Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both ge…
…t called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
- Loading branch information
6939eab
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bbbrumley , @mattcaswell hello ,is the cve-2018-0737 has affected the openssl version1.1.0g?i have seen that the cve-2018-0737 has affected the 1.1.0-1.1.0h from the official website.but the version of 1.1.0g does not use the function of BN_mod_inverse. so can i consider that the cve-2018-0737 does not affect the 1.1.0g?
if cve-2018-0737 affect the 1.1.0g . so can i copy the two line BN_set_flags to 1.1.0g?can you give me some suggestions to fix it ?
thanks
6939eab
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@YanAnzouyijun It does affect 1.1.0g. Read our advice and/or check e.g. the Ubuntu patches.