[openssl] master update

Matt Caswell matt at openssl.org
Tue Aug 27 08:24:06 UTC 2019

The branch master has been updated
       via  724339ff44235149c4e8ddae614e1dda6863e23e (commit)
      from  485d336137f2afa62e378bc39dcfa37dcfb222da (commit)

- Log -----------------------------------------------------------------
commit 724339ff44235149c4e8ddae614e1dda6863e23e
Author: Cesar Pereida Garcia <cesar.pereidagarcia at tut.fi>
Date:   Wed Aug 14 10:17:06 2019 +0300

    Fix SCA vulnerability when using PVK and MSBLOB key formats
    This commit addresses a side-channel vulnerability present when
    PVK and MSBLOB key formats are loaded into OpenSSL.
    The public key was not computed using a constant-time exponentiation
    This issue was discovered and reported by the NISEC group at TAU Finland.
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9587)


Summary of changes:
 crypto/pem/pvkfmt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 348a92b64a..adf2914433 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
         if (!read_lebn(&p, 20, &priv_key))
             goto memerr;
+        /* Set constant time flag before public key calculation */
+        BN_set_flags(priv_key, BN_FLG_CONSTTIME);
         /* Calculate public key */
         pub_key = BN_new();
         if (pub_key == NULL)

More information about the openssl-commits mailing list