BSDSec

deadsimple BSD Security Advisories and Announcements

libcrypto patch available for DSA security issue

6 June, 2016 by beck@obtuse.com | openbsd 

Fixes are available to correct a problem that prevents the DSA signing
algorithm from running in constant time even if the flag
BN_FLG_CONSTTIME is set. 

This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.

Patches are available for 5.8 and 5.9 at:

http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/017_crypto.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/011_crypto.patch.sig

and have been commmitted to -current. 

Portably LibreSSL releases will appear shortly.