projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix SCA vulnerability when using PVK and MSBLOB key formats
[oweals/openssl.git] / crypto / pem / pvkfmt.c
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index e39c2438140d05e0da9b6f29d248cb29fce5e0ff..609e3ad9ca417e7b7efa57777939a3d5ce1d9901 100644 (file)
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
         if (!read_lebn(&p, 20, &priv_key))
             goto memerr;
 
+        /* Set constant time flag before public key calculation */
+        BN_set_flags(priv_key, BN_FLG_CONSTTIME);
+
         /* Calculate public key */
         pub_key = BN_new();
         if (pub_key == NULL)
Unnamed repository; edit this file 'description' to name the repository.