svn commit: r416823 - in head/security/openssl: . files

Pierre Guinoiseau pierre at guinoiseau.eu
Mon Jun 13 00:28:04 UTC 2016 

Hi,

can you please update the vuxml entry?

Cheers,
Pierre

On 12/06/2016 21:29:58, Dirk Meyer <dinoex at FreeBSD.org> wrote:

> Author: dinoex
> Date: Sun Jun 12 21:29:57 2016
> New Revision: 416823
> URL: https://svnweb.freebsd.org/changeset/ports/416823
> 
> Log:
>   - Fix DSA, preserve BN_FLG_CONSTTIME
>   Security: CVE-2016-2178
> 
> Added:
>   head/security/openssl/files/patch-dsa_ossl.c   (contents, props changed)
> Modified:
>   head/security/openssl/Makefile
> 
> Modified: head/security/openssl/Makefile
> ==============================================================================
> --- head/security/openssl/Makefile	Sun Jun 12 20:49:19 2016	(r416822)
> +++ head/security/openssl/Makefile	Sun Jun 12 21:29:57 2016	(r416823)
> @@ -4,7 +4,7 @@
>  PORTNAME=	openssl
>  PORTVERSION=	1.0.2
>  DISTVERSIONSUFFIX=	h
> -PORTREVISION=	12
> +PORTREVISION=	13
>  CATEGORIES=	security devel
>  MASTER_SITES=	http://www.openssl.org/source/ \
>  		ftp://ftp.openssl.org/source/ \
> 
> Added: head/security/openssl/files/patch-dsa_ossl.c
> ==============================================================================
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/openssl/files/patch-dsa_ossl.c	Sun Jun 12 21:29:57 2016	(r416823)
> @@ -0,0 +1,35 @@
> +
> +Fix DSA, preserve BN_FLG_CONSTTIME
> +
> +Operations in the DSA signing algorithm should run in constant time in
> +order to avoid side channel attacks. A flaw in the OpenSSL DSA
> +implementation means that a non-constant time codepath is followed for
> +certain operations. This has been demonstrated through a cache-timing
> +attack to be sufficient for an attacker to recover the private DSA key.
> +
> +CVE-2016-2178
> +
> +--- crypto/dsa/dsa_ossl.c.orig	2016-05-03 15:44:42.000000000 +0200
> ++++ crypto/dsa/dsa_ossl.c	2016-06-12 22:57:49.000000000 +0200
> +@@ -248,9 +248,6 @@
> +         if (!BN_rand_range(&k, dsa->q))
> +             goto err;
> +     while (BN_is_zero(&k)) ;
> +-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> +-        BN_set_flags(&k, BN_FLG_CONSTTIME);
> +-    }
> + 
> +     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
> +         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
> +@@ -282,6 +279,11 @@
> +     } else {
> +         K = &k;
> +     }
> ++
> ++    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
> ++        BN_set_flags(&k, BN_FLG_CONSTTIME);
> ++    }
> ++
> +     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
> +                    dsa->method_mont_p);
> +     if (!BN_mod(r, r, dsa->q, ctx))
> _______________________________________________
> svn-ports-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe at freebsd.org"

-- 
Pierre Guinoiseau <pierre at guinoiseau.eu>
https://segmentationfau.lt/ | +PierreGuinoiseau | @peikk00
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20160613/489fc998/attachment.sig>

More information about the svn-ports-head mailing list