projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0a4c87a) | patch
Fix DSA, preserve BN_FLG_CONSTTIME
authorCesar Pereida <cesar.pereida@aalto.fi>
Mon, 23 May 2016 09:45:25 +0000 (12:45 +0300)
committerMatt Caswell <matt@openssl.org>
Mon, 6 Jun 2016 10:08:15 +0000 (11:08 +0100)
commit399944622df7bd81af62e67ea967c470534090e2
tree6d779ba9bc1e291a82fe1cb5a460ede441634fdbtree | snapshot
parent0a4c87a90c6cf6628c688868cd5f13e4b9a5f19dcommit | diff
Fix DSA, preserve BN_FLG_CONSTTIME

Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/dsa/dsa_ossl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.