Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
Botan
CVE-2017-14737.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-14737.patch of Package Botan
From 5f3a62a1243258af0c5f69d87553cc01ed785c5a Mon Sep 17 00:00:00 2001 From: Jack Lloyd <jack@randombit.net> Date: Thu, 28 Sep 2017 10:29:15 -0400 Subject: [PATCH] Cache silent table lookup in modexp CVE-2017-14737 --- src/math/bigint/bigint.cpp | 22 ++++++++++++++++++++++ src/math/bigint/bigint.h | 6 ++++++ src/math/numbertheory/powm_mnt.cpp | 9 ++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index e2e062f2d..4c02e76a3 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -10,6 +10,7 @@ #include <botan/get_byte.h> #include <botan/parsing.h> #include <botan/internal/rounding.h> +#include <botan/internal/ct_utils.h> namespace Botan { @@ -373,4 +374,25 @@ void BigInt::binary_decode(const MemoryRegion<byte>& buf) binary_decode(buf, buf.size()); } +void BigInt::shrink_to_fit() + { + reg.resize(sig_words()); + } + +void BigInt::const_time_lookup(SecureVector<word>& output, + const std::vector<BigInt>& vec, + size_t idx) + { + const size_t words = output.size(); + + clear_mem(output.data(), output.size()); + + for(size_t i = 0; i != vec.size(); ++i) + { + for(size_t w = 0; w != words; ++w) + output[w] |= CT::select<word>(CT::is_equal(i, idx), vec[i].word_at(w), 0); + } + } + + } diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 87c7cb766..f34f6e9ec 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -500,6 +500,12 @@ class BOTAN_DLL BigInt */ BigInt(NumberType type, size_t n); + void shrink_to_fit(); + + static void const_time_lookup(SecureVector<word>& output, + const std::vector<BigInt>& vec, + size_t idx); + private: SecureVector<word> reg; Sign signedness; diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index d3845194c..295e9401a 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -68,6 +68,7 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) &workspace[0]); g[i].assign(&z[0], mod_words + 1); + g[i].grow_to(mod_words); } } @@ -81,6 +82,7 @@ BigInt Montgomery_Exponentiator::execute() const BigInt x = R_mod; SecureVector<word> z(2 * (mod_words + 1)); SecureVector<word> workspace(2 * (mod_words + 1)); + SecureVector<word> e(mod_words); for(size_t i = exp_nibbles; i > 0; --i) { @@ -98,12 +100,13 @@ BigInt Montgomery_Exponentiator::execute() const const u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits); - const BigInt& y = g[nibble]; - zeroise(z); + + BigInt::const_time_lookup(e, g, nibble); + bigint_monty_mul(&z[0], z.size(), x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + e.data(), e.size(), e.size(), modulus.data(), mod_words, mod_prime, &workspace[0]); -- 2.14.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor