[openssl-users] Clarification regarding CVE-2016-2178 for openssl 1.0.2 i and 1.0.2 j
Matt Caswell
matt at openssl.org
Tue Oct 25 08:55:43 UTC 2016
On 25/10/16 09:01, Sanjaya Joshi wrote:
> Hello,
>
> 1)
> In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178:
>
> "
> *) Constant time flag not preserved in DSA signing
>
> Operations in the DSA signing algorithm should run in constant time in
> order to avoid side channel attacks. A flaw in the OpenSSL DSA
> implementation means that a non-constant time codepath is followed for
> certain operations. This has been demonstrated through a cache-timing
> attack to be sufficient for an attacker to recover the private DSA key.
>
> This issue was reported by César Pereida (Aalto University), Billy
> Brumley
> (Tampere University of Technology), and Yuval Yarom (The University of
> Adelaide and NICTA).
> (CVE-2016-2178)
> [César Pereida]
> "
>
> 2)
> And the related code diff in git
> is: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=399944622df7bd81af62e67ea967c470534090e2
>
> 3)
> But when i download the source code (1.0.2i and 1.0.2j), i cannot see
> those fixes.
>
> Could you please clarify a bit about this. Is this intended or i just
> need to apply the patches myself ?
Well, firstly the link you give above is the master version of the fix,
not the 1.0.2 version. Secondly, in 1.0.2, there were two relevant commits:
https://github.com/openssl/openssl/commit/621eaf49a289bfac26d4cbcdb7396e796784c534
and
https://github.com/openssl/openssl/commit/b7d0f2834e139a20560d64c73e2565e93715ce2b
Matt
More information about the openssl-users
mailing list