Fix SCA vulnerability when using PVK and MSBLOB key formats

This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: N Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Paul Dale <paul.dale@oracle.com> Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9587) (cherry picked from commit 724339ff44235149c4e8ddae614e1dda6863e23e)

Fix SCA vulnerability when using PVK and MSBLOB key formats
This commit addresses a side-channel vulnerability present when PVK and MSBLOB key formats are loaded into OpenSSL. The public key was not computed using a constant-time exponentiation function. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: N Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: N Paul Dale <paul.dale@oracle.com> Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9587) (cherry picked from commit 724339ff44235149c4e8ddae614e1dda6863e23e)
51e236df · Cesar Pereida Garcia · Matt Caswell · 4bdab257 · 51e236df
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

crypto/pem/pvkfmt.c crypto/pem/pvkfmt.c +3 -0

未找到文件。
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -274,6 +274,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
        if (!read_lebn(&p, 20, &priv_key))
            goto memerr;

+        /* Set constant time flag before public key calculation */
+        BN_set_flags(priv_key, BN_FLG_CONSTTIME);
+
        /* Calculate public key */
        pub_key = BN_new();
        if (pub_key == NULL)