Vigil@nce - OpenSSL: DSA signature not running in constant time
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can monitor a process performing a DSA signature with
OpenSSL, in order to potentially obtain information about the
secret key.
Impacted products: BIG-IP Hardware, TMOS, OpenBSD, OpenSSL,
Solaris.
Severity: 2/4.
Creation date: 07/06/2016.
Revision date: 08/06/2016.
DESCRIPTION OF THE VULNERABILITY
OpenSSL includes an implementation of the DSA algorithm.
The BN_FLG_CONSTTIME flag requires this operation to be performed
in constant time, in order to block attacks watching the process.
However, the dsa_sign_setup() function of the
lib/libssl/src/crypto/dsa/dsa_ossl.c file does not correctly
initialize the BN_FLG_CONSTTIME flag.
An attacker can therefore monitor a process performing a DSA
signature with OpenSSL, in order to potentially obtain information
about the secret key.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/OpenSSL-DSA-signature-not-running-in-constant-time-19820