wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/ec
History
Matt Caswell 7f9822a482 Add blinding to a DSA signature 
This extends the recently added ECDSA signature blinding to blind DSA too.

This is based on side channel attacks demonstrated by Keegan Ryan (NCC
Group) for ECDSA which are likely to be able to be applied to DSA.

Normally, as in ECDSA, during signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

In ECDSA, the addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

This commit also tweaks the previous ECDSA blinding so that blinding is
only removed at the last possible step.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6522)
2018-06-21 10:15:57 +01:00
..
asm Update copyright year 2018-06-20 15:29:23 +01:00
curve448 Remove some logically dead code 2018-05-31 10:38:51 +01:00
build.info ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c 2018-05-09 13:30:38 +02:00
curve25519.c ec/curve25519.c: resolve regression with Android NDK's arm64 gcc. 2018-03-13 19:31:53 +01:00
ec2_oct.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ec2_smpl.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ec_ameth.c Update copyright year 2018-06-20 15:29:23 +01:00
ec_asn1.c ECDSA_SIG: add simple getters for commonly used struct members 2018-05-28 19:11:23 +02:00
ec_check.c Copyright consolidation 06/10 2016-05-17 14:51:04 -04:00
ec_curve.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_cvt.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ec_err.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ec_key.c Update copyright year 2018-04-17 15:18:40 +02:00
ec_kmeth.c Fix const correctness of EC_KEY_METHOD_get_* 2017-07-23 11:34:11 +02:00
ec_lcl.h Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ec_lib.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ec_mult.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ec_oct.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_pmeth.c Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
ec_print.c Update copyright year 2018-04-17 15:18:40 +02:00
ecdh_kdf.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
ecdh_ossl.c Update copyright year 2018-04-03 13:57:12 +01:00
ecdsa_ossl.c Add blinding to a DSA signature 2018-06-21 10:15:57 +01:00
ecdsa_sign.c Useless includes 2016-06-18 16:30:24 -04:00
ecdsa_vrf.c Useless includes 2016-06-18 16:30:24 -04:00
eck_prn.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ecp_mont.c Update copyright year 2018-06-20 15:29:23 +01:00
ecp_nist.c Update copyright year 2018-06-20 15:29:23 +01:00
ecp_nistp224.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ecp_nistp256.c Better error code when lacking __SIZEOF_INT128__ 2018-05-23 11:57:04 +02:00
ecp_nistp521.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ecp_nistputil.c Copyright consolidation 06/10 2016-05-17 14:51:04 -04:00
ecp_nistz256.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ecp_nistz256_table.c Copyright consolidation 05/10 2016-05-17 15:38:09 -04:00
ecp_oct.c Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
ecp_smpl.c Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
ecx_meth.c Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00