[openssl-users] Clarification regarding CVE-2016-2178 for openssl 1.0.2 i and 1.0.2 j

Matt Caswell matt at openssl.org
Tue Oct 25 08:55:43 UTC 2016

On 25/10/16 09:01, Sanjaya Joshi wrote:
> Hello,
> 1)
> In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178:
> "
>   *) Constant time flag not preserved in DSA signing
>      Operations in the DSA signing algorithm should run in constant time in
>      order to avoid side channel attacks. A flaw in the OpenSSL DSA
>      implementation means that a non-constant time codepath is followed for
>      certain operations. This has been demonstrated through a cache-timing
>      attack to be sufficient for an attacker to recover the private DSA key.
>      This issue was reported by César Pereida (Aalto University), Billy
> Brumley
>      (Tampere University of Technology), and Yuval Yarom (The University of
>      Adelaide and NICTA).
>      (CVE-2016-2178)
>      [César Pereida]
> "
> 2)
> And the related code diff in git
> is: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=399944622df7bd81af62e67ea967c470534090e2
> 3)
> But when i download the source code (1.0.2i and 1.0.2j), i cannot see
> those fixes.
> Could you please clarify a bit about this. Is this intended or i just
> need to apply the patches myself ?

Well, firstly the link you give above is the master version of the fix,
not the 1.0.2 version. Secondly, in 1.0.2, there were two relevant commits:





More information about the openssl-users mailing list