[openssl/openssl] b169c2: Make BN_generate_dsa_nonce() constant time and non...
Tomáš Mráz
noreply at github.com
Thu May 9 07:35:10 UTC 2024
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: b169c2c88611bed8bd1b6f0f8aea9bac4097372d
https://github.com/openssl/openssl/commit/b169c2c88611bed8bd1b6f0f8aea9bac4097372d
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M include/internal/constant_time.h
Log Message:
-----------
Make BN_generate_dsa_nonce() constant time and non-biased
Co-authored-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5)
(Merged from https://github.com/openssl/openssl/pull/24317)
(cherry picked from commit 0df711a25da6e99a7ce0dbaf992acb644252385f)
Commit: 40163b53f1f713a28b56e05fca30c87a696d20ac
https://github.com/openssl/openssl/commit/40163b53f1f713a28b56e05fca30c87a696d20ac
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_lib.c
M crypto/bn/bn_local.h
M crypto/bn/bn_rand.c
M crypto/bn/bn_shift.c
M include/crypto/bn.h
M include/internal/constant_time.h
Log Message:
-----------
Add ossl_bn_is_word_fixed_top()
Also correct some BN_FLG_FIXED_TOP flag handling.
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 2d285fa873028f6cff9484a0cdf690fe05d7fb16)
(Merged from https://github.com/openssl/openssl/pull/24317)
(cherry picked from commit 5dbb2a8ca2c1ba42dfb9445b5ea76adccbdb9744)
Commit: 8e4c17b7cbeba5f08dffe68d4a2b6a31e7c27b9c
https://github.com/openssl/openssl/commit/8e4c17b7cbeba5f08dffe68d4a2b6a31e7c27b9c
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Add ossl_bn_priv_rand_range_fixed_top() and use it for EC/DSA
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 13b3ca5c998e6db4f7251a56c43541cb1a422bd0)
(Merged from https://github.com/openssl/openssl/pull/24317)
(cherry picked from commit a70ca93cdbc0ed36bf783b9eadc4cea35986b139)
Commit: 51f93c3fe756d0c3f5fa1e77b6ae0cbd5f4b1992
https://github.com/openssl/openssl/commit/51f93c3fe756d0c3f5fa1e77b6ae0cbd5f4b1992
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
M crypto/dsa/dsa_ossl.c
M crypto/ec/ecdsa_ossl.c
M include/crypto/bn.h
Log Message:
-----------
Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()
And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top.
We do this to avoid leaking fixed top numbers via the public API.
Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top()
and make it LE/BE agnostic.
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2)
(Merged from https://github.com/openssl/openssl/pull/24317)
(cherry picked from commit fdc3efc371be43d5092bb19823e084f54541cbe3)
Commit: d8f4038fee95af894ba642a6b8692f6499eb4197
https://github.com/openssl/openssl/commit/d8f4038fee95af894ba642a6b8692f6499eb4197
Author: Tomas Mraz <tomas at openssl.org>
Date: 2024-05-09 (Thu, 09 May 2024)
Changed paths:
M crypto/bn/bn_rand.c
Log Message:
-----------
Correct top for EC/DSA nonces if BN_DEBUG is on
Otherwise following operations would bail out in bn_check_top().
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(cherry picked from commit a380ae85be287045b1eaa64d23942101a426c080)
(Merged from https://github.com/openssl/openssl/pull/24317)
(cherry picked from commit 549208d1f1175aca5cc1ea989c4e9e4a41bc558c)
Compare: https://github.com/openssl/openssl/compare/fc6c3a9e22ef...d8f4038fee95
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list