openssl/crypto
Cesar Pereida Garcia 51e236df41 Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)

(cherry picked from commit 724339ff44)
2019-08-27 09:13:34 +01:00
..
aes Fix Typos 2019-07-31 19:48:30 +02:00
aria
asn1 Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
async arch/async_posix.h: improve portability. 2018-10-19 10:31:04 +02:00
bf
bio BIO_lookup_ex: Do not retry on EAI_MEMORY 2019-08-13 11:44:45 +02:00
blake2 Update copyright year 2019-05-28 14:49:38 +02:00
bn Fix Typos 2019-07-31 19:48:30 +02:00
buffer
camellia Update copyright year 2018-09-11 13:45:17 +01:00
cast
chacha deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
cmac
cms Remove OPENSSL_X509V3_H include detector from openssl/cms.h 2019-07-24 17:08:38 +02:00
comp
conf crypto/conf: openssl_config_int() returns unitialized value 2019-05-29 10:47:40 +10:00
ct Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
des Update copyright year 2019-02-26 14:05:09 +00:00
dh Change DH parameters to generate the order q subgroup instead of 2q 2019-07-24 14:59:52 +02:00
dsa Fix Typos 2019-07-31 19:48:30 +02:00
dso Cygwin: enable the use of Dl_info and dladdr() 2019-07-21 11:08:56 +02:00
ec make ecp_nistz256_point_add_vis3() local 2019-08-09 09:12:42 +01:00
engine crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally 2019-08-15 11:23:12 +02:00
err make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA 2019-07-31 17:07:44 +03:00
evp Directly return from final sha3/keccak_final if no bytes are requested 2019-08-18 21:33:49 +02:00
hmac Update copyright year 2019-05-28 14:49:38 +02:00
idea
include/internal Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
kdf Reset the HKDF state between operations 2018-10-29 14:11:40 +00:00
lhash Fix Typos 2019-07-31 19:48:30 +02:00
md2
md4
md5
mdc2
modes Update copyright year 2019-05-28 14:49:38 +02:00
objects Fix GOST OID 2019-05-24 12:36:06 +03:00
ocsp Update copyright year 2019-05-28 14:49:38 +02:00
pem Fix SCA vulnerability when using PVK and MSBLOB key formats 2019-08-27 09:13:34 +01:00
perlasm Update copyright year 2019-02-26 14:05:09 +00:00
pkcs7 Update copyright year 2018-09-11 13:45:17 +01:00
pkcs12 Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
poly1305 deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
rand Avoid overflowing FDSET when using select(2). 2019-08-24 16:45:53 +10:00
rc2
rc4 deps: add s390 asm rules for OpenSSL-1.1.1 2019-03-01 08:41:26 +01:00
rc5
ripemd
rsa Ensure RSA PSS correctly returns the right default digest 2019-08-09 13:24:14 +01:00
seed Update copyright year 2018-09-11 13:45:17 +01:00
sha Fix syntax error for the armv4 assembler 2019-08-15 14:24:27 +02:00
siphash Fix SipHash init order. 2018-11-12 07:16:58 +01:00
sm2 Fix Typos 2019-07-31 19:48:30 +02:00
sm3
sm4
srp Update copyright year 2019-02-26 14:05:09 +00:00
stack Revert "stack/stack.c: omit redundant NULL checks." 2018-08-09 14:37:10 +01:00
store Fix Typos 2019-07-31 19:48:30 +02:00
ts Check conversion return in ASN1_INTEGER_print_bio. 2018-07-31 11:37:05 +10:00
txt_db
ui Fix Typos 2019-07-01 02:02:06 +08:00
whrlpool Fix warning C4164 in MSVC. 2019-07-31 17:32:16 +01:00
x509 Fix error handling in X509_chain_up_ref 2019-08-17 16:51:13 +02:00
x509v3 Add missing accessors for X509 AuthorityKeyIdentifier 2019-08-01 12:13:37 +02:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Update copyright year 2019-02-26 14:05:09 +00:00
armv4cpuid.pl
build.info Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
c64xpluscpuid.pl
cpt_err.c
cryptlib.c Update copyright year 2019-02-26 14:05:09 +00:00
ctype.c Add missing EBCDIC strings 2019-08-14 10:52:31 +01:00
cversion.c
dllmain.c Update copyright year 2018-09-11 13:45:17 +01:00
ebcdic.c
ex_data.c
getenv.c Use secure_getenv(3) when available. 2018-09-24 11:22:22 +10:00
ia64cpuid.S
init.c Fix Typos 2019-07-31 19:48:30 +02:00
LPdir_nyi.c
LPdir_unix.c typo-fixes: miscellaneous typo fixes 2018-09-21 23:59:02 +02:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
mem.c crypto/mem.c: switch to tsan_assist.h in CRYPTO_MDEBUG. 2018-08-07 09:08:50 +02:00
mem_clr.c
mem_dbg.c
mem_sec.c test/secmemtest: test secure memory only if it is implemented 2018-10-05 12:23:34 +02:00
mips_arch.h Update copyright year 2019-05-28 14:49:38 +02:00
o_dir.c
o_fips.c
o_fopen.c Add missing include file. 2018-09-17 12:54:20 +10:00
o_init.c
o_str.c Fix error handling at openssl_strerror_r 2019-06-18 13:58:52 +02:00
o_time.c
pariscid.pl
ppc_arch.h Update copyright year 2019-02-26 14:05:09 +00:00
ppccap.c crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00 2019-05-09 14:20:44 +10:00
ppccpuid.pl Update copyright year 2019-02-26 14:05:09 +00:00
s390x_arch.h s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
s390xcap.c s390x assembly pack: fix restoring of SIGILL action 2019-07-17 20:15:38 +02:00
s390xcpuid.pl s390x assembly pack: add KIMD/KLMD code path for sha3/shake 2018-08-06 12:04:52 +02:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
threads_none.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_pthread.c crypto/threads_*: remove CRYPTO_atomic_{read|write}. 2018-08-17 12:40:39 +02:00
threads_win.c Update copyright year 2019-05-28 14:49:38 +02:00
uid.c Swap #if blocks in uid.c so target platform gets checked before host 2019-06-18 12:53:27 +10:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl