[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Tue Aug 27 08:24:18 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 51e236df41871871dabd2f5f7156e27a0eef3b3b (commit)
from 4bdab2571782393e4ba3acb8578c415ce1575a75 (commit)
- Log -----------------------------------------------------------------
commit 51e236df41871871dabd2f5f7156e27a0eef3b3b
Author: Cesar Pereida Garcia <cesar.pereidagarcia at tut.fi>
Date: Wed Aug 14 10:17:06 2019 +0300
Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.
This issue was discovered and reported by the NISEC group at TAU Finland.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)
(cherry picked from commit 724339ff44235149c4e8ddae614e1dda6863e23e)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pvkfmt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index e39c243814..609e3ad9ca 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
if (!read_lebn(&p, 20, &priv_key))
goto memerr;
+ /* Set constant time flag before public key calculation */
+ BN_set_flags(priv_key, BN_FLG_CONSTTIME);
+
/* Calculate public key */
pub_key = BN_new();
if (pub_key == NULL)
More information about the openssl-commits
mailing list