deps: float 949ff366 from openssl (ECDSA blinding) (6.x backport) by rvagg · Pull Request #21347 · nodejs/node

rvagg · 2018-06-15T06:57:33Z

Same as #21345 but for 1.0.2 on 8.x.

Pending OpenSSL 1.0.2p release.

Ref: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Ref: #21345
Upstream: openssl/openssl@949ff366

Original commit message:

Add blinding to an ECDSA signature

Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
ECDSA signature operation. During signing the signer calculates:

s:= k^-1 * (m + r * priv_key) mod order

The addition operation above provides a sufficient signal for a
flush+reload attack to derive the private key given sufficient signature
operations.

As a mitigation (based on a suggestion from Keegan) we add blinding to
the operation so that:

s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order

Since this attack is a localhost side channel only no CVE is assigned.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Pending OpenSSL 1.0.2p release. Ref: https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ Ref: nodejs#21345 Upstream: openssl/openssl@949ff366 Original commit message: Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz <rsalz@openssl.org>

nodejs-github-bot · 2018-06-15T06:57:34Z

@rvagg build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/77/pipeline

shigeki

Is the linter error due to Makefile faults?

refack · 2018-06-15T22:00:40Z

Is the linter error due to Makefile faults?

Due to changes in CI job config. It's being fixed.

rvagg · 2018-06-18T04:17:08Z

cc6827c

rvagg added openssl Issues and PRs related to the OpenSSL dependency. security Issues and PRs related to security. labels Jun 15, 2018

rvagg requested review from addaleax, bnoordhuis and shigeki June 15, 2018 06:57

nodejs-github-bot added openssl Issues and PRs related to the OpenSSL dependency. v6.x labels Jun 15, 2018

bnoordhuis approved these changes Jun 15, 2018

View reviewed changes

shigeki approved these changes Jun 15, 2018

View reviewed changes

jasnell approved these changes Jun 15, 2018

View reviewed changes

rvagg closed this Jun 18, 2018

rvagg deleted the rvagg/openssl-949ff366-6.x branch June 18, 2018 04:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: float 949ff366 from openssl (ECDSA blinding) (6.x backport)#21347

deps: float 949ff366 from openssl (ECDSA blinding) (6.x backport)#21347
rvagg wants to merge 1 commit intonodejs:v6.x-stagingfrom
rvagg:rvagg/openssl-949ff366-6.x

rvagg commented Jun 15, 2018

Uh oh!

nodejs-github-bot commented Jun 15, 2018

Uh oh!

shigeki left a comment

Uh oh!

refack commented Jun 15, 2018

Uh oh!

rvagg commented Jun 18, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Uh oh!

Conversation

rvagg commented Jun 15, 2018

Uh oh!

nodejs-github-bot commented Jun 15, 2018

Uh oh!

shigeki left a comment

Choose a reason for hiding this comment

Uh oh!

refack commented Jun 15, 2018

Uh oh!

rvagg commented Jun 18, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants