mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
7f9822a482
openssl/crypto
History
Matt Caswell 7f9822a482 Add blinding to a DSA signature 
This extends the recently added ECDSA signature blinding to blind DSA too.

This is based on side channel attacks demonstrated by Keegan Ryan (NCC
Group) for ECDSA which are likely to be able to be applied to DSA.

Normally, as in ECDSA, during signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

In ECDSA, the addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

This commit also tweaks the previous ECDSA blinding so that blinding is
only removed at the last possible step.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6522)
2018-06-21 10:15:57 +01:00
..
aes PPC assembly pack: correct POWER9 results. 2018-06-03 21:20:06 +02:00
aria
asn1 Update copyright year 2018-06-20 15:29:23 +01:00
async Update copyright year 2018-05-01 13:34:30 +01:00
bf
bio Update copyright year 2018-05-29 13:16:04 +01:00
blake2
bn Update copyright year 2018-06-20 15:29:23 +01:00
buffer Update copyright year 2018-04-03 13:57:12 +01:00
camellia
cast
chacha Update copyright year 2018-06-20 15:29:23 +01:00
cmac Update copyright year 2018-04-17 15:18:40 +02:00
cms add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c 2018-06-18 10:45:35 +01:00
comp Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
conf Update copyright year 2018-05-29 13:16:04 +01:00
ct Update copyright year 2018-05-29 13:16:04 +01:00
des Update copyright year 2018-04-03 13:57:12 +01:00
dh Update copyright year 2018-06-20 15:29:23 +01:00
dsa Add blinding to a DSA signature 2018-06-21 10:15:57 +01:00
dso openssl#5668: corrections after compiling with -qinfo=all:als. 2018-04-14 13:28:31 +02:00
ec Add blinding to a DSA signature 2018-06-21 10:15:57 +01:00
engine Update copyright year 2018-06-20 15:29:23 +01:00
err Implement coordinate blinding for EC_POINT 2018-06-19 11:43:59 +01:00
evp Update copyright year 2018-06-20 15:29:23 +01:00
hmac Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00
idea
include/internal Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
kdf Update copyright year 2018-04-17 15:18:40 +02:00
lhash Update copyright year 2018-05-01 13:34:30 +01:00
md2
md4
md5
mdc2
modes Update copyright year 2018-06-20 15:29:23 +01:00
objects New GOST identificators 2018-06-08 12:06:40 -04:00
ocsp
pem Update copyright year 2018-05-29 13:16:04 +01:00
perlasm perlasm/ppc-xlate.pl: add vmrg[eo]w instructions. 2018-06-06 22:13:58 +02:00
pkcs7 Update copyright year 2018-03-20 13:08:46 +00:00
pkcs12 Update copyright year 2018-06-20 15:29:23 +01:00
poly1305 Update copyright year 2018-06-20 15:29:23 +01:00
rand RAND_POOL: Add missing implementations for djgpp 2018-06-15 08:13:03 +02:00
rc2
rc4 Update copyright year 2018-03-20 13:08:46 +00:00
rc5
ripemd
rsa Update copyright year 2018-05-29 13:16:04 +01:00
seed
sha Update copyright year 2018-06-20 15:29:23 +01:00
siphash Add support getting raw private/public keys 2018-06-08 10:04:09 +01:00
sm2 Move SM2 algos to SM2 specific PKEY method 2018-06-19 11:29:44 +01:00
sm3
sm4
srp Make ck_errf.pl ignore commented out error generation 2018-06-12 12:31:45 +02:00
stack Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
store Update copyright year 2018-05-29 13:16:04 +01:00
ts Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
txt_db Update copyright year 2018-04-03 13:57:12 +01:00
ui Update copyright year 2018-05-29 13:16:04 +01:00
whrlpool
x509 Update copyright year 2018-06-20 15:29:23 +01:00
x509v3 Update copyright year 2018-05-29 13:16:04 +01:00
alphacpuid.pl
arm64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
arm_arch.h Fix building linux-armv4 with --strict-warnings 2018-04-20 15:49:33 +02:00
armcap.c
armv4cpuid.pl Update copyright year 2018-05-01 13:34:30 +01:00
build.info Remove import/use of File::Spec::Function 2018-04-01 22:41:04 +02:00
c64xpluscpuid.pl
cpt_err.c Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
cryptlib.c Enabled OneCore Conf for Console Apps (removed nonUniversal API) 2018-04-03 18:39:22 +02:00
ctype.c
cversion.c
dllmain.c
ebcdic.c
ex_data.c Ensure the thread keys are always allocated in the same order 2018-04-20 15:45:06 +02:00
ia64cpuid.S
init.c Fix memleaks in async api 2018-04-26 18:39:51 +02:00
LPdir_nyi.c
LPdir_unix.c Adjust LPdir_unix.c on VMS for OpenSSL expectations 2018-03-12 23:01:02 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_dbg.c
mem_sec.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
mem.c
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c Set error code on alloc failures 2018-04-03 11:31:16 -04:00
o_init.c
o_str.c
o_time.c Update copyright year 2018-04-03 13:57:12 +01:00
pariscid.pl Update copyright year 2018-04-03 13:57:12 +01:00
ppc_arch.h
ppccap.c crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. 2018-06-06 22:14:15 +02:00
ppccpuid.pl
s390x_arch.h s390x assembly pack: add KMF code path for aes-cfb/cfb8 2018-03-28 23:31:01 +02:00
s390xcap.c
s390xcpuid.pl s390x assembly pack: add KMF code path for aes-cfb/cfb8 2018-03-28 23:31:01 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_pthread.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_win.c Save and restore the Windows error around TlsGetValue. 2018-05-23 17:34:54 -04:00
uid.c
vms_rms.h
x86_64cpuid.pl {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. 2018-06-03 21:15:18 +02:00
x86cpuid.pl