From: Cesar Pereida Garcia Date: Wed, 14 Aug 2019 07:17:06 +0000 (+0300) Subject: Fix SCA vulnerability when using PVK and MSBLOB key formats X-Git-Tag: openssl-3.0.0-alpha1~1539 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=724339ff44235149c4e8ddae614e1dda6863e23e;p=oweals%2Fopenssl.git Fix SCA vulnerability when using PVK and MSBLOB key formats This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Nicola Tuveri Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9587) --- diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 348a92b64a..adf2914433 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, if (!read_lebn(&p, 20, &priv_key)) goto memerr; + /* Set constant time flag before public key calculation */ + BN_set_flags(priv_key, BN_FLG_CONSTTIME); + /* Calculate public key */ pub_key = BN_new(); if (pub_key == NULL)