[openssl-users] Clarification regarding CVE-2016-2178 for openssl 1.0.2 i and 1.0.2 j
matt at openssl.org
Tue Oct 25 08:55:43 UTC 2016
On 25/10/16 09:01, Sanjaya Joshi wrote:
> In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178:
> *) Constant time flag not preserved in DSA signing
> Operations in the DSA signing algorithm should run in constant time in
> order to avoid side channel attacks. A flaw in the OpenSSL DSA
> implementation means that a non-constant time codepath is followed for
> certain operations. This has been demonstrated through a cache-timing
> attack to be sufficient for an attacker to recover the private DSA key.
> This issue was reported by César Pereida (Aalto University), Billy
> (Tampere University of Technology), and Yuval Yarom (The University of
> Adelaide and NICTA).
> [César Pereida]
> And the related code diff in git
> is: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=399944622df7bd81af62e67ea967c470534090e2
> But when i download the source code (1.0.2i and 1.0.2j), i cannot see
> those fixes.
> Could you please clarify a bit about this. Is this intended or i just
> need to apply the patches myself ?
Well, firstly the link you give above is the master version of the fix,
not the 1.0.2 version. Secondly, in 1.0.2, there were two relevant commits:
More information about the openssl-users