Ensure SRP BN_mod_exp follows the constant time path

Asked by Viacheslav on 2021-02-16

Hello,

I'd like to point out that there are two fixes missing from the upstream, is there any chance to get them incorporated?

https://github.com/openssl/openssl/pull/13888
https://github.com/openssl/openssl/pull/13889

There was no CVE assigned, it was fixed between 1.1.1i and 1.1.1j.

Best regards

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Last query:
2021-02-16
Last reply:
2021-02-17
Manfred Hampl (m-hampl) said : #1

I suggest that you create a bug report.

Can you help with this problem?

Provide an answer of your own, or ask Viacheslav for more information if necessary.

To post a message you must log in.