diff options
author | Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> | 2019-08-14 10:17:06 +0300 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-27 09:07:30 +0100 |
commit | 724339ff44235149c4e8ddae614e1dda6863e23e (patch) | |
tree | c066fbe8fe14ba7b1e94a453b16a2aba0173c8e6 /crypto/pem | |
parent | 485d336137f2afa62e378bc39dcfa37dcfb222da (diff) |
Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.
This issue was discovered and reported by the NISEC group at TAU Finland.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pvkfmt.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 348a92b64a..adf2914433 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, if (!read_lebn(&p, 20, &priv_key)) goto memerr; + /* Set constant time flag before public key calculation */ + BN_set_flags(priv_key, BN_FLG_CONSTTIME); + /* Calculate public key */ pub_key = BN_new(); if (pub_key == NULL) |