summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-06-19 16:07:02 +0200
committerMatt Caswell <matt@openssl.org>2018-06-21 11:15:57 +0200
commit7f9822a48213dd2feca845dbbb6bcb8beb9550de (patch)
tree36b9afd40719605332a498a4ea37aa627d14f04e /CHANGES
parentDocument no-sm2 (diff)
downloadopenssl-7f9822a48213dd2feca845dbbb6bcb8beb9550de.tar.xz
openssl-7f9822a48213dd2feca845dbbb6bcb8beb9550de.zip
Add blinding to a DSA signature
This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6522)
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES4
1 files changed, 2 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index a4beda66dd..4dc065923c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,8 +13,8 @@
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
- *) Add blinding to an ECDSA signature to protect against side channel attacks
- discovered by Keegan Ryan (NCC Group).
+ *) Add blinding to ECDSA and DSA signatures to protect against side channel
+ attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) Enforce checking in the pkeyutl command line app to ensure that the input