diff options
Diffstat (limited to 'openssl0.9.8/patches/CVE-2011-1945.patch')
-rw-r--r-- | openssl0.9.8/patches/CVE-2011-1945.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/openssl0.9.8/patches/CVE-2011-1945.patch b/openssl0.9.8/patches/CVE-2011-1945.patch new file mode 100644 index 0000000..c15dc80 --- /dev/null +++ b/openssl0.9.8/patches/CVE-2011-1945.patch @@ -0,0 +1,23 @@ +Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes + it easier to determine private keys. +Origin: http://cvs.openssl.org/chngview?cn=20892 + +Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c ++++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c +@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke + } + while (BN_is_zero(k)); + ++ /* We do not want timing information to leak the length of k, ++ * so we compute G*k using an equivalent scalar of fixed ++ * bit-length. */ ++ ++ if (!BN_add(k, k, order)) goto err; ++ if (BN_num_bits(k) <= BN_num_bits(order)) ++ if (!BN_add(k, k, order)) goto err; ++ + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) + { |