[Cryptech-Commits] [sw/libhal] branch master updated: Clear search state variables in rsa.c's find_prime().
git at cryptech.is
git at cryptech.is
Mon Mar 26 00:25:35 UTC 2018
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.
The following commit(s) were added to refs/heads/master by this push:
new 57b5515 Clear search state variables in rsa.c's find_prime().
57b5515 is described below
commit 57b551588e3ce4a1e79d8bb8d9d2a409a7cbf202
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun Mar 25 19:51:40 2018 -0400
Clear search state variables in rsa.c's find_prime().
Failing to clear the temporary buffer used to transfer bits from the
TRNG into a bignum was a real leak of something very close to keying
material, albeit only onto the local stack where it was almost certain
to have been overwritten by subsequent operations (generation of other
key components, wrap and PKCS #8 encoding) before pkey_generate_rsa()
ever returned to its caller. Still, bad coder, no biscuit.
Failing to clear the remainders array was probably harmless, but
doctrine says clear it anyway.
---
rsa.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/rsa.c b/rsa.c
index b5e52c5..01d8290 100644
--- a/rsa.c
+++ b/rsa.c
@@ -829,6 +829,7 @@ static hal_error_t find_prime(const unsigned prime_length,
buffer[sizeof(buffer) - 1] |= 0x01; /* Candidates are odd */
fp_read_unsigned_bin(result, buffer, sizeof(buffer));
+ memset(buffer, 0, sizeof(buffer));
for (size_t i = 0; i < sizeof(small_prime)/sizeof(*small_prime); i++) {
fp_digit d;
@@ -853,10 +854,8 @@ static hal_error_t find_prime(const unsigned prime_length,
possible = fp_cmp_d(t, 1) == FP_EQ;
}
- if (possible) {
- fp_zero(t);
- return HAL_OK;
- }
+ if (possible)
+ break;
fp_add_d(result, 2, result);
@@ -864,6 +863,10 @@ static hal_error_t find_prime(const unsigned prime_length,
if ((remainder[i] += 2) >= small_prime[i])
remainder[i] -= small_prime[i];
}
+
+ memset(remainder, 0, sizeof(remainder));
+ fp_zero(t);
+ return HAL_OK;
}
/*
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list