openssl/crypto/dsa
Matt Caswell 7f9822a482 Add blinding to a DSA signature
This extends the recently added ECDSA signature blinding to blind DSA too.

This is based on side channel attacks demonstrated by Keegan Ryan (NCC
Group) for ECDSA which are likely to be able to be applied to DSA.

Normally, as in ECDSA, during signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

In ECDSA, the addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

This commit also tweaks the previous ECDSA blinding so that blinding is
only removed at the last possible step.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6522)
2018-06-21 10:15:57 +01:00
..
build.info Make DSA_METHOD opaque 2016-04-03 00:23:56 +01:00
dsa_ameth.c Check return value of OBJ_nid2obj in dsa_pub_encode. 2017-11-03 15:46:51 +01:00
dsa_asn1.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dsa_depr.c Useless header include of openssl/rand.h 2016-06-18 16:30:24 -04:00
dsa_err.c Pick a q size consistent with the digest for DSA param generation 2018-04-05 15:44:24 +01:00
dsa_gen.c Update copyright year 2018-04-17 15:18:40 +02:00
dsa_key.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dsa_lib.c Update copyright year 2018-05-29 13:16:04 +01:00
dsa_locl.h Act on deprecation of LONG and ZLONG, step 2 2017-04-10 12:11:00 +02:00
dsa_meth.c Update copyright year 2018-04-03 13:57:12 +01:00
dsa_ossl.c Add blinding to a DSA signature 2018-06-21 10:15:57 +01:00
dsa_pmeth.c Update copyright year 2018-04-17 15:18:40 +02:00
dsa_prn.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dsa_sign.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
dsa_vrf.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00