deps: float 43e6a58d from openssl (CVE-2018-0734)

Low severity timing vulnerability in the DSA signature algorithm Publicly disclosed but unreleased, pending OpenSSL 1.0.2q Ref: openssl/openssl#7486 Ref: openssl/openssl#7513 Ref: https://www.openssl.org/news/secadv/20181030.txt Ref: nodejs#23965 Upstream: openssl/openssl@a9cfb8c2 Upstream: openssl/openssl@43e6a58d Original commit message: Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack. Thanks due to Samuel Weiser for finding and locating this. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl/openssl#7486) Original backport commit message: Merge DSA reallocation timing fix CVE-2018-0734. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl/openssl#7513)
rvagg · Nov 14, 2018 · 56af407 · 56af407
1 parent e083cc1
commit 56af407
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
         goto err;
 
     /* Preallocate space */
-    q_bits = BN_num_bits(dsa->q);
+    q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16;
     if (!BN_set_bit(&k, q_bits)
         || !BN_set_bit(&l, q_bits)
         || !BN_set_bit(&m, q_bits))