Skip to content

Commit

Permalink
deps: float 26d7fce1 from openssl
Browse files Browse the repository at this point in the history 
The fix for CVE-2018-0734, floated in 213c7d2, failed to include a
constant-time calculation for one of the variables. This introduces
a fix for that.

Upstream: openssl/openssl@26d7fce1

Original commit message:
  Add a constant time flag to one of the bignums to avoid a timing leak.

  Reviewed-by: Tim Hudson <tjh@openssl.org>
  (Merged from openssl/openssl#7549)

  (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)

PR-URL: #24353
Refs: openssl/openssl#7549
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
  • Loading branch information
@rvagg @danbev
rvagg authored and danbev committed Nov 17, 2018
1 parent ed1c40e commit 323a365
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions deps/openssl/openssl/crypto/dsa/dsa_ossl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} while (BN_is_zero(k));

BN_set_flags(k, BN_FLG_CONSTTIME);
BN_set_flags(l, BN_FLG_CONSTTIME);

if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
Expand Down

0 comments on commit 323a365

Please sign in to comment.