Timing vulnerability in DSA signature generation (CVE-2018-0734). (a9cfb8c2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL · GitLab

Commit a9cfb8c2 authored Oct 24, 2018 by

Pauli

Timing vulnerability in DSA signature generation (CVE-2018-0734).



Avoid a timing attack that leaks information via a side channel that
triggers when a BN is resized.  Increasing the size of the BNs
prior to doing anything with them suppresses the attack.

Thanks due to Samuel Weiser for finding and locating this.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7486)

parent 415c3356

Hide whitespace changes

Inline Side-by-side

admin_forge @etsi-cti-admin
mentioned in commit 8abfe72e
· Jun 19, 2019

mentioned in commit 8abfe72e

mentioned in commit 8abfe72e8c1de1b95f50aa0d9134803b4d00070f

Toggle commit list

Please register or to comment