Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
8 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 09 7月, 2018 1 次提交
  3. 27 6月, 2018 1 次提交
  5. 22 6月, 2018 3 次提交
  7. 21 6月, 2018 1 次提交
    • M
      Add blinding to a DSA signature · 7f9822a4
      Matt Caswell 提交于 
      This extends the recently added ECDSA signature blinding to blind DSA too.

This is based on side channel attacks demonstrated by Keegan Ryan (NCC
Group) for ECDSA which are likely to be able to be applied to DSA.

Normally, as in ECDSA, during signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

In ECDSA, the addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

This commit also tweaks the previous ECDSA blinding so that blinding is
only removed at the last possible step.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6522)
      7f9822a4
  9. 19 6月, 2018 1 次提交
    • S
      Implement coordinate blinding for EC_POINT · f667820c
      Sohaib ul Hassan 提交于 
      This commit implements coordinate blinding, i.e., it randomizes the
representative of an elliptic curve point in its equivalence class, for
prime curves implemented through EC_GFp_simple_method,
EC_GFp_mont_method, and EC_GFp_nist_method.

This commit is derived from the patch
https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley.

Coordinate blinding is a generally useful side-channel countermeasure
and is (mostly) free. The function itself takes a few field
multiplicationss, but is usually only necessary at the beginning of a
scalar multiplication (as implemented in the patch). When used this way,
it makes the values that variables take (i.e., field elements in an
algorithm state) unpredictable.

For instance, this mitigates chosen EC point side-channel attacks for
settings such as ECDH and EC private key decryption, for the
aforementioned curves.

For EC_METHODs using different coordinate representations this commit
does nothing, but the corresponding coordinate blinding function can be
easily added in the future to extend these changes to such curves.
Co-authored-by: NNicola Tuveri <nic.tuv@gmail.com>
Co-authored-by: NBilly Brumley <bbrumley@gmail.com>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6501)
      f667820c
  11. 13 6月, 2018 1 次提交
    • M
      Add blinding to an ECDSA signature · a3e9d5aa
      Matt Caswell 提交于 
      Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
ECDSA signature operation. During signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

The addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      a3e9d5aa
  13. 25 5月, 2018 1 次提交
  15. 23 5月, 2018 1 次提交
    • K
      Enable SSL_MODE_AUTO_RETRY by default · 693cf80c
      Kurt Roeckx 提交于 
      Because TLS 1.3 sends more non-application data records some clients run
into problems because they don't expect SSL_read() to return and set
SSL_ERROR_WANT_READ after processing it.

This can cause problems for clients that use blocking I/O and use
select() to see if data is available. It can be cleared using
SSL_CTX_clear_mode().
Reviewed-by: NMatt Caswell <matt@openssl.org>
GH: #6260
      693cf80c
  17. 12 5月, 2018 1 次提交
  19. 09 5月, 2018 4 次提交
  21. 19 4月, 2018 1 次提交
  23. 17 4月, 2018 1 次提交
  25. 05 4月, 2018 1 次提交
  27. 04 4月, 2018 1 次提交
  29. 03 4月, 2018 2 次提交
    • M
      Fix a text canonicalisation bug in CMS · bcc63714
      Matt Caswell 提交于 
      Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5790)
      bcc63714
    • M
      Fix CHANGES · ba505435
      Matt Caswell 提交于 
      Fix the last release version number in CHANGES
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5852)
      ba505435
  31. 30 3月, 2018 1 次提交
  33. 27 3月, 2018 2 次提交
  35. 19 3月, 2018 1 次提交
  37. 14 3月, 2018 1 次提交
  39. 08 3月, 2018 1 次提交
    • V
      Implement multi-process OCSP responder. · 3e3c7c36
      Viktor Dukhovni 提交于 
      With "-multi" the OCSP responder forks multiple child processes,
and respawns them as needed.  This can be used as a long-running
service, not just a demo program.  Therefore the index file is
automatically re-read when changed.  The responder also now optionally
times out client requests.
Reviewed-by: NMatt Caswell <matt@openssl.org>
      3e3c7c36
  41. 05 3月, 2018 2 次提交
  43. 02 3月, 2018 1 次提交
  45. 23 2月, 2018 1 次提交
  47. 13 2月, 2018 3 次提交
  49. 12 2月, 2018 1 次提交
  51. 08 2月, 2018 1 次提交
  53. 30 1月, 2018 1 次提交
  55. 28 1月, 2018 1 次提交
  57. 24 1月, 2018 1 次提交
  59. 08 1月, 2018 1 次提交