Avoid a timing side-channel leak when generating DSA and ECDSA signatures. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-06-13 15:05:04 +0000
committer	jsing <>	2018-06-13 15:05:04 +0000
commit	1385f2adfdeee36db41b61c1294f507d64a60fd1 (patch)
tree	da8994f3efae63494777101e1c2874396dfd7b32 /src/lib/libcrypto/dsa/dsa_sign.c
parent	c914528056cdb126fa0a225f3ee66af21a7caf66 (diff)
download	openbsd-1385f2adfdeee36db41b61c1294f507d64a60fd1.tar.gz openbsd-1385f2adfdeee36db41b61c1294f507d64a60fd1.tar.bz2 openbsd-1385f2adfdeee36db41b61c1294f507d64a60fd1.zip

Avoid a timing side-channel leak when generating DSA and ECDSA signatures.

This is caused by an attempt to do fast modular arithmetic, which introduces branches that leak information regarding secret values. Issue identified and reported by Keegan Ryan of NCC Group. ok beck@ tb@

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_sign.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: