Add protection against ECDSA timing attacks as mentioned in the paper by Billy Bob Brumley and Nicola Tuveri, see: http://eprint.iacr.org/2011/232.pdf [Billy Bob Brumley and Nicola Tuveri] (patch confirmed in upstream cvs)diff -r1.155 -r1.156 pkgsrc/security/openssl/Makefile
(tez)
@@ -1,38 +1,38 @@ | @@ -1,38 +1,38 @@ | |||
1 | # $NetBSD: Makefile,v 1.155 2011/04/01 21:02:48 tez Exp $ | 1 | # $NetBSD: Makefile,v 1.156 2011/05/31 17:18:42 tez Exp $ | |
2 | 2 | |||
3 | OPENSSL_SNAPSHOT?= # empty | 3 | OPENSSL_SNAPSHOT?= # empty | |
4 | OPENSSL_STABLE?= # empty | 4 | OPENSSL_STABLE?= # empty | |
5 | OPENSSL_VERS?= 0.9.8q | 5 | OPENSSL_VERS?= 0.9.8q | |
6 | 6 | |||
7 | .if empty(OPENSSL_SNAPSHOT) | 7 | .if empty(OPENSSL_SNAPSHOT) | |
8 | DISTNAME= openssl-${OPENSSL_VERS} | 8 | DISTNAME= openssl-${OPENSSL_VERS} | |
9 | MASTER_SITES= ftp://ftp.openssl.org/source/ \ | 9 | MASTER_SITES= ftp://ftp.openssl.org/source/ \ | |
10 | ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \ | 10 | ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \ | |
11 | ftp://sunsite.uio.no/pub/security/openssl/source/ | 11 | ftp://sunsite.uio.no/pub/security/openssl/source/ | |
12 | .else | 12 | .else | |
13 | . if !empty(OPENSSL_STABLE:M[yY][eE][sS]) | 13 | . if !empty(OPENSSL_STABLE:M[yY][eE][sS]) | |
14 | DISTNAME= openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT} | 14 | DISTNAME= openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT} | |
15 | PKGNAME= openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT} | 15 | PKGNAME= openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT} | |
16 | MASTER_SITES= ftp://ftp.openssl.org/snapshot/ | 16 | MASTER_SITES= ftp://ftp.openssl.org/snapshot/ | |
17 | . else | 17 | . else | |
18 | DISTNAME= openssl-SNAP-${OPENSSL_SNAPSHOT} | 18 | DISTNAME= openssl-SNAP-${OPENSSL_SNAPSHOT} | |
19 | PKGNAME= openssl-${OPENSSL_VERS}alpha${OPENSSL_SNAPSHOT} | 19 | PKGNAME= openssl-${OPENSSL_VERS}alpha${OPENSSL_SNAPSHOT} | |
20 | MASTER_SITES= ftp://ftp.openssl.org/snapshot/ | 20 | MASTER_SITES= ftp://ftp.openssl.org/snapshot/ | |
21 | . endif | 21 | . endif | |
22 | .endif | 22 | .endif | |
23 | 23 | |||
24 | SVR4_PKGNAME= ossl | 24 | SVR4_PKGNAME= ossl | |
25 | PKGREVISION= 1 | 25 | PKGREVISION= 2 | |
26 | CATEGORIES= security | 26 | CATEGORIES= security | |
27 | MAINTAINER= pkgsrc-users@NetBSD.org | 27 | MAINTAINER= pkgsrc-users@NetBSD.org | |
28 | HOMEPAGE= http://www.openssl.org/ | 28 | HOMEPAGE= http://www.openssl.org/ | |
29 | COMMENT= Secure Socket Layer and cryptographic library | 29 | COMMENT= Secure Socket Layer and cryptographic library | |
30 | 30 | |||
31 | CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* | 31 | CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* | |
32 | 32 | |||
33 | CRYPTO= yes | 33 | CRYPTO= yes | |
34 | 34 | |||
35 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 35 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
36 | PKG_DESTDIR_SUPPORT= user-destdir | 36 | PKG_DESTDIR_SUPPORT= user-destdir | |
37 | 37 | |||
38 | .include "../../mk/bsd.prefs.mk" | 38 | .include "../../mk/bsd.prefs.mk" |
@@ -1,14 +1,15 @@ | @@ -1,14 +1,15 @@ | |||
1 | $NetBSD: distinfo,v 1.80 2011/02/09 00:15:30 taca Exp $ | 1 | $NetBSD: distinfo,v 1.81 2011/05/31 17:18:42 tez Exp $ | |
2 | 2 | |||
3 | SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d | 3 | SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d | |
4 | RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450 | 4 | RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450 | |
5 | Size (openssl-0.9.8q.tar.gz) = 3773961 bytes | 5 | Size (openssl-0.9.8q.tar.gz) = 3773961 bytes | |
6 | SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 | 6 | SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1 | |
7 | SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 | 7 | SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 | |
8 | SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 | 8 | SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 | |
9 | SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 | 9 | SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 | |
10 | SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 | 10 | SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 | |
11 | SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 | 11 | SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 | |
12 | SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 | 12 | SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 | |
13 | SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 | 13 | SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 | |
14 | SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = 07e038d0fa4df429336e9f879f3323fae5c6b9d9 | |||
14 | SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa | 15 | SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa |
$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.1 2011/05/31 17:18:42 tez Exp $
Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]
--- crypto/ecdsa/ecs_ossl.c.orig 2009-12-01 11:32:16.000000000 -0600
+++ crypto/ecdsa/ecs_ossl.c 2011-05-31 11:17:14.168169900 -0500
@@ -144,6 +144,16 @@
}
while (BN_is_zero(k));
+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
+ /* We do not want timing information to leak the length of k,
+ * so we compute G*k using an equivalent scalar of fixed
+ * bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
+
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{