From 92107f81508aef4e74dbbfe9d6f9f169e80644b9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 25 May 2011 14:52:44 +0000 Subject: [PATCH] Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention. --- crypto/ocsp/ocsp_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 36905d76cd..e92b86c060 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); -- 2.25.1