Tue May 31 17:18:42 2011 UTC ()

Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
  http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]

(patch confirmed in upstream cvs)


(tez)

diff -r1.155 -r1.156 pkgsrc/security/openssl/Makefile
diff -r1.80 -r1.81 pkgsrc/security/openssl/distinfo
diff -r0 -r1.1 pkgsrc/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c

--- pkgsrc/security/openssl/Makefile 2011/04/01 21:02:48 1.155
+++ pkgsrc/security/openssl/Makefile 2011/05/31 17:18:42 1.156

 @@ -1,38 +1,38 @@
-# $NetBSD: Makefile,v 1.155 2011/04/01 21:02:48 tez Exp $
+# $NetBSD: Makefile,v 1.156 2011/05/31 17:18:42 tez Exp $
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
 OPENSSL_VERS?=		0.9.8q
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
 MASTER_SITES=	ftp://ftp.openssl.org/source/ \
 				ftp://sunsite.cnlab-switch.ch/mirror/openssl/source/ \
 				ftp://sunsite.uio.no/pub/security/openssl/source/
 .else
 .  if !empty(OPENSSL_STABLE:M[yY][eE][sS])
 DISTNAME=	openssl-${OPENSSL_VERS:C/[a-z]$//}-stable-SNAP-${OPENSSL_SNAPSHOT}
 PKGNAME=	openssl-${OPENSSL_VERS}beta${OPENSSL_SNAPSHOT}
 MASTER_SITES=	ftp://ftp.openssl.org/snapshot/
 .  else
 DISTNAME=	openssl-SNAP-${OPENSSL_SNAPSHOT}
 PKGNAME=	openssl-${OPENSSL_VERS}alpha${OPENSSL_SNAPSHOT}
 MASTER_SITES=	ftp://ftp.openssl.org/snapshot/
 .  endif
 .endif
 SVR4_PKGNAME=	ossl
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.openssl.org/
 COMMENT=	Secure Socket Layer and cryptographic library
 CONFLICTS=	SSLeay-[0-9]* ssleay-[0-9]*
 CRYPTO=		yes
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../mk/bsd.prefs.mk"

--- pkgsrc/security/openssl/distinfo 2011/02/09 00:15:30 1.80
+++ pkgsrc/security/openssl/distinfo 2011/05/31 17:18:42 1.81

 @@ -1,14 +1,15 @@
-$NetBSD: distinfo,v 1.80 2011/02/09 00:15:30 taca Exp $
+$NetBSD: distinfo,v 1.81 2011/05/31 17:18:42 tez Exp $
 SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d
 RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450
 Size (openssl-0.9.8q.tar.gz) = 3773961 bytes
 SHA1 (patch-aa) = eb25505e8a745eb5ba85f857b0f9302fd5e9bda1
 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
 SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480
 SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
 SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = 07e038d0fa4df429336e9f879f3323fae5c6b9d9
 SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa

$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.1 2011/05/31 17:18:42 tez Exp $

Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
  http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]

--- crypto/ecdsa/ecs_ossl.c.orig	2009-12-01 11:32:16.000000000 -0600
+++ crypto/ecdsa/ecs_ossl.c	2011-05-31 11:17:14.168169900 -0500
@@ -144,6 +144,16 @@
 			}
 		while (BN_is_zero(k));
 
+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
+		/* We do not want timing information to leak the length of k,
+		 * so we compute G*k using an equivalent scalar of fixed
+		 * bit-length. */
+
+		if (!BN_add(k, k, order)) goto err;
+		if (BN_num_bits(k) <= BN_num_bits(order))
+			if (!BN_add(k, k, order)) goto err;
+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
+
 		/* compute r the x-coordinate of generator * k */
 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 		{