-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken elliptic curve identities #994
Comments
Ugh, thanks @mkskeller. I'm going to back out most of the constant-time changes. My thinking is, the lesser of the two evils is the timing leak. The worse case is arriving at an incorrect result, and that is what currently happens. Revert at Commit 4e56a6393dce. For the upcoming Crypto++ 8.4 release, we re-activated CVE-2019-14318. The release notes can be found here. Ping @mouse07410 . Here is a simpler test program. It takes advantage of the fact the default constructor yields the identity element: DL_GroupParameters_EC<ECP> params(oid);
DL_GroupParameters_EC<ECP>::Element id;
id = params.GetCurve().Add(id, id);
bool res = params.IsIdentity(id); |
Distro maintainers, Here is the patch needed to back-out the broken code. The patch is a |
I concur. |
It seems that c9ef942 breaks basic elliptic curve identities. The following outputs three times 1 before and three times 0 after:
I'm using Ubuntu 20.04 with the system GCC.
The text was updated successfully, but these errors were encountered: