Date: Mon, 13 Jun 2016 19:24:27 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r416862 - in branches/2016Q2/security/openssl: . files Message-ID: <201606131924.u5DJOREL048907@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Mon Jun 13 19:24:26 2016 New Revision: 416862 URL: https://svnweb.freebsd.org/changeset/ports/416862 Log: MFH: r416823 - Fix DSA, preserve BN_FLG_CONSTTIME Security: CVE-2016-2178 Approved by: ports-secteam (with hat) Added: branches/2016Q2/security/openssl/files/patch-dsa_ossl.c - copied unchanged from r416823, head/security/openssl/files/patch-dsa_ossl.c Modified: branches/2016Q2/security/openssl/Makefile Directory Properties: branches/2016Q2/ (props changed) Modified: branches/2016Q2/security/openssl/Makefile ============================================================================== --- branches/2016Q2/security/openssl/Makefile Mon Jun 13 19:21:32 2016 (r416861) +++ branches/2016Q2/security/openssl/Makefile Mon Jun 13 19:24:26 2016 (r416862) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.2 DISTVERSIONSUFFIX= h -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/source/ \ ftp://ftp.openssl.org/source/ \ Copied: branches/2016Q2/security/openssl/files/patch-dsa_ossl.c (from r416823, head/security/openssl/files/patch-dsa_ossl.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/security/openssl/files/patch-dsa_ossl.c Mon Jun 13 19:24:26 2016 (r416862, copy of r416823, head/security/openssl/files/patch-dsa_ossl.c) @@ -0,0 +1,35 @@ + +Fix DSA, preserve BN_FLG_CONSTTIME + +Operations in the DSA signing algorithm should run in constant time in +order to avoid side channel attacks. A flaw in the OpenSSL DSA +implementation means that a non-constant time codepath is followed for +certain operations. This has been demonstrated through a cache-timing +attack to be sufficient for an attacker to recover the private DSA key. + +CVE-2016-2178 + +--- crypto/dsa/dsa_ossl.c.orig 2016-05-03 15:44:42.000000000 +0200 ++++ crypto/dsa/dsa_ossl.c 2016-06-12 22:57:49.000000000 +0200 +@@ -248,9 +248,6 @@ + if (!BN_rand_range(&k, dsa->q)) + goto err; + while (BN_is_zero(&k)) ; +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { +- BN_set_flags(&k, BN_FLG_CONSTTIME); +- } + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, +@@ -282,6 +279,11 @@ + } else { + K = &k; + } ++ ++ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { ++ BN_set_flags(&k, BN_FLG_CONSTTIME); ++ } ++ + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, + dsa->method_mont_p); + if (!BN_mod(r, r, dsa->q, ctx))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606131924.u5DJOREL048907>