deps: float 99540ec from openssl (CVE-2018-0735) - android-node-v8.git

diff options

author	Rod Vagg <rod@vagg.org>	2018-10-29 20:26:00 +1100
committer	Rich Trott <rtrott@gmail.com>	2018-11-03 19:45:05 -0700
commit	d8fb81fab3042b0229e11e82f88ed062b171036a (patch)
tree	5d8f5f09862511e67e3add5c8e9b278702d64b62 /deps/openssl/openssl/NOTES.WIN
parent	213c7d2d6465de7c8ac416da678b8b2d7445e614 (diff)
download	android-node-v8-d8fb81fab3042b0229e11e82f88ed062b171036a.tar.gz android-node-v8-d8fb81fab3042b0229e11e82f88ed062b171036a.tar.bz2 android-node-v8-d8fb81fab3042b0229e11e82f88ed062b171036a.zip

deps: float 99540ec from openssl (CVE-2018-0735)

Low severity timing vulnerability in ECDSA signature generation Publicly disclosed but unreleased, pending OpenSSL 1.1.0j Also includes trivial syntax fix from https://github.com/openssl/openssl/pull/7516 Ref: https://www.openssl.org/news/secadv/20181029.txt Ref: https://github.com/openssl/openssl/pull/7486 PR-URL: https://github.com/nodejs/node/pull/??? Upstream: https://github.com/openssl/openssl/commit/99540ec Original commit message: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Preallocate an extra limb for some of the big numbers to avoid a reallocation that can potentially provide a side channel. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7486) PR-URL: https://github.com/nodejs/node/pull/23950 Refs: https://www.openssl.org/news/secadv/20181029.txt Refs: https://github.com/openssl/openssl/pull/7486 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com>

Diffstat (limited to 'deps/openssl/openssl/NOTES.WIN')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: