Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9638)
This commit is contained in:
parent
7fafaf27c2
commit
55611d549b
1 changed files with 2 additions and 0 deletions
|
@ -327,6 +327,8 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
|
||||||
} else {
|
} else {
|
||||||
if (!read_lebn(&p, 20, &dsa->priv_key))
|
if (!read_lebn(&p, 20, &dsa->priv_key))
|
||||||
goto memerr;
|
goto memerr;
|
||||||
|
/* Set constant time flag before public key calculation */
|
||||||
|
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
|
||||||
/* Calculate public key */
|
/* Calculate public key */
|
||||||
if (!(dsa->pub_key = BN_new()))
|
if (!(dsa->pub_key = BN_new()))
|
||||||
goto memerr;
|
goto memerr;
|
||||||
|
|
Loading…
Reference in a new issue