openssl/crypto
Bernd Edlinger e861d659c0 Don't use coordinate blinding when scalar is group order
This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.

Fixes: #8731

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)

(cherry picked from commit 3051bf2afa)
2019-04-14 11:27:00 +02:00
..
aes PPC assembly pack: fix copy-paste error in CTR mode 2019-03-18 20:07:57 +10:00
aria
asn1 Update copyright year 2019-02-26 14:05:09 +00:00
async arch/async_posix.h: improve portability. 2018-10-19 10:31:04 +02:00
bf
bio Use AI_ADDRCONFIG hint with getaddrinfo if available. 2019-04-04 01:25:08 +02:00
blake2 fix truncation of integers on 32bit AIX 2019-03-11 14:47:00 +01:00
bn Fix compiling error for mips32r6 and mips64r6 2019-03-19 07:37:45 +01:00
buffer
camellia Update copyright year 2018-09-11 13:45:17 +01:00
cast
chacha deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
cmac
cms Update copyright year 2019-02-26 14:05:09 +00:00
comp
conf OPENSSL_config(): restore error agnosticism 2019-03-20 14:25:43 +01:00
ct Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
des Update copyright year 2019-02-26 14:05:09 +00:00
dh Increase rounds of Miller-Rabin testing DH_check 2019-03-27 15:03:55 +00:00
dsa Added NULL check to BN_clear() & BN_CTX_end() 2019-03-19 07:28:39 +01:00
dso Rework DSO API conditions and configuration option 2019-04-10 07:50:17 +02:00
ec Don't use coordinate blinding when scalar is group order 2019-04-14 11:27:00 +02:00
engine Update copyright year 2019-02-26 14:05:09 +00:00
err Make err_clear_constant_time really constant time 2019-03-22 14:24:48 +01:00
evp EVP_*Update: ensure that input NULL with length 0 isn't passed 2019-04-10 07:53:32 +02:00
hmac Don't allow SHAKE128/SHAKE256 with HMAC 2019-03-27 14:37:22 +00:00
idea
include/internal Rework DSO API conditions and configuration option 2019-04-10 07:50:17 +02:00
kdf Reset the HKDF state between operations 2018-10-29 14:11:40 +00:00
lhash Update copyright year 2018-09-11 13:45:17 +01:00
md2
md4
md5
mdc2
modes cfi build fixes in x86-64 ghash assembly 2019-02-27 22:44:46 +01:00
objects Update generator copyright year. 2019-01-07 13:53:24 -05:00
ocsp Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const params 2019-03-28 10:00:11 +00:00
pem Fix the allocation size in EVP_OpenInit and PEM_SignFinal 2019-04-06 10:20:10 +02:00
perlasm Update copyright year 2019-02-26 14:05:09 +00:00
pkcs7 Update copyright year 2018-09-11 13:45:17 +01:00
pkcs12 Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
poly1305 deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
rand Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT" 2019-04-02 14:50:33 +02:00
rc2
rc4 deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
rc5
ripemd
rsa Avoid creating invalid rsa pss params 2019-04-10 20:24:57 +02:00
seed Update copyright year 2018-09-11 13:45:17 +01:00
sha fix truncation of integers on 32bit AIX 2019-03-11 14:47:00 +01:00
siphash Fix SipHash init order. 2018-11-12 07:16:58 +01:00
sm2 EVP module documentation pass 2018-10-17 13:31:59 +03:00
sm3
sm4
srp Update copyright year 2019-02-26 14:05:09 +00:00
stack Revert "stack/stack.c: omit redundant NULL checks." 2018-08-09 14:37:10 +01:00
store crypto/*: address standard-compilance nits. 2018-07-20 13:40:30 +02:00
ts Check conversion return in ASN1_INTEGER_print_bio. 2018-07-31 11:37:05 +10:00
txt_db
ui Update copyright year 2019-02-26 14:05:09 +00:00
whrlpool
x509 Fix crash in X509_STORE_CTX_get_by_subject 2019-04-09 10:31:20 +01:00
x509v3 Update copyright year 2018-09-11 13:45:17 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Update copyright year 2019-02-26 14:05:09 +00:00
armv4cpuid.pl
build.info Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
c64xpluscpuid.pl
cpt_err.c
cryptlib.c Update copyright year 2019-02-26 14:05:09 +00:00
ctype.c
cversion.c
dllmain.c Update copyright year 2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c
getenv.c Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ia64cpuid.S
init.c Rework DSO API conditions and configuration option 2019-04-10 07:50:17 +02:00
LPdir_nyi.c
LPdir_unix.c typo-fixes: miscellaneous typo fixes 2018-09-21 23:59:02 +02:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. 2018-08-07 09:08:50 +02:00
mem_clr.c
mem_dbg.c
mem_sec.c test/secmemtest: test secure memory only if it is implemented 2018-10-05 12:23:34 +02:00
mips_arch.h Fix compiling error for mips32r6 and mips64r6 2019-03-19 07:37:45 +01:00
o_dir.c
o_fips.c
o_fopen.c Add missing include file. 2018-09-17 12:54:20 +10:00
o_init.c
o_str.c openssl_strerror_r: Fix handling of GNU strerror_r 2019-03-04 10:11:05 +00:00
o_time.c
pariscid.pl PA-RISC assembly pack: make it work with GNU assembler for HP-UX. 2018-06-25 16:45:48 +02:00
ppc_arch.h Update copyright year 2019-02-26 14:05:09 +00:00
ppccap.c Update copyright year 2019-02-26 14:05:09 +00:00
ppccpuid.pl Update copyright year 2019-02-26 14:05:09 +00:00
s390x_arch.h s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
s390xcap.c
s390xcpuid.pl s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_pthread.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_win.c Avoid linking error for InitializeCriticalSectionAndSpinCount(). 2019-03-29 10:02:06 +00:00
uid.c Update copyright year 2019-02-26 14:05:09 +00:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl