summaryrefslogtreecommitdiff
path: root/openssl0.9.8/patches/CVE-2011-1945.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl0.9.8/patches/CVE-2011-1945.patch')
-rw-r--r--openssl0.9.8/patches/CVE-2011-1945.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2011-1945.patch b/openssl0.9.8/patches/CVE-2011-1945.patch
new file mode 100644
index 0000000..c15dc80
--- /dev/null
+++ b/openssl0.9.8/patches/CVE-2011-1945.patch
@@ -0,0 +1,23 @@
+Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes
+ it easier to determine private keys.
+Origin: http://cvs.openssl.org/chngview?cn=20892
+
+Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c
++++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
+@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke
+ }
+ while (BN_is_zero(k));
+
++ /* We do not want timing information to leak the length of k,
++ * so we compute G*k using an equivalent scalar of fixed
++ * bit-length. */
++
++ if (!BN_add(k, k, order)) goto err;
++ if (BN_num_bits(k) <= BN_num_bits(order))
++ if (!BN_add(k, k, order)) goto err;
++
+ /* compute r the x-coordinate of generator * k */
+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ {
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-15 20:03:02 +0000