diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-04-19 14:14:48 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-04-19 14:14:48 +0100 |
commit | 5cfef3c94cd7e82136c69a0322f5ba21f7e64632 (patch) | |
tree | 8f255dfacbacb657e3ac3654d01c1e11e651c066 /dev-libs/openssl/files | |
parent | 8aebb228036d5e2863b7eaa6e319ab41c1669269 (diff) |
gentoo resync : 19.04.2018
Diffstat (limited to 'dev-libs/openssl/files')
-rw-r--r-- | dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch new file mode 100644 index 000000000000..34c9cc02fa71 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch @@ -0,0 +1,31 @@ +From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001 +From: Billy Brumley <bbrumley@gmail.com> +Date: Wed, 11 Apr 2018 10:10:58 +0300 +Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont + both get called with BN_FLG_CONSTTIME flag set. + +CVE-2018-0737 + +Reviewed-by: Rich Salz <rsalz@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) +--- + crypto/rsa/rsa_gen.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c +index 9ca5dfe..42b89a8 100644 +--- a/crypto/rsa/rsa_gen.c ++++ b/crypto/rsa/rsa_gen.c +@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + if (BN_copy(rsa->e, e_value) == NULL) + goto err; + ++ BN_set_flags(rsa->p, BN_FLG_CONSTTIME); ++ BN_set_flags(rsa->q, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); + /* generate p and q */ + for (;;) { +-- +2.7.4 + |