From: John Marino Date: Fri, 13 Jan 2017 22:11:37 +0000 (-0600) Subject: security/libressl: Fix ECDSA P-256 timing attack vulnerability X-Git-Tag: v4.8.0rc~225 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/bd84e83893b298face58762e1fec24667126c8c7 security/libressl: Fix ECDSA P-256 timing attack vulnerability OpenBSD 6.0 errata 16, Jan 5, 2017: Avoid possible side-channel leak of ECDSA private keys when signing. security: CVE-2016-7056 --- diff --git a/crypto/libressl/README.DRAGONFLY b/crypto/libressl/README.DRAGONFLY index be9696c75f..a74db54680 100644 --- a/crypto/libressl/README.DRAGONFLY +++ b/crypto/libressl/README.DRAGONFLY @@ -10,3 +10,6 @@ size = 3014463 sha1 = 5daaf33f5cc382e1c9dd7375a67e26aad1d0b2ed The file README.DELETED contains a list of deleted files and directories. + +Local modifications applied to following files: + crypto/ecdsa/ecs_ossl.c diff --git a/crypto/libressl/crypto/ecdsa/ecs_ossl.c b/crypto/libressl/crypto/ecdsa/ecs_ossl.c index b03b1fb0bd..37245d92b8 100644 --- a/crypto/libressl/crypto/ecdsa/ecs_ossl.c +++ b/crypto/libressl/crypto/ecdsa/ecs_ossl.c @@ -142,6 +142,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) if (!BN_add(k, k, order)) goto err; + BN_set_flags(k, BN_FLG_CONSTTIME); + /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);