diff options
author | Simo Sorce <simo@redhat.com> | 2018-10-03 13:12:38 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2018-11-30 13:51:24 -0500 |
commit | 4804febddc2ed958e5ae774de2a8f85edeeff538 (patch) | |
tree | a7a693c3e8fb686581425217d0545b85612616c5 /lib/gnutls_int.h | |
parent | ed3bdddab73c792364deec423b2c2c498a939a64 (diff) | |
download | gnutls-4804febddc2ed958e5ae774de2a8f85edeeff538.tar.gz |
Constant time/cache PKCS#1 RSA decryptiontmp-fix-CVE-2018-16868
This patch tries to make the code have the same time and memory access
aptterns across all branches of the decryption function so that timining
or cache side channels are minimized or neutralized.
To do so it uses a new nettle rsa decryption function that is
side-channel silent.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'lib/gnutls_int.h')
-rw-r--r-- | lib/gnutls_int.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 16881d8827..50a9208346 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1564,4 +1564,8 @@ inline static bool _gnutls_has_negotiate_ctypes(gnutls_session_t session) return session->internals.flags & GNUTLS_ENABLE_CERT_TYPE_NEG; } +/* Macros to aide constant time/mem checks */ +#define CONSTCHECK_NOT_EQUAL(a, b) ((-((uint32_t)(a) ^ (uint32_t)(b))) >> 31) +#define CONSTCHECK_EQUAL(a, b) (1U - CONSTCHECK_NOT_EQUAL(a, b)) + #endif /* GNUTLS_INT_H */ |