[Cryptech-Commits] [sw/libhal] branch master updated: Clear search state variables in rsa.c's find_prime().

git at cryptech.is git at cryptech.is
Mon Mar 26 00:25:35 UTC 2018

Previous message (by thread): [Cryptech-Commits] [core/rng/trng] branch new_mixer created (now 953909d)
Next message (by thread): [Cryptech-Commits] [core/rng/trng] branch new_mixer updated: Fixed build and lint warnings. Cleaned up constant declarations. Changed asynch reset that collidsed with sync reset in other modules.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

The following commit(s) were added to refs/heads/master by this push:
     new 57b5515  Clear search state variables in rsa.c's find_prime().
57b5515 is described below

commit 57b551588e3ce4a1e79d8bb8d9d2a409a7cbf202
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun Mar 25 19:51:40 2018 -0400

    Clear search state variables in rsa.c's find_prime().
    
    Failing to clear the temporary buffer used to transfer bits from the
    TRNG into a bignum was a real leak of something very close to keying
    material, albeit only onto the local stack where it was almost certain
    to have been overwritten by subsequent operations (generation of other
    key components, wrap and PKCS #8 encoding) before pkey_generate_rsa()
    ever returned to its caller.  Still, bad coder, no biscuit.
    
    Failing to clear the remainders array was probably harmless, but
    doctrine says clear it anyway.
---
 rsa.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/rsa.c b/rsa.c
index b5e52c5..01d8290 100644
--- a/rsa.c
+++ b/rsa.c
@@ -829,6 +829,7 @@ static hal_error_t find_prime(const unsigned prime_length,
   buffer[sizeof(buffer) - 1] |=  0x01; /* Candidates are odd  */
 
   fp_read_unsigned_bin(result, buffer, sizeof(buffer));
+  memset(buffer, 0, sizeof(buffer));
 
   for (size_t i = 0; i < sizeof(small_prime)/sizeof(*small_prime); i++) {
     fp_digit d;
@@ -853,10 +854,8 @@ static hal_error_t find_prime(const unsigned prime_length,
       possible = fp_cmp_d(t, 1) == FP_EQ;
     }
 
-    if (possible) {
-      fp_zero(t);
-      return HAL_OK;
-    }
+    if (possible)
+      break;
 
     fp_add_d(result, 2, result);
 
@@ -864,6 +863,10 @@ static hal_error_t find_prime(const unsigned prime_length,
       if ((remainder[i] += 2) >= small_prime[i])
         remainder[i] -= small_prime[i];
   }
+
+  memset(remainder, 0, sizeof(remainder));
+  fp_zero(t);
+  return HAL_OK;
 }
 
 /*

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [core/rng/trng] branch new_mixer created (now 953909d)
Next message (by thread): [Cryptech-Commits] [core/rng/trng] branch new_mixer updated: Fixed build and lint warnings. Cleaned up constant declarations. Changed asynch reset that collidsed with sync reset in other modules.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list