Fix SCA vulnerability when using PVK and MSBLOB key formats (51e236df) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 51e236df authored Aug 14, 2019 by

Cesar Pereida Garcia Committed by Matt Caswell Aug 27, 2019

Fix SCA vulnerability when using PVK and MSBLOB key formats



This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)

(cherry picked from commit 724339ff44235149c4e8ddae614e1dda6863e23e)

parent 4bdab257

Hide whitespace changes

Inline Side-by-side

Please register or to comment