From 55611d549bcf65e0de04938adbf403ccf02f241b Mon Sep 17 00:00:00 2001 From: Cesar Pereida Garcia Date: Mon, 19 Aug 2019 10:33:14 +0300 Subject: [PATCH] Fix SCA vulnerability when using PVK and MSBLOB key formats This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9638) --- crypto/pem/pvkfmt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index f376f594b1..ff5674a99f 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -327,6 +327,8 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, } else { if (!read_lebn(&p, 20, &dsa->priv_key)) goto memerr; + /* Set constant time flag before public key calculation */ + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); /* Calculate public key */ if (!(dsa->pub_key = BN_new())) goto memerr;