Fix a small timing side channel in ecdsa_sign_setup(). Up to whitespace - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2018-04-28 14:17:56 +0000
committer	tb <>	2018-04-28 14:17:56 +0000
commit	7018cf0029cc86e859990723d6340037f6f9402c (patch)
tree	5830f419f2ffbd95a2fa5d78672bbad416d608ce /src/lib/libcrypto/objects/obj_dat.c
parent	a635c776f5a1b0ce5e4b7cb9a0dd02f764bcd8b9 (diff)
download	openbsd-7018cf0029cc86e859990723d6340037f6f9402c.tar.gz openbsd-7018cf0029cc86e859990723d6340037f6f9402c.tar.bz2 openbsd-7018cf0029cc86e859990723d6340037f6f9402c.zip

Fix a small timing side channel in ecdsa_sign_setup(). Up to whitespace

this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49. ok beck, jsing Original commit message: commit 4a089bbdf11f9e231cc68f42bba934c954d81a49 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:39 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]

Diffstat (limited to 'src/lib/libcrypto/objects/obj_dat.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: