724339ff44
This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9587) |
||
|---|---|---|
| .. | ||
| build.info | ||
| pem_all.c | ||
| pem_err.c | ||
| pem_info.c | ||
| pem_lib.c | ||
| pem_oth.c | ||
| pem_pk8.c | ||
| pem_pkey.c | ||
| pem_sign.c | ||
| pem_x509.c | ||
| pem_xaux.c | ||
| pvkfmt.c | ||