mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-05 14:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
b336ce57f2
openssl/crypto
History
Matt Caswell b336ce57f2 Make BN_GF2m_mod_arr more constant time 
Experiments have shown that the lookup table used by BN_GF2m_mod_arr
introduces sufficient timing signal to recover the private key for an
attacker with access to cache timing information on the victim's host.
This only affects binary curves (which are less frequently used).

No CVE is considered necessary for this issue.

The fix is to replace the lookup table with an on-the-fly calculation of
the value from the table instead, which can be performed in constant time.

Thanks to Youngjoo Shin for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6270)
2018-05-17 16:57:11 +01:00
..
aes PPC assembly pack: add POWER9 results. 2018-05-10 11:44:21 +02:00
aria
asn1 a_strex.c: prevent out of bound read in do_buf() 2018-05-02 20:36:21 +02:00
async Update copyright year 2018-05-01 13:34:30 +01:00
bf
bio Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
blake2
bn Make BN_GF2m_mod_arr more constant time 2018-05-17 16:57:11 +01:00
buffer
camellia
cast
chacha PPC assembly pack: add POWER9 results. 2018-05-10 11:44:21 +02:00
cmac Update copyright year 2018-04-17 15:18:40 +02:00
cms Fix a mem leak in CMS 2018-05-08 08:43:39 +01:00
comp Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
conf Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
ct Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
des
dh Update copyright year 2018-04-17 15:18:40 +02:00
dsa Update copyright year 2018-04-17 15:18:40 +02:00
dso openssl#5668: corrections after compiling with -qinfo=all:als. 2018-04-14 13:28:31 +02:00
ec ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c 2018-05-09 13:30:38 +02:00
engine Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
err a_strex.c: prevent out of bound read in do_buf() 2018-05-02 20:36:21 +02:00
evp Update copyright year 2018-04-17 15:18:40 +02:00
hmac Update copyright year 2018-04-17 15:18:40 +02:00
idea
include/internal Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits 2018-05-02 10:18:29 +02:00
kdf Update copyright year 2018-04-17 15:18:40 +02:00
lhash Update copyright year 2018-05-01 13:34:30 +01:00
md2
md4
md5
mdc2
modes PPC assembly pack: add POWER9 results. 2018-05-10 11:44:21 +02:00
objects Add missing error code when alloc-return-null 2018-04-26 12:27:46 -04:00
ocsp
pem In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 2018-05-12 10:19:51 +02:00
perlasm
pkcs7
pkcs12 Update copyright year 2018-05-01 13:34:30 +01:00
poly1305 Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
rand Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
rc2
rc4
rc5
ripemd
rsa Update copyright year 2018-04-17 15:18:40 +02:00
seed
sha PPC assembly pack: add POWER9 results. 2018-05-10 11:44:21 +02:00
siphash Update copyright year 2018-04-17 15:18:40 +02:00
sm2 [SM2_sign] fix double free and return value 2018-04-25 10:24:43 +01:00
sm3
sm4
srp Fix a memory leak in an error path 2018-04-17 17:26:16 +01:00
stack Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
store Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
ts Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
txt_db
ui UI console: Restore tty settings, do not force ECHO after prompt 2018-05-14 11:00:23 +02:00
whrlpool
x509 Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
x509v3 v3_purp.c: add locking to x509v3_cache_extensions() 2018-05-03 22:22:37 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h Fix building linux-armv4 with --strict-warnings 2018-04-20 15:49:33 +02:00
armcap.c
armv4cpuid.pl Update copyright year 2018-05-01 13:34:30 +01:00
build.info
c64xpluscpuid.pl
cpt_err.c Fix last(?) batch of malloc-NULL places 2018-04-26 14:02:24 -04:00
cryptlib.c
ctype.c
cversion.c
dllmain.c
ebcdic.c
ex_data.c Ensure the thread keys are always allocated in the same order 2018-04-20 15:45:06 +02:00
ia64cpuid.S
init.c Fix memleaks in async api 2018-04-26 18:39:51 +02:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_dbg.c
mem_sec.c Use void in all function definitions that do not take any arguments 2018-05-11 14:37:48 +02:00
mem.c
mips_arch.h
o_dir.c
o_fips.c
o_fopen.c
o_init.c
o_str.c
o_time.c
pariscid.pl
ppc_arch.h
ppccap.c Fix --strict-warnings build of ppc-linux target 2018-05-08 15:14:27 +02:00
ppccpuid.pl
s390x_arch.h
s390xcap.c
s390xcpuid.pl
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_pthread.c Update copyright year 2018-04-17 15:18:40 +02:00
threads_win.c Update copyright year 2018-04-17 15:18:40 +02:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl