summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ecdsa/ecs_ossl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix a small timing side channel in ecdsa_sign_setup(). Up to whitespacetb2018-04-281-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this is OpennSSL commit 4a089bbdf11f9e231cc68f42bba934c954d81a49. ok beck, jsing Original commit message: commit 4a089bbdf11f9e231cc68f42bba934c954d81a49 Author: Pauli <paul.dale@oracle.com> Date: Wed Nov 1 06:58:39 2017 +1000 Address a timing side channel whereby it is possible to determine some information about the length of the scalar used in ECDSA operations from a large number (2^32) of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4576)]
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-46/+39
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Add ct and nonct versions of BN_mod_inverse for internal usebeck2017-01-211-4/+6
| | | | ok jsing@
* Avoid a side-channel cache-timing attack that can leak the ECDSA privatejsing2017-01-051-1/+3
| | | | | | | | | keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. This issue was reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia.
* Lob a KNF grenade into the ecdsa code.jsing2015-02-081-151/+114
|
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-27/+15
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* Use C99 initializers for the various FOO_METHOD structs. More readable, andmiod2014-04-271-10/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid unreadable/unmaintainable constructs like that: const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { EVP_PKEY_CMAC, EVP_PKEY_CMAC, 0, "CMAC", "OpenSSL CMAC method", 0,0,0,0, 0,0,0, cmac_size, 0, 0,0,0,0,0,0,0, cmac_key_free, 0, 0,0 }; ok matthew@ deraadt@
* import OpenSSL-1.0.1cdjm2012-10-131-1/+4
|
* import OpenSSL 1.0.0edjm2011-11-031-0/+8
|
* import OpenSSL-1.0.0adjm2010-10-011-30/+24
|
* import of OpenSSL 0.9.8hdjm2008-09-061-0/+478
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-27 11:58:38 +0000