wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Sohaib ul Hassan f667820c16 Implement coordinate blinding for EC_POINT 
This commit implements coordinate blinding, i.e., it randomizes the
representative of an elliptic curve point in its equivalence class, for
prime curves implemented through EC_GFp_simple_method,
EC_GFp_mont_method, and EC_GFp_nist_method.

This commit is derived from the patch
https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley.

Coordinate blinding is a generally useful side-channel countermeasure
and is (mostly) free. The function itself takes a few field
multiplicationss, but is usually only necessary at the beginning of a
scalar multiplication (as implemented in the patch). When used this way,
it makes the values that variables take (i.e., field elements in an
algorithm state) unpredictable.

For instance, this mitigates chosen EC point side-channel attacks for
settings such as ECDH and EC private key decryption, for the
aforementioned curves.

For EC_METHODs using different coordinate representations this commit
does nothing, but the corresponding coordinate blinding function can be
easily added in the future to extend these changes to such curves.

Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Co-authored-by: Billy Brumley <bbrumley@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6501)
2018-06-19 11:43:59 +01:00
..
aes PPC assembly pack: correct POWER9 results. 2018-06-03 21:20:06 +02:00
aria
asn1 Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
async Update copyright year 2018-05-01 13:34:30 +01:00
bf
bio Update copyright year 2018-05-29 13:16:04 +01:00
blake2
bn bn/asm/rsaz-avx2.pl: harmonize clang version detection. 2018-06-18 19:58:35 +02:00
buffer Update copyright year 2018-04-03 13:57:12 +01:00
camellia
cast
chacha {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. 2018-06-18 19:59:07 +02:00
cmac Update copyright year 2018-04-17 15:18:40 +02:00
cms add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c 2018-06-18 10:45:35 +01:00
comp Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
conf Update copyright year 2018-05-29 13:16:04 +01:00
ct Update copyright year 2018-05-29 13:16:04 +01:00
des Update copyright year 2018-04-03 13:57:12 +01:00
dh Reject excessively large primes in DH key generation. 2018-06-12 10:06:46 +01:00
dsa Update copyright year 2018-05-29 13:16:04 +01:00
dso openssl#5668: corrections after compiling with -qinfo=all:als. 2018-04-14 13:28:31 +02:00
ec Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
engine Convert our own check of OPENSSL_NO_DEPRECATED 2018-06-19 10:33:01 +02:00
err Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
evp Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
hmac Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00
idea
include/internal Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
kdf Update copyright year 2018-04-17 15:18:40 +02:00
lhash Update copyright year 2018-05-01 13:34:30 +01:00
md2
md4
md5
mdc2
modes modes/ocb128.c: Reset nonce-dependent variables on setiv 2018-06-08 15:54:40 +02:00
objects New GOST identificators 2018-06-08 12:06:40 -04:00
ocsp
pem Update copyright year 2018-05-29 13:16:04 +01:00
perlasm perlasm/ppc-xlate.pl: add vmrg[eo]w instructions. 2018-06-06 22:13:58 +02:00
pkcs7 Update copyright year 2018-03-20 13:08:46 +00:00
pkcs12 remove needless and misleading malloc failure error messages of PKCS12_SAFEBAG_create_pkcs8_encrypt 2018-06-18 10:44:32 +01:00
poly1305 {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. 2018-06-18 19:59:07 +02:00
rand RAND_POOL: Add missing implementations for djgpp 2018-06-15 08:13:03 +02:00
rc2
rc4 Update copyright year 2018-03-20 13:08:46 +00:00
rc5
ripemd
rsa Update copyright year 2018-05-29 13:16:04 +01:00
seed
sha sha/asm/sha{1|256}-586.pl: harmonize clang version detection. 2018-06-18 19:59:03 +02:00
siphash Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00
sm2 Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
sm3
sm4
srp Make ck_errf.pl ignore commented out error generation 2018-06-12 12:31:45 +02:00
stack Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
store Update copyright year 2018-05-29 13:16:04 +01:00
ts Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
txt_db Update copyright year 2018-04-03 13:57:12 +01:00
ui Update copyright year 2018-05-29 13:16:04 +01:00
whrlpool
x509 Add support for RSA-PSS to X509_certificate_type() 2018-06-11 11:03:23 +01:00
x509v3 Update copyright year 2018-05-29 13:16:04 +01:00
alphacpuid.pl
arm64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
arm_arch.h Fix building linux-armv4 with --strict-warnings 2018-04-20 15:49:33 +02:00
armcap.c crypto/armcap.c: mask SHA512 hardware detection on iOS. 2018-03-06 23:18:24 +01:00
armv4cpuid.pl Update copyright year 2018-05-01 13:34:30 +01:00
build.info Remove import/use of File::Spec::Function 2018-04-01 22:41:04 +02:00
c64xpluscpuid.pl
cpt_err.c Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
cryptlib.c Enabled OneCore Conf for Console Apps (removed nonUniversal API) 2018-04-03 18:39:22 +02:00
ctype.c
cversion.c
dllmain.c
ebcdic.c
ex_data.c Ensure the thread keys are always allocated in the same order 2018-04-20 15:45:06 +02:00
ia64cpuid.S
init.c Fix memleaks in async api 2018-04-26 18:39:51 +02:00
LPdir_nyi.c
LPdir_unix.c Adjust LPdir_unix.c on VMS for OpenSSL expectations 2018-03-12 23:01:02 +01:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c Avoid unconditional store in CRYPTO_malloc. 2018-03-06 13:21:49 -05:00
mem_clr.c
mem_dbg.c
mem_sec.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c Set error code on alloc failures 2018-04-03 11:31:16 -04:00
o_init.c
o_str.c
o_time.c Update copyright year 2018-04-03 13:57:12 +01:00
pariscid.pl Update copyright year 2018-04-03 13:57:12 +01:00
ppc_arch.h
ppccap.c crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. 2018-06-06 22:14:15 +02:00
ppccpuid.pl
s390x_arch.h s390x assembly pack: add KMF code path for aes-cfb/cfb8 2018-03-28 23:31:01 +02:00
s390xcap.c
s390xcpuid.pl s390x assembly pack: add KMF code path for aes-cfb/cfb8 2018-03-28 23:31:01 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_pthread.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_win.c Save and restore the Windows error around TlsGetValue. 2018-05-23 17:34:54 -04:00
uid.c
vms_rms.h
x86_64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
x86cpuid.pl Fix issues in ia32 RDRAND asm leading to reduced entropy 2018-03-08 10:27:49 -05:00