Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes it easier to determine private keys. Origin: http://cvs.openssl.org/chngview?cn=20892 Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c =================================================================== --- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c +++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c @@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke } while (BN_is_zero(k)); + /* We do not want timing information to leak the length of k, + * so we compute G*k using an equivalent scalar of fixed + * bit-length. */ + + if (!BN_add(k, k, order)) goto err; + if (BN_num_bits(k) <= BN_num_bits(order)) + if (!BN_add(k, k, order)) goto err; + /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {