Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both ge…
…t called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 6939eab)
- Loading branch information
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to know whether this vulnerability affect 1.0.2a. I notice "Affected 1.0.2b-1.0.2o" in OpenSSL vulnerabilities.html page.
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for drawing our attention to that. That is a typo (now fixed). 1.0.2 and 1.0.2a are affected.
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When is OpenSSL version 1.0.2p going to be released?
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have no release-date scheduled. If a CVE comes up, that could force a release. Otherwise ... shrug.
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When will OpenSSL 1.0.2p be released? We need this version to fix the vulnerability CVE-2018-0737.
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As per the comment above from @richsalz we have no release data scheduled. CVE-2018-0737 is considered low severity and therefore most people can wait until the next release (whenever that is) to get the fix. If you must have the fix earlier than that then there is always the option of applying the patch from this commit manually.
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this the issue this fixes (CVE-2018-0737) exist in the FIPS crypto module as well? If so, will it get fixed?
349a41d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, but we are not touching the existing FIPS code.