Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: float 99540ec from openssl (CVE-2018-0735)
Low severity timing vulnerability in ECDSA signature generation Publicly disclosed but unreleased, pending OpenSSL 1.1.0j Also includes trivial syntax fix from openssl/openssl#7516 Ref: https://www.openssl.org/news/secadv/20181029.txt Ref: openssl/openssl#7486 PR-URL: https://github.com/nodejs/node/pull/??? Upstream: openssl/openssl@99540ec Original commit message: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Preallocate an extra limb for some of the big numbers to avoid a reallocation that can potentially provide a side channel. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl/openssl#7486) PR-URL: #23950 Refs: https://www.openssl.org/news/secadv/20181029.txt Refs: openssl/openssl#7486 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information
