Re: [CVS] OpenSSL: openssl/ CHANGES openssl/crypto/ecdsa/ ecs_ossl.c

Fri, 27 May 2011 18:11:52 -0700

FWIW: This isn't like RSA blinding where the impact was significant.
The performance impact of this is negligible, it may as well be unconditional.


Peter


[email protected] wrote: -----

To: [email protected]
From: Mounir IDRASSI <[email protected]>
Sent by: [email protected]
Date: 05/28/2011 12:49AM
Subject: Re: [CVS] OpenSSL: openssl/ CHANGES openssl/crypto/ecdsa/ ecs_ossl.c

Hi ,

I agree with Bruce: we should default to a constant time behavior so
definitely the code must use #ifndef instead of #ifdef since the patch
makes the scalar a fixed bit length value.
I think the paper authors got confused when they wrote the code.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 5/27/2011 4:10 PM, Bruce Stephens wrote:
> "Dr. Stephen Henson"<[email protected]>  writes:
>
> [...]
>
>>    +#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
>>    +          /* We do not want timing information to leak the length of k,
>>    +          * so we compute G*k using an equivalent scalar of fixed
>>    +          * bit-length. */
>>    +
>>    +          if (!BN_add(k, k, order)) goto err;
>>    +          if (BN_num_bits(k)<= BN_num_bits(order))
>>    +               if (!BN_add(k, k, order)) goto err;
>>    +#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
>>    +
> Almost certainly my misunderstanding, but isn't the sense of this wrong?
>
> That is, surely the new code should be added if we want the CONSTTIME
> behaviour (i.e., if NO_CONSTTIME is not defined), and we'd want that by
> default so it should be #ifndef rather than #ifdef?
>
> (I agree it's #ifdef in the eprint too, which increases the likelyhood
> that I'm just misunderstanding something.)
>
> [...]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [email protected]
> Automated List Manager                           [email protected]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]


______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]

Reply via email to