wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix SCA vulnerability when using PVK and MSBLOB key formats

Browse source 
This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)
This commit is contained in:
Cesar Pereida Garcia 2019-08-14 10:17:06 +03:00 committed by Matt Caswell
parent 485d336137
commit 724339ff44
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
crypto/pem/pvkfmt.c
View file

@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
if (!read_lebn(&p, 20, &priv_key))
goto memerr;
/* Set constant time flag before public key calculation */
BN_set_flags(priv_key, BN_FLG_CONSTTIME);
/* Calculate public key */
pub_key = BN_new();
if (pub_key == NULL)