Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
2011-05-25 14:52:21 +00:00 · 2011-05-25 14:52:21 +00:00 · a26e245ecd
commit a26e245ecd
parent 992bdde62d
1 changed files with 4 additions and 4 deletions
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@ -171,14 +171,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss

 	char *host, *port;

-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
 	*phost = NULL;
 	*pport = NULL;
 	*ppath = NULL;

+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
 	/* Check for initial colon */
 	p = strchr(buf, ':');