Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: float 26d7fce1 from openssl (CVE-2018-0734 follow-on) #24353

Closed

Commits on Nov 14, 2018

  1. deps: float 26d7fce1 from openssl (CVE-2018-0734 follow-on)

    The fix for CVE-2018-0734, floated in 213c7d2, failed to include a
    constant-time calculation for one of the variables. This introduces
    a fix for that.
    
    Ref: openssl/openssl#7549
    Upstream: openssl/openssl@26d7fce1
    
    Original commit message:
        Add a constant time flag to one of the bignums to avoid a timing leak.
    
        Reviewed-by: Tim Hudson <tjh@openssl.org>
        (Merged from openssl/openssl#7549)
    
        (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239)
    rvagg committed Nov 14, 2018
    Configuration menu
    Copy the full SHA
    497ba2a View commit details
    Browse the repository at this point in the history