Gilles Peskine 5b0589e9ab
Fix non-constant-time comparison in mbedtls_mpi_random ...
Calling mbedtls_mpi_cmp_int reveals the number of leading zero limbs
to an adversary who is capable of very fine-grained timing
measurements. This is very little information, but could be practical
with secp521r1 (1/512 chance of the leading limb being 0) if the
adversary can measure the precise timing of a large number of
signature operations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-06-04 14:47:24 +02:00
2020-10-01 00:35:49 +02:00
2021-04-27 17:01:24 +01:00
2021-04-28 15:57:30 +02:00
2021-04-23 08:19:43 +02:00
2021-05-25 15:33:14 +02:00
2021-06-01 09:40:53 +02:00
2021-05-19 11:56:06 +02:00
2021-05-19 11:56:06 +02:00
2021-04-01 14:20:03 +02:00
2021-06-04 14:47:24 +02:00
2021-05-12 14:36:24 -04:00
2021-04-15 11:19:56 +01:00
2021-04-15 21:34:33 +02:00
2021-05-18 16:43:43 +02:00
2021-04-26 20:08:53 +02:00
2021-05-27 14:27:43 +02:00
2021-06-03 15:47:40 +08:00
2021-05-06 00:53:22 +02:00
2021-05-26 10:38:59 +02:00
2021-05-26 13:19:14 +02:00
2021-05-14 14:07:51 +02:00
2021-06-01 11:17:07 +02:00
2021-05-28 15:27:01 +02:00
2021-05-26 13:36:40 +02:00
2021-05-06 11:35:18 +02:00
2021-06-03 18:10:04 +02:00
2021-05-20 10:37:22 +02:00
2021-05-11 12:44:40 -06:00
2021-05-17 22:18:35 +02:00
2021-04-28 10:01:20 +02:00
2021-04-15 15:06:52 +02:00
2021-05-20 17:08:59 +01:00
2021-06-03 18:10:04 +02:00
2021-05-28 09:52:54 +01:00
2021-05-11 13:15:19 +02:00
2021-05-10 10:36:37 +02:00
2021-05-04 15:59:10 +02:00
2021-05-10 17:02:48 +01:00
2021-05-25 16:26:24 +01:00
2021-06-02 13:45:57 +01:00
2021-05-04 11:35:08 +02:00
2021-05-18 08:36:36 +01:00
2021-05-19 12:36:24 +02:00
2021-05-13 00:46:29 +02:00
2021-05-14 17:12:15 +01:00
2021-05-19 21:06:01 +02:00
2021-04-27 17:20:56 +01:00
5b0589e9ab