Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2018-0737: Set constant time for rsa computation: 

https://www.openssl.org/news/vulnerabilities.html
This needs to be pulled up to -8 using:
    349a41da1a
This commit is contained in:
christos 2018-04-17 14:48:48 +00:00
parent cbdb990355
commit 169d9d570d
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c vendored
View File

@ -89,6 +89,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {