From: Alexander Sosedkin <asosedkin@redhat.com>
Date: Tue, 9 Aug 2022 14:05:53 +0000 (+0200)
Subject: auth/rsa: side-step potential side-channel
X-Git-Tag: 3.8.0~1^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80a6ce8ddb02477cd724cd5b2944791aaddb702a;p=thirdparty%2Fgnutls.git

auth/rsa: side-step potential side-channel

Remove branching that depends on secret data.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
Signed-off-by: Hubert Kario <hkario@redhat.com>
Tested-by: Hubert Kario <hkario@redhat.com>
---

diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 62c86e470a..562518d93e 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -154,7 +154,6 @@ _gnutls_get_public_rsa_params(gnutls_session_t session,
 static int
 proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size)
 {
-	const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
 	gnutls_datum_t ciphertext;
 	int ret, dsize;
 	ssize_t data_size = _data_size;
@@ -234,15 +233,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size)
 	ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
 	    CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
 
-	if (ok) {
-		/* call logging function unconditionally so all branches are
-		 * indistinguishable for timing and cache access when debug
-		 * logging is disabled */
-		_gnutls_no_log("%s", attack_error);
-	} else {
-		_gnutls_debug_log("%s", attack_error);
-	}
-
 	/* This is here to avoid the version check attack
 	 * discussed above.
 	 */