(void *, ...); |