diff options
| author | Bodo Möller <bodo@openssl.org> | 2005-05-26 04:40:57 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2005-05-26 04:40:57 +0000 |
| commit | e4106a4e242c75287484834ebac48cbba1045e3f (patch) | |
| tree | dd8c3d1a406c3d3da99962e408bc19f6a2c4f197 /CHANGES | |
| parent | a506b8c7dd6f2e8945679e70f38d3d18d3696812 (diff) | |
make sure DSA signing exponentiations really are constant-time
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -799,6 +799,13 @@ Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform + the exponentiation using a fixed-length exponent. (Otherwise, + the information leaked through timing could expose the secret key + after many signatures; cf. Bleichenbacher's attack on DSA with + biased k.) + [Bodo Moeller] + *) Make a new fixed-window mod_exp implementation the default for RSA, DSA, and DH private-key operations so that the sequence of squares and multiplies and the memory access pattern are |