)]}' { "commit": "296a61d6007688a1472798879b81517920e35dff", "tree": "9ee361f7e20539380ed9706671493a145e45a6f7", "parents": [ "2bc937068d26312b5a334d635dd45209c9328a5a" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Dec 07 11:07:36 2017 -0500" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Thu Dec 07 16:54:32 2017 +0000" }, "message": "bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.\n\nCredit to OSS-Fuzz for finding this.\n\nCVE-2017-3738\n\n(Imported from upstream\u0027s 5630661aecbea5fe3c4740f5fea744a1f07a6253 and\n77d75993651b63e872244a3256e37967bb3c3e9e.)\n\nConfirmed with Intel SDE that the fix makes the test vector pass and\nthat, without the fix, the test vector does not. (Well, we knew the\nlatter already, since it was our test vector.)\n\nChange-Id: I167aa3407ddab3b434bacbd18e099c55aa40ac4c\nReviewed-on: https://boringssl-review.googlesource.com/23884\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "0bb50cdb0a2d14ea2ffcb33312caa8bec4ec14e0", "old_mode": 33261, "old_path": "crypto/fipsmodule/bn/asm/rsaz-avx2.pl", "new_id": "32c21673a2fc319b2790820adb878096a1188d72", "new_mode": 33261, "new_path": "crypto/fipsmodule/bn/asm/rsaz-avx2.pl" }, { "type": "modify", "old_id": "eb447b5369adc71987aa209d53eb6bf167677209", "old_mode": 33188, "old_path": "crypto/fipsmodule/bn/bn_tests.txt", "new_id": "87e64e2bed404173ba5672d57b5df84c96e28b2f", "new_mode": 33188, "new_path": "crypto/fipsmodule/bn/bn_tests.txt" } ] }