Skip to content
  1. May 21, 2018
  2. May 18, 2018
  3. May 17, 2018
    • Matt Caswell's avatar
      Make BN_GF2m_mod_arr more constant time · 7e5292ba
      Matt Caswell authored
      
      
      Experiments have shown that the lookup table used by BN_GF2m_mod_arr
      introduces sufficient timing signal to recover the private key for an
      attacker with access to cache timing information on the victim's host.
      This only affects binary curves (which are less frequently used).
      
      No CVE is considered necessary for this issue.
      
      The fix is to replace the lookup table with an on-the-fly calculation of
      the value from the table instead, which can be performed in constant time.
      
      Thanks to Youngjoo Shin for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6270)
      
      (cherry picked from commit b336ce57)
      7e5292ba
  4. May 14, 2018
  5. May 12, 2018
  6. May 11, 2018
  7. May 05, 2018
  8. May 04, 2018
  9. May 03, 2018
  10. May 02, 2018
  11. May 01, 2018
  12. Apr 27, 2018
  13. Apr 26, 2018
  14. Apr 25, 2018
  15. Apr 24, 2018
  16. Apr 20, 2018
  17. Apr 19, 2018
  18. Apr 17, 2018