openssl

History

Billy Brumley 30c22fa8b1 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/9781)		2019-09-07 03:57:52 +03:00
..
aes	Fix Typos	2019-07-31 19:48:30 +02:00
aria
asn1	[crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.	2019-09-06 16:15:55 +01:00
async	arch/async_posix.h: improve portability.	2018-10-19 10:31:04 +02:00
bf	Harmonize the make variables across all known platforms families	2018-02-14 17:13:53 +01:00
bio	BIO_lookup_ex: Do not retry on EAI_MEMORY	2019-08-13 11:44:45 +02:00
blake2	Update copyright year	2019-05-28 14:49:38 +02:00
bn	Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations	2019-09-07 02:21:03 +03:00
buffer	Update copyright year	2018-04-03 13:57:12 +01:00
camellia	Update copyright year	2018-09-11 13:45:17 +01:00
cast	Harmonize the make variables across all known platforms families	2018-02-14 17:13:53 +01:00
chacha	deps: add s390 asm rules for OpenSSL-1.1.1	2019-03-01 08:41:26 +01:00
cmac	Update copyright year	2018-04-17 15:18:40 +02:00
cms	Remove OPENSSL_X509V3_H include detector from openssl/cms.h	2019-07-24 17:08:38 +02:00
comp	Fix last(?) batch of malloc-NULL places	2018-04-26 14:02:24 -04:00
conf	crypto/conf: openssl_config_int() returns unitialized value	2019-05-29 10:47:40 +10:00
ct	Use secure_getenv(3) when available.	2018-09-24 11:22:22 +10:00
des	Update copyright year	2019-02-26 14:05:09 +00:00
dh	Change DH parameters to generate the order q subgroup instead of 2q	2019-07-24 14:59:52 +02:00
dsa	Fix Typos	2019-07-31 19:48:30 +02:00
dso	Cygwin: enable the use of Dl_info and dladdr()	2019-07-21 11:08:56 +02:00
ec	[crypto/ec] for ECC parameters with NULL or zero cofactor, compute it	2019-09-07 03:57:52 +03:00
engine	crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally	2019-08-15 11:23:12 +02:00
err	make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA	2019-07-31 17:07:44 +03:00
evp	Directly return from final sha3/keccak_final if no bytes are requested	2019-08-18 21:33:49 +02:00
hmac	Update copyright year	2019-05-28 14:49:38 +02:00
idea
include/internal	Add missing EBCDIC strings	2019-08-14 10:52:31 +01:00
kdf	Reset the HKDF state between operations	2018-10-29 14:11:40 +00:00
lhash	Fix Typos	2019-07-31 19:48:30 +02:00
md2
md4
md5	Harmonize the make variables across all known platforms families	2018-02-14 17:13:53 +01:00
mdc2
modes	Update copyright year	2019-05-28 14:49:38 +02:00
objects	Fix GOST OID	2019-05-24 12:36:06 +03:00
ocsp	Update copyright year	2019-05-28 14:49:38 +02:00
pem	Fix SCA vulnerability when using PVK and MSBLOB key formats	2019-08-27 09:13:34 +01:00
perlasm	Update copyright year	2019-02-26 14:05:09 +00:00
pkcs7	Update copyright year	2018-09-11 13:45:17 +01:00
pkcs12	Use secure_getenv(3) when available.	2018-09-24 11:22:22 +10:00
poly1305	deps: add s390 asm rules for OpenSSL-1.1.1	2019-03-01 08:41:26 +01:00
rand	Cleanup includes in rand_unix.c	2019-09-05 08:33:48 +02:00
rc2
rc4	deps: add s390 asm rules for OpenSSL-1.1.1	2019-03-01 08:41:26 +01:00
rc5	Harmonize the make variables across all known platforms families	2018-02-14 17:13:53 +01:00
ripemd	Harmonize the make variables across all known platforms families	2018-02-14 17:13:53 +01:00
rsa	[crypto/rsa] Set the constant-time flag in multi-prime RSA too	2019-09-06 16:15:55 +01:00
seed	Update copyright year	2018-09-11 13:45:17 +01:00
sha	Fix syntax error for the armv4 assembler	2019-08-15 14:24:27 +02:00
siphash	Fix SipHash init order.	2018-11-12 07:16:58 +01:00
sm2	Fix Typos	2019-07-31 19:48:30 +02:00
sm3
sm4
srp	Update copyright year	2019-02-26 14:05:09 +00:00
stack	Revert "stack/stack.c: omit redundant NULL checks."	2018-08-09 14:37:10 +01:00
store	Fix Typos	2019-07-31 19:48:30 +02:00
ts	Check conversion return in ASN1_INTEGER_print_bio.	2018-07-31 11:37:05 +10:00
txt_db	Update copyright year	2018-04-03 13:57:12 +01:00
ui	Fix Typos	2019-07-01 02:02:06 +08:00
whrlpool	Fix warning C4164 in MSVC.	2019-07-31 17:32:16 +01:00
x509	Fix error handling in x509_lu.c	2019-09-05 08:40:24 +02:00
x509v3	Add missing accessors for X509 AuthorityKeyIdentifier	2019-08-01 12:13:37 +02:00
alphacpuid.pl
arm64cpuid.pl	{arm64\|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp.	2018-06-03 21:15:18 +02:00
arm_arch.h	Fix building linux-armv4 with --strict-warnings	2018-04-20 15:49:33 +02:00
armcap.c	Update copyright year	2019-02-26 14:05:09 +00:00
armv4cpuid.pl	Update copyright year	2018-05-01 13:34:30 +01:00
build.info	Use secure_getenv(3) when available.	2018-09-24 11:22:22 +10:00
c64xpluscpuid.pl
cpt_err.c	Fix last(?) batch of malloc-NULL places	2018-04-26 14:02:24 -04:00
cryptlib.c	Update copyright year	2019-02-26 14:05:09 +00:00
ctype.c	Add missing EBCDIC strings	2019-08-14 10:52:31 +01:00
cversion.c
dllmain.c	Update copyright year	2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c	Ensure the thread keys are always allocated in the same order	2018-04-20 15:45:06 +02:00
getenv.c	Use secure_getenv(3) when available.	2018-09-24 11:22:22 +10:00
ia64cpuid.S
init.c	Fix Typos	2019-07-31 19:48:30 +02:00
LPdir_nyi.c
LPdir_unix.c	typo-fixes: miscellaneous typo fixes	2018-09-21 23:59:02 +02:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c	crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG.	2018-08-07 09:08:50 +02:00
mem_clr.c
mem_dbg.c	Update copyright year	2018-02-13 13:59:25 +00:00
mem_sec.c	test/secmemtest: test secure memory only if it is implemented	2018-10-05 12:23:34 +02:00
mips_arch.h	Update copyright year	2019-05-28 14:49:38 +02:00
o_dir.c
o_fips.c
o_fopen.c	Add missing include file.	2018-09-17 12:54:20 +10:00
o_init.c
o_str.c	Fix error handling at openssl_strerror_r	2019-06-18 13:58:52 +02:00
o_time.c	Update copyright year	2018-04-03 13:57:12 +01:00
pariscid.pl	PA-RISC assembly pack: make it work with GNU assembler for HP-UX.	2018-06-25 16:45:48 +02:00
ppc_arch.h	Update copyright year	2019-02-26 14:05:09 +00:00
ppccap.c	crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00	2019-05-09 14:20:44 +10:00
ppccpuid.pl	Update copyright year	2019-02-26 14:05:09 +00:00
s390x_arch.h	s390x assembly pack: add KIMD/KLMD code path for sha3/shake	2018-08-06 12:04:52 +02:00
s390xcap.c	s390x assembly pack: fix restoring of SIGILL action	2019-07-17 20:15:38 +02:00
s390xcpuid.pl	s390x assembly pack: add KIMD/KLMD code path for sha3/shake	2018-08-06 12:04:52 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c	crypto/threads_*: remove CRYPTO_atomic_{read\|write}.	2018-08-17 12:40:39 +02:00
threads_pthread.c	crypto/threads_*: remove CRYPTO_atomic_{read\|write}.	2018-08-17 12:40:39 +02:00
threads_win.c	Update copyright year	2019-05-28 14:49:38 +02:00
uid.c	Swap #if blocks in uid.c so target platform gets checked before host	2019-06-18 12:53:27 +10:00
vms_rms.h
x86_64cpuid.pl	{arm64\|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp.	2018-06-03 21:15:18 +02:00
x86cpuid.pl	Fix issues in ia32 RDRAND asm leading to reduced entropy	2018-03-08 10:27:49 -05:00