> Attached is a proposed patch for CVE-2015-2141 mitigation, blinding and OpenMP support.
Forgot to mention... Evgeny has been kind enough to work with us by validating the proposed changes, so we know the CVE is mitigated. Jeff On Sunday, June 14, 2015 at 12:04:46 AM UTC-4, Jeffrey Walton wrote: > > Hi Everyone, > > Attached is a proposed patch for CVE-2015-2141 mitigation, blinding and > OpenMP support. Information can be found at Evgeny Sidorov's "Breaking the > Rabin-Williams digital signature system...", > https://eprint.iacr.org/2015/368. > > The goals of the patch were to: > > (1) mitigate CVE-2015-2141 > (2) improve CalculateInverse efficiency > > There are two mitigations available for (1). First is to disable blinding > (A). Second is to ensure the blinding value satisfies preconditions (B). > Both are available in the patch. By default, blinding is enabled, so > exiting behavior is preserved. > > For (2), Bernstein's Tweaked Roots was provided with precomputation. Its > controlled by CRYPTOPP_USE_RW_TWEAKED_ROOTS in config.h. It is enabled by > default. > > More details are below and in the patch. > > Any feedback or comments are welcomed. > ... > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
