CVSROOT: /cvs Module name: src Changes by: [email protected] 2017/01/05 06:28:48
Modified files:
lib/libssl/src/crypto/ecdsa: Tag: OPENBSD_6_0 ecs_ossl.c
Log message:
MFC: Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being used
without the constant time flag being set.
This issue was reported by Cesar Pereida Garcia and Billy Brumley
(Tampere University of Technology). The fix was developed by Cesar Pereida
Garcia.
