Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-7]: src/crypto/external/bsd/openssl/dist/crypto Apply patch (requ...

details:   https://anonhg.NetBSD.org/src/rev/5d00e494ff36
branches:  netbsd-7
changeset: 800122:5d00e494ff36
user:      snj <snj%NetBSD.org@localhost>
date:      Mon Feb 06 07:26:15 2017 +0000

description:
Apply patch (requested by spz in ticket #1352):
Fix CVE-2016-7056 and CVE-2017-3731.

diffstat:

 crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c     |  2 ++
 crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c |  2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

diffs (24 lines):

diff -r 44bb2fedc30f -r 5d00e494ff36 crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c
--- a/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c  Sun Feb 05 19:21:29 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c  Mon Feb 06 07:26:15 2017 +0000
@@ -147,6 +147,8 @@
             if (!BN_add(k, k, order))
                 goto err;
 
+        BN_set_flags(k, BN_FLG_CONSTTIME);
+
         /* compute r the x-coordinate of generator * k */
         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
             ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
diff -r 44bb2fedc30f -r 5d00e494ff36 crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c
--- a/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c      Sun Feb 05 19:21:29 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c      Mon Feb 06 07:26:15 2017 +0000
@@ -267,6 +267,8 @@
             len = p[arg - 2] << 8 | p[arg - 1];
 
             if (!ctx->encrypt) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
                 len -= MD5_DIGEST_LENGTH;
                 p[arg - 2] = len >> 8;
                 p[arg - 1] = len;
Home | Main Index | Thread Index | Old Index