Commit a26e245e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix the ECDSA timing attack mentioned in the paper at: 

	http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
parent 992bdde6

crypto/ocsp/ocsp_lib.c

+4 −4
Original line number Diff line number Diff line
@@ -171,14 +171,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss 


	char *host, *port;



	/* dup the buffer since we are going to mess with it */

	buf = BUF_strdup(url);

	if (!buf) goto mem_err;



	*phost = NULL;

	*pport = NULL;

	*ppath = NULL;



	/* dup the buffer since we are going to mess with it */

	buf = BUF_strdup(url);

	if (!buf) goto mem_err;



	/* Check for initial colon */

	p = strchr(buf, ':');