Merge pull request #5501 from Duncaen/libressl
libressl: add patch for CVE-2016-7056
This commit is contained in:
Enno Boland
GitHub
commit
80a57e843a
2 changed files with 13 additions and 1 deletions
12
srcpkgs/libressl/patches/CVE-2016-7056.patch
Normal file
12
srcpkgs/libressl/patches/CVE-2016-7056.patch
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
Avoid possible side-channel leak of ECDSA private keys when signing.
|
||||||
|
--- crypto/ecdsa/ecs_ossl.c
|
||||||
|
+++ crypto/ecdsa/ecs_ossl.c
|
||||||
|
@@ -141,6 +141,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *
|
||||||
|
if (BN_num_bits(k) <= BN_num_bits(order))
|
||||||
|
if (!BN_add(k, k, order))
|
||||||
|
goto err;
|
||||||
|
+
|
||||||
|
+ BN_set_flags(k, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
|
/* compute r the x-coordinate of generator * k */
|
||||||
|
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'libressl'
|
# Template file for 'libressl'
|
||||||
pkgname=libressl
|
pkgname=libressl
|
||||||
version=2.4.4
|
version=2.4.4
|
||||||
revision=1
|
revision=2
|
||||||
bootstrap=yes
|
bootstrap=yes
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
short_desc="Version of the TLS/crypto stack forked from OpenSSL"
|
short_desc="Version of the TLS/crypto stack forked from OpenSSL"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue