Skip to content
  1. Oct 19, 2017
  2. Oct 13, 2017
  3. Oct 11, 2017
    • Matt Caswell's avatar
      Ensure we test all parameters for BN_FLG_CONSTTIME · 86ccadf5
      Matt Caswell authored
      
      
      RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls
      BN_mod_exp() as follows:
      
      BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)
      
      ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In
      BN_mod_exp() we only test the third param for the existence of this flag.
      We should test all the inputs.
      
      Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this
      issue.
      
      This typically only happens once at key load, so this is unlikely to be
      exploitable in any real scenario.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4477)
      
      (cherry picked from commit e913d11f)
      86ccadf5
  4. Oct 03, 2017
  5. Oct 02, 2017
  6. Sep 29, 2017
  7. Sep 27, 2017
  8. Sep 26, 2017
  9. Sep 19, 2017
  10. Sep 11, 2017
  11. Sep 07, 2017
  12. Aug 28, 2017
  13. Aug 25, 2017
  14. Aug 24, 2017
  15. Aug 23, 2017
  16. Aug 22, 2017
  17. Aug 18, 2017
  18. Aug 17, 2017
  19. Aug 15, 2017
  20. Aug 09, 2017
  21. Aug 07, 2017
  22. Aug 04, 2017
  23. Jul 31, 2017
  24. Jul 29, 2017
  25. Jul 28, 2017
  26. Jul 27, 2017
  27. Jul 25, 2017
  28. Jul 24, 2017