generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement fixed-window exponentiation to mitigate hyper-threading

Browse Source 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
This commit is contained in:
Bodo Möller
2005-05-16 01:26:08 +00:00
parent 64c32bf9eb
commit ecb1445ce2
20 changed files with 598 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/dsa/dsa_key.c
View File

@@ -90,8 +90,21 @@ int DSA_generate_key(DSA *dsa)
}
else
pub_key=dsa->pub_key;
{
BIGNUM local_prk;
BIGNUM *prk;
if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
{
prk = &local_prk;
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
}
else
prk = priv_key;
if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
}
dsa->priv_key=priv_key;
dsa->pub_key=pub_key;