crypto

Soren Jacobsen Sun, 05 Feb 2017 23:27:57 -0800

Module Name:    src
Committed By:   snj
Date:           Mon Feb  6 07:27:01 UTC 2017


Modified Files:
        src/crypto/external/bsd/openssl/dist/crypto/ecdsa [netbsd-7-0]:
            ecs_ossl.c
        src/crypto/external/bsd/openssl/dist/crypto/evp [netbsd-7-0]:
            e_rc4_hmac_md5.c

Log Message:
Apply patch (requested by spz in ticket #1352):
Fix CVE-2016-7056 and CVE-2017-3731.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4.12.1 -r1.1.1.4.12.1.2.1 \
    src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c
cvs rdiff -u -r1.1.1.1.16.2 -r1.1.1.1.16.2.2.1 \
    src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c:1.1.1.4.12.1 src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c:1.1.1.4.12.1.2.1
--- src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c:1.1.1.4.12.1	Wed Apr 29 04:53:43 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c	Mon Feb  6 07:27:01 2017
@@ -147,6 +147,8 @@ static int ecdsa_sign_setup(EC_KEY *ecke
             if (!BN_add(k, k, order))
                 goto err;
 
+        BN_set_flags(k, BN_FLG_CONSTTIME);
+
         /* compute r the x-coordinate of generator * k */
         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
             ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);

Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.16.2 src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.16.2.2.1
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.16.2	Sat Jul 11 17:33:51 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c	Mon Feb  6 07:27:01 2017
@@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
             len = p[arg - 2] << 8 | p[arg - 1];
 
             if (!ctx->encrypt) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
                 len -= MD5_DIGEST_LENGTH;
                 p[arg - 2] = len >> 8;
                 p[arg - 1] = len;

CVS commit: [netbsd-7-0] src/crypto/external/bsd/openssl/dist/crypto

Reply via email to