[openssl/openssl] 0df711: Make BN_generate_dsa_nonce() constant time and non...

Thu, 09 May 2024 00:35:16 -0700 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 0df711a25da6e99a7ce0dbaf992acb644252385f
      
https://github.com/openssl/openssl/commit/0df711a25da6e99a7ce0dbaf992acb644252385f
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M crypto/bn/bn_lib.c
    M crypto/bn/bn_local.h
    M crypto/bn/bn_rand.c
    M include/internal/constant_time.h

  Log Message:
  -----------
  Make BN_generate_dsa_nonce() constant time and non-biased

Co-authored-by: Paul Dale <ppz...@gmail.com>

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit d7d1bdcb6aa3d5000bf7f5ebc5518be5c91fd5a5)

(Merged from https://github.com/openssl/openssl/pull/24317)


  Commit: 5dbb2a8ca2c1ba42dfb9445b5ea76adccbdb9744
      
https://github.com/openssl/openssl/commit/5dbb2a8ca2c1ba42dfb9445b5ea76adccbdb9744
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M crypto/bn/bn_lib.c
    M crypto/bn/bn_local.h
    M crypto/bn/bn_rand.c
    M crypto/bn/bn_shift.c
    M include/crypto/bn.h
    M include/internal/constant_time.h

  Log Message:
  -----------
  Add ossl_bn_is_word_fixed_top()

Also correct some BN_FLG_FIXED_TOP flag handling.

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit 2d285fa873028f6cff9484a0cdf690fe05d7fb16)

(Merged from https://github.com/openssl/openssl/pull/24317)


  Commit: a70ca93cdbc0ed36bf783b9eadc4cea35986b139
      
https://github.com/openssl/openssl/commit/a70ca93cdbc0ed36bf783b9eadc4cea35986b139
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M crypto/bn/bn_rand.c
    M crypto/dsa/dsa_ossl.c
    M crypto/ec/ecdsa_ossl.c
    M include/crypto/bn.h

  Log Message:
  -----------
  Add ossl_bn_priv_rand_range_fixed_top() and use it for EC/DSA

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit 13b3ca5c998e6db4f7251a56c43541cb1a422bd0)

(Merged from https://github.com/openssl/openssl/pull/24317)


  Commit: fdc3efc371be43d5092bb19823e084f54541cbe3
      
https://github.com/openssl/openssl/commit/fdc3efc371be43d5092bb19823e084f54541cbe3
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M crypto/bn/bn_rand.c
    M crypto/dsa/dsa_ossl.c
    M crypto/ec/ecdsa_ossl.c
    M include/crypto/bn.h

  Log Message:
  -----------
  Rename BN_generate_dsa_nonce() to ossl_bn_gen_dsa_nonce_fixed_top()

And create a new BN_generate_dsa_nonce() that corrects the BIGNUM top.
We do this to avoid leaking fixed top numbers via the public API.

Also add a slight optimization in ossl_bn_gen_dsa_nonce_fixed_top()
and make it LE/BE agnostic.

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit 9c85f6cd2d6debe5ef6ef475ff4bf17e0985f7a2)

(Merged from https://github.com/openssl/openssl/pull/24317)


  Commit: 7ecd90a4fd1e500b1d751e7d4f400310ef279c8a
      
https://github.com/openssl/openssl/commit/7ecd90a4fd1e500b1d751e7d4f400310ef279c8a
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M providers/fips/self_test_data.inc

  Log Message:
  -----------
  Adjust FIPS EC/DSA self test data for different nonce generation

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit 8a1f65468064e39f65ef4918c62db73a9eef80e4)

(Merged from https://github.com/openssl/openssl/pull/24317)


  Commit: 549208d1f1175aca5cc1ea989c4e9e4a41bc558c
      
https://github.com/openssl/openssl/commit/549208d1f1175aca5cc1ea989c4e9e4a41bc558c
  Author: Tomas Mraz <to...@openssl.org>
  Date:   2024-05-09 (Thu, 09 May 2024)

  Changed paths:
    M crypto/bn/bn_rand.c

  Log Message:
  -----------
  Correct top for EC/DSA nonces if BN_DEBUG is on

Otherwise following operations would bail out in bn_check_top().

Reviewed-by: Paul Dale <ppz...@gmail.com>
Reviewed-by: Neil Horman <nhor...@openssl.org>

(cherry picked from commit a380ae85be287045b1eaa64d23942101a426c080)

(Merged from https://github.com/openssl/openssl/pull/24317)


Compare: https://github.com/openssl/openssl/compare/b50d1c2e7018...549208d1f117

To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

Reply via email to