[crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.
authorCesar Pereida Garcia <cesar.pereidagarcia@tut.fi>
Thu, 5 Sep 2019 09:13:11 +0000 (12:13 +0300)
committerMatt Caswell <matt@openssl.org>
Fri, 6 Sep 2019 15:11:27 +0000 (16:11 +0100)
commit311e903d8468e2a380d371609a10eda71de16c0e
tree735af77d22a8078830dd70b50119c3cfbb23fba8
parentc7bfb138acf6103ae6fd178eb212b110bfb39c0d
[crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation.

This commit addresses multiple side-channel vulnerabilities present
during RSA key validation.
Private key parameters are re-computed using variable-time functions.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9779)
crypto/asn1/x_bignum.c
crypto/rsa/rsa_lib.c