[openssl/openssl] 0df711: Make BN_generate_dsa_nonce() constant time and non...
Tomáš Mráz
noreply at github.com
Thu May 9 07:35:04 UTC 2024
Branch: refs/heads/openssl-3.1
Home: https://github.com/openssl/openssl
Commit: 0df711a25da6e99a7ce0dbaf992acb644252385f
https://github.com/openssl/openssl/commit/0df711a25da6e99a7ce0dbaf992acb644252385f
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M include/internal/constant_time.h
Log Message:
-----------
Make BN_generate_dsa_nonce() constant time and non-biased
Co-authored-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5)
(Merged from https://github.com/openssl/openssl/pull/24317)
Commit: 5dbb2a8ca2c1ba42dfb9445b5ea76adccbdb9744
https://github.com/openssl/openssl/commit/5dbb2a8ca2c1ba42dfb9445b5ea76adccbdb9744
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M crypto/bn/bn_shift.c
M include/crypto/bn.h
M include/internal/constant_time.h
Log Message:
-----------
Add ossl_bn_is_word_fixed_top()
Also correct some BN_FLG_FIXED_TOP flag handling.
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 2d285fa873028f6cff9484a0cdf690fe05d7fb16)
(Merged from https://github.com/openssl/openssl/pull/24317)
Commit: a70ca93cdbc0ed36bf783b9eadc4cea35986b139
https://github.com/openssl/openssl/commit/a70ca93cdbc0ed36bf783b9eadc4cea35986b139
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Add ossl_bn_priv_rand_range_fixed_top() and use it for EC/DSA
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 13b3ca5c998e6db4f7251a56c43541cb1a422bd0)
(Merged from https://github.com/openssl/openssl/pull/24317)
Commit: fdc3efc371be43d5092bb19823e084f54541cbe3
https://github.com/openssl/openssl/commit/fdc3efc371be43d5092bb19823e084f54541cbe3
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()
And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top.
We do this to avoid leaking fixed top numbers via the public API.
Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top()
and make it LE/BE agnostic.
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2)
(Merged from https://github.com/openssl/openssl/pull/24317)
Commit: 7ecd90a4fd1e500b1d751e7d4f400310ef279c8a
https://github.com/openssl/openssl/commit/7ecd90a4fd1e500b1d751e7d4f400310ef279c8a
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M providers/fips/self_test_data.inc
Log Message:
-----------
Adjust FIPS EC/DSA self test data for different nonce generation
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 8a1f65468064e39f65ef4918c62db73a9eef80e4)
(Merged from https://github.com/openssl/openssl/pull/24317)
Commit: 549208d1f1175aca5cc1ea989c4e9e4a41bc558c
https://github.com/openssl/openssl/commit/549208d1f1175aca5cc1ea989c4e9e4a41bc558c
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
Log Message:
-----------
Correct top for EC/DSA nonces if BN_DEBUG is on
Otherwise following operations would bail out in bn_check_top().
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit a380ae85be287045b1eaa64d23942101a426c080)
(Merged from https://github.com/openssl/openssl/pull/24317)
Compare: https://github.com/openssl/openssl/compare/b50d1c2e7018...549208d1f117
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list