The branch OpenSSL_1_0_2-stable has been updated
via 55611d549bcf65e0de04938adbf403ccf02f241b (commit)
from 7fafaf27c2c2990fde2798424a38ce8443dae595 (commit)
- Log -----------------------------------------------------------------
commit 55611d549bcf65e0de04938adbf403ccf02f241b
Author: Cesar Pereida Garcia <[email protected]>
Date: Mon Aug 19 10:33:14 2019 +0300
Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.
This issue was discovered and reported by the NISEC group at TAU Finland.
Reviewed-by: Nicola Tuveri <[email protected]>
Reviewed-by: Bernd Edlinger <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/9638)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pvkfmt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index f376f594b1..ff5674a99f 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -327,6 +327,8 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned
int length,
} else {
if (!read_lebn(&p, 20, &dsa->priv_key))
goto memerr;
+ /* Set constant time flag before public key calculation */
+ BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
/* Calculate public key */
if (!(dsa->pub_key = BN_new()))
goto memerr;
