From 61f77f118bb5995fdbe938d45f4b361f2813488d Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.eu>
Date: Tue, 10 Jan 2017 19:36:03 +0100
Subject: [PATCH] libressl: add patch for CVE-2016-7056

CVE-2016-7056 ECDSA P-256 timing attack key recovery
http://seclists.org/oss-sec/2017/q1/52
---
 srcpkgs/libressl/patches/CVE-2016-7056.patch | 12 ++++++++++++
 srcpkgs/libressl/template                    |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/libressl/patches/CVE-2016-7056.patch

diff --git a/srcpkgs/libressl/patches/CVE-2016-7056.patch b/srcpkgs/libressl/patches/CVE-2016-7056.patch
new file mode 100644
index 0000000000..7941cd188b
--- /dev/null
+++ b/srcpkgs/libressl/patches/CVE-2016-7056.patch
@@ -0,0 +1,12 @@
+Avoid possible side-channel leak of ECDSA private keys when signing.
+--- crypto/ecdsa/ecs_ossl.c
++++ crypto/ecdsa/ecs_ossl.c
+@@ -141,6 +141,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *
+ 		if (BN_num_bits(k) <= BN_num_bits(order))
+ 			if (!BN_add(k, k, order))
+ 				goto err;
++
++		BN_set_flags(k, BN_FLG_CONSTTIME);
+ 
+ 		/* compute r the x-coordinate of generator * k */
+ 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c53dbd78da..985c661ba5 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
 # Template file for 'libressl'
 pkgname=libressl
 version=2.4.4
-revision=1
+revision=2
 bootstrap=yes
 build_style=gnu-configure
 short_desc="Version of the TLS/crypto stack forked from OpenSSL"