Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: float 415c3356 from openssl (DSA vulnerability)
Low severity timing vulnerability in the DSA signature algorithm Publicly disclosed but unreleased, pending OpenSSL 1.1.0j, not deemed severe enough to be assigned a CVE #. Ref: openssl/openssl#7487 PR-URL: https://github.com/nodejs/node/pull/??? Upstream: openssl/openssl@415c3356 Original commit message: DSA mod inverse fix There is a side channel attack against the division used to calculate one of the modulo inverses in the DSA algorithm. This change takes advantage of the primality of the modulo and Fermat's little theorem to calculate the inverse without leaking information. Thanks to Samuel Weiser for finding and reporting this. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl/openssl#7487) PR-URL: nodejs#23965 Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information