1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deps: float 26d7fce1 from openssl

Browse Source 
The fix for CVE-2018-0734, floated in 213c7d2d, failed to include a
constant-time calculation for one of the variables. This introduces
a fix for that.

Upstream: https://github.com/openssl/openssl/commit/26d7fce1

Original commit message:
  Add a constant time flag to one of the bignums to avoid a timing leak.

  Reviewed-by: Tim Hudson <tjh@openssl.org>
  (Merged from https://github.com/openssl/openssl/pull/7549)

  (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)

PR-URL: https://github.com/nodejs/node/pull/24353
Refs: https://github.com/openssl/openssl/pull/7549
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This commit is contained in:
Rod Vagg 2018-11-14 14:13:57 +11:00 committed by Daniel Bevenius
parent ed1c40e977
commit 323a365766
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deps/openssl/openssl/crypto/dsa/dsa_ossl.c vendored
View File

@ -225,6 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} while (BN_is_zero(k));
BN_set_flags(k, BN_FLG_CONSTTIME);
BN_set_flags(l, BN_FLG_CONSTTIME);
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,