wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/ec
History
Matt Caswell a3e9d5aa98 Add blinding to an ECDSA signature 
Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
ECDSA signature operation. During signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

The addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-06-13 16:19:22 +01:00
..
asm Update copyright year 2018-05-01 13:34:30 +01:00
curve448 Remove some logically dead code 2018-05-31 10:38:51 +01:00
build.info ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c 2018-05-09 13:30:38 +02:00
curve25519.c ec/curve25519.c: resolve regression with Android NDK's arm64 gcc. 2018-03-13 19:31:53 +01:00
ec2_oct.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ec2_smpl.c Update copyright year 2018-05-29 13:16:04 +01:00
ec_ameth.c Support public key and param check in EVP interface 2017-11-20 07:20:30 +01:00
ec_asn1.c ECDSA_SIG: add simple getters for commonly used struct members 2018-05-28 19:11:23 +02:00
ec_check.c Copyright consolidation 06/10 2016-05-17 14:51:04 -04:00
ec_curve.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_cvt.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ec_err.c Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA" 2018-05-24 17:25:43 +01:00
ec_key.c Update copyright year 2018-04-17 15:18:40 +02:00
ec_kmeth.c Fix const correctness of EC_KEY_METHOD_get_* 2017-07-23 11:34:11 +02:00
ec_lcl.h Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_lib.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_mult.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_oct.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ec_pmeth.c Use lowercase for internal SM2 symbols 2018-06-04 11:59:56 +01:00
ec_print.c Update copyright year 2018-04-17 15:18:40 +02:00
ecdh_kdf.c check return values for EVP_Digest*() APIs 2016-07-15 14:09:05 +01:00
ecdh_ossl.c Update copyright year 2018-04-03 13:57:12 +01:00
ecdsa_ossl.c Add blinding to an ECDSA signature 2018-06-13 16:19:22 +01:00
ecdsa_sign.c Useless includes 2016-06-18 16:30:24 -04:00
ecdsa_vrf.c Useless includes 2016-06-18 16:30:24 -04:00
eck_prn.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ecp_mont.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ecp_nist.c Modify Sun copyright to follow OpenSSL style 2017-06-20 11:13:45 -04:00
ecp_nistp224.c Better error code when lacking __SIZEOF_INT128__ 2018-05-23 11:57:04 +02:00
ecp_nistp256.c Better error code when lacking __SIZEOF_INT128__ 2018-05-23 11:57:04 +02:00
ecp_nistp521.c Better error code when lacking __SIZEOF_INT128__ 2018-05-23 11:57:04 +02:00
ecp_nistputil.c Copyright consolidation 06/10 2016-05-17 14:51:04 -04:00
ecp_nistz256.c Improve compatibility of point and curve checks 2018-05-24 17:17:44 +01:00
ecp_nistz256_table.c Copyright consolidation 05/10 2016-05-17 15:38:09 -04:00
ecp_oct.c Many spelling fixes/typo's corrected. 2017-11-11 19:03:10 -05:00
ecp_smpl.c Update copyright year 2018-05-29 13:16:04 +01:00
ecx_meth.c Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00