The branch OpenSSL_1_1_0-stable has been updated via 04882f77a8bb5df8bc9f3f9f82191f487d350be1 (commit) from b14c6d9af475858c60f3d04abe7d87bd9f71d578 (commit)
- Log ----------------------------------------------------------------- commit 04882f77a8bb5df8bc9f3f9f82191f487d350be1 Author: Cesar Pereida Garcia <cesar.pereidagar...@tut.fi> Date: Wed Aug 14 10:17:06 2019 +0300 Fix SCA vulnerability when using PVK and MSBLOB key formats This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri <nic....@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlin...@hotmail.de> Reviewed-by: Paul Dale <paul.d...@oracle.com> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9587) (cherry picked from commit 724339ff44235149c4e8ddae614e1dda6863e23e) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pvkfmt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 96a82eb520..22e56d953d 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, if (!read_lebn(&p, 20, &priv_key)) goto memerr; + /* Set constant time flag before public key calculation */ + BN_set_flags(priv_key, BN_FLG_CONSTTIME); + /* Calculate public key */ pub_key = BN_new(); if (pub_key == NULL)