Ubuntu
openssl package

Ensure SRP BN_mod_exp follows the constant time path

Asked by Viacheslav on 2021-02-16

Hello,

I'd like to point out that there are two fixes missing from the upstream, is there any chance to get them incorporated?

https://github.com/openssl/openssl/pull/13888
https://github.com/openssl/openssl/pull/13889

There was no CVE assigned, it was fixed between 1.1.1i and 1.1.1j.

Best regards

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu openssl Edit question

Assignee:: No assignee Edit question

Last query:: 2021-02-16

Last reply:: 2021-02-17

Link existing bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2021-02-17:

#1

I suggest that you create a bug report.

Can you help with this problem?

Provide an answer of your own, or ask Viacheslav for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers