-
Notifications
You must be signed in to change notification settings - Fork 57
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Constant time fixes for C_Decrypt return code handling
Return code handling of C_Decrypt, C_DecryptUpdate, and C_DecryptFinal must be performed in a constant time manner for RSA mechanisms. Otherwise it may cause a timing side channel that may be used to perform a Bleichenbacher style attack. Handling of error situations with CKR_BUFFER_TOO_SMALL or size-query calls, where the output buffer is NULL and the required size of the output buffer is to be returned, do not need to be performed in constant time, since these cases are shortcut anyway, and the result is only dependent on the modulus size of the RSA key (which is public information anyway). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
- Loading branch information
Showing
4 changed files
with
123 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters