diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 14:52:33 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-25 14:52:33 +0000 |
commit | ed67f7b7a76a5690b3ef7ebd373d45d21163b165 (patch) | |
tree | ec1928df0a0b1faa2467422959a7fa3b98b64a1d /crypto/ocsp | |
parent | 6ea8d138d36fc3a23876857d4139ae2efc32ba99 (diff) |
Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 36905d76cd..e92b86c060 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss char *host, *port; - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - *phost = NULL; *pport = NULL; *ppath = NULL; + /* dup the buffer since we are going to mess with it */ + buf = BUF_strdup(url); + if (!buf) goto mem_err; + /* Check for initial colon */ p = strchr(buf, ':'); |