Skip to content
  1. Jun 09, 2018
  2. Jun 02, 2018
  3. May 31, 2018
  4. May 29, 2018
  5. May 23, 2018
  6. May 21, 2018
  7. May 18, 2018
  8. May 17, 2018
    • Matt Caswell's avatar
      Make BN_GF2m_mod_arr more constant time · 7e5292ba
      Matt Caswell authored
      
      
      Experiments have shown that the lookup table used by BN_GF2m_mod_arr
      introduces sufficient timing signal to recover the private key for an
      attacker with access to cache timing information on the victim's host.
      This only affects binary curves (which are less frequently used).
      
      No CVE is considered necessary for this issue.
      
      The fix is to replace the lookup table with an on-the-fly calculation of
      the value from the table instead, which can be performed in constant time.
      
      Thanks to Youngjoo Shin for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6270)
      
      (cherry picked from commit b336ce57)
      7e5292ba
  9. May 14, 2018
  10. May 12, 2018
  11. May 11, 2018
  12. May 05, 2018
  13. May 04, 2018
  14. May 03, 2018
  15. May 02, 2018
  16. May 01, 2018
  17. Apr 27, 2018
  18. Apr 26, 2018
  19. Apr 25, 2018
  20. Apr 24, 2018
  21. Apr 20, 2018
  22. Apr 19, 2018