- edited description
[OpenSSL-1.0.2] TNF local patch - CVE-2018-0737 RSA key generation cache timing vulnerability
original commit message:
http://mail-index.netbsd.org/source-changes/2018/04/18/msg094491.html
Comments (3)
-
reporter -
reporter -
reporter - changed status to resolved
BUGFIX: Issue
- CVE-2018-0737 RSA key generation cache timing vulnerability#167cherry-picked from OpenSSL-1_0_2-stable branch: https://github.com/openssl/openssl/commit/9db724cfede4ba7a3668bff533973ee70145ec07 https://github.com/openssl/openssl/commit/011f82e66f4bf131c733fd41a8390039859aafb2 https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
original commit message:
Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation
Reviewed-by: Rich Salz rsalz@openssl.org Reviewed-by: Kurt Roeckx kurt@roeckx.be Reviewed-by: Matt Caswell matt@openssl.org (Merged from https://github.com/openssl/openssl/pull/5170)
(cherry picked from commit 9db724cfede4ba7a3668bff533973ee70145ec07)
used ERR set/pop mark
Reviewed-by: Rich Salz rsalz@openssl.org Reviewed-by: Kurt Roeckx kurt@roeckx.be Reviewed-by: Matt Caswell matt@openssl.org (Merged from https://github.com/openssl/openssl/pull/5170)
(cherry picked from commit 011f82e66f4bf131c733fd41a8390039859aafb2)
consttime flag changed
Reviewed-by: Rich Salz rsalz@openssl.org Reviewed-by: Kurt Roeckx kurt@roeckx.be Reviewed-by: Matt Caswell matt@openssl.org (Merged from https://github.com/openssl/openssl/pull/5170)
(cherry picked from commit 7150a4720af7913cae16f2e4eaf768b578c0b298)
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
CVE-2018-0737
Reviewed-by: Rich Salz rsalz@openssl.org Reviewed-by: Matt Caswell matt@openssl.org (cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
→ <<cset 8d66249c744f5ed0cf448109ca8b45c646f50da3>>
- Log in to comment