On Wed, 26 Mar 2014 06:55:41 +0000 geoff_l...@mcafee.com wrote: >It looks as though CVE-2014-0076 affects OpenSSL 0.9.8-based >distributions as well, correct?
Yes, 0.9.8y also uses the same Lopez/Dahab algo when computing elliptic scalar mult on curves defined over "binary fields" (i.e. GF(2^m)). >It doesn't appear that the fix has been applied to the >OpenSSL_0_9_8-stable branch yet though. I suppose it might need a >few tweaks to apply there cleanly... The tweaks are minimal and I've placed a backport here: http://sf.net/projects/mancha/files/sec/openssl-0.9.8y_CVE-2014- 0076.diff (.sig in same dir) Note: all 0.9.8y ecdsa regression tests passed post-patch. --mancha ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
