QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-03 13:09:38 +00:00
Code Issues Projects Releases Wiki Activity

[crypto/rsa] Fix multiple SCA vulnerabilities during RSA key validation.

Browse Source 
This commit addresses multiple side-channel vulnerabilities present during RSA key validation.
Private key parameters are re-computed using variable-time functions.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9785)
This commit is contained in:
Cesar Pereida Garcia 2019-09-05 17:47:40 +03:00 committed by Matt Caswell
parent 6a7bad0fd7
commit adaebd81a0
1 changed files with 8 additions and 0 deletions

8
crypto/rsa/rsa_chk.c

@ -63,6 +63,10 @@ int RSA_check_key(const RSA *key)
return 0;
}
/* Set consant-time flag on private parameters */
BN_set_flags(key->p, BN_FLG_CONSTTIME);
BN_set_flags(key->q, BN_FLG_CONSTTIME);
BN_set_flags(key->d, BN_FLG_CONSTTIME);
i = BN_new();
j = BN_new();
k = BN_new();
@ -141,6 +145,10 @@ int RSA_check_key(const RSA *key)
}
if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
/* Set consant-time flag on CRT parameters */
BN_set_flags(key->dmp1, BN_FLG_CONSTTIME);
BN_set_flags(key->dmq1, BN_FLG_CONSTTIME);
BN_set_flags(key->iqmp, BN_FLG_CONSTTIME);
/* dmp1 = d mod (p-1)? */
if (!BN_sub(i, key->p, BN_value_one())) {
ret = -1;