mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
d9c22dde29
openssl/crypto/srp
History
Matt Caswell 5b57aa24c3 Ensure SRP BN_mod_exp follows the constant time path 
SRP_Calc_client_key calls BN_mod_exp with private data. However it was
not setting BN_FLG_CONSTTIME and therefore not using the constant time
implementation. This could be exploited in a side channel attack to
recover the password.

Since the attack is local host only this is outside of the current OpenSSL
threat model and therefore no CVE is assigned.

Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
issue.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13888)
2021-01-20 16:26:22 +00:00
..
build.info
srp_lib.c Ensure SRP BN_mod_exp follows the constant time path 2021-01-20 16:26:22 +00:00
srp_vfy.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00