diff options
| author | Bodo Möller <bodo@openssl.org> | 2005-05-26 04:40:52 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2005-05-26 04:40:52 +0000 |
| commit | 0ebfcc8f92736c900bae4066040b67f6e5db8edb (patch) | |
| tree | c571b844553487ef4bd262a16675707dd5dde605 /CHANGES | |
| parent | c61f571ce02ab6ab8ffe0c33a03b4a32ae83516e (diff) | |
make sure DSA signing exponentiations really are constant-time
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -803,6 +803,13 @@ Changes between 0.9.7g and 0.9.7h [XX xxx XXXX] + *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform + the exponentiation using a fixed-length exponent. (Otherwise, + the information leaked through timing could expose the secret key + after many signatures; cf. Bleichenbacher's attack on DSA with + biased k.) + [Bodo Moeller] + *) Make a new fixed-window mod_exp implementation the default for RSA, DSA, and DH private-key operations so that the sequence of squares and multiplies and the memory access pattern are |