mirror of
https://github.com/openssl/openssl.git
synced 2025-02-17 14:32:04 +08:00
63c40a66c5
There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. Attacks on ECDSA nonce are also known as Minerva attack. Fixes CVE-2024-13176 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26429) |
||
|---|---|---|
| .. | ||
| asm | ||
| curve448 | ||
| build.info | ||
| curve25519.c | ||
| ec2_oct.c | ||
| ec2_smpl.c | ||
| ec_ameth.c | ||
| ec_asn1.c | ||
| ec_backend.c | ||
| ec_check.c | ||
| ec_curve.c | ||
| ec_cvt.c | ||
| ec_deprecated.c | ||
| ec_err.c | ||
| ec_key.c | ||
| ec_kmeth.c | ||
| ec_lib.c | ||
| ec_local.h | ||
| ec_mult.c | ||
| ec_oct.c | ||
| ec_pmeth.c | ||
| ec_print.c | ||
| ecdh_kdf.c | ||
| ecdh_ossl.c | ||
| ecdsa_ossl.c | ||
| ecdsa_sign.c | ||
| ecdsa_vrf.c | ||
| eck_prn.c | ||
| ecp_mont.c | ||
| ecp_nist.c | ||
| ecp_nistp224.c | ||
| ecp_nistp256.c | ||
| ecp_nistp384.c | ||
| ecp_nistp521.c | ||
| ecp_nistputil.c | ||
| ecp_nistz256_table.c | ||
| ecp_nistz256.c | ||
| ecp_oct.c | ||
| ecp_ppc.c | ||
| ecp_s390x_nistp.c | ||
| ecp_sm2p256_table.c | ||
| ecp_sm2p256.c | ||
| ecp_smpl.c | ||
| ecx_backend.c | ||
| ecx_backend.h | ||
| ecx_key.c | ||
| ecx_meth.c | ||
| ecx_s390x.c | ||