Hi, On 09/12/19 2:48 pm, Sylvain Beucler wrote: > Hi, > > On 09/12/2019 10:13, Utkarsh Gupta wrote: >> Here's what lead to this commit: >> >> - The upstream fix[1] provides a patch which is in the >> crypto/bn/asm/rsaz-x86_64.pl file. >> - Going back to the git history of this file, it leads to this >> commit[2], where the RSAZ assembly modules were first added. >> - The above commit[2] has been tagged as "OpenSSL_1_1_0-pre1". >> > But the commit was cherry-picked to 1.0.2, and possibly other versions: > https://github.com/openssl/openssl/commit/d5572bdc6432b900b669a0333fc2024b0cb0bc20 >> - Still to double check, I went to the release tag of the version in >> Jessie (that is, 1.0.1t), which leads to here[3]. >> - Checking the files in this release, there's no RSAZ assembly modules >> added here, which indeed confirms that the version in Jessie is >> actually not affected, since the affected modules were added in the >> later release. >> > So the reason is that the code is not present in 1.0.1t, not that it's > never present in < 1.1.0-pre1. Ah, I should've been clearer. They have an unusual way of releasing that rather confused me. Thanks, indeed. I'll fix the note. Best, Utkarsh
Attachment:
signature.asc
Description: OpenPGP digital signature