[pkgsrc/trunk]: pkgsrc/security/openssl Correct the fix for http://secunia.co...

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/056a98e5e722
branches:  trunk
changeset: 590154:056a98e5e722
user:      tez <tez%pkgsrc.org@localhost>
date:      Mon Jul 04 14:42:56 2011 +0000

description:
Correct the fix for http://secunia.com/advisories/44572/
See the thread here:
  http://www.mail-archive.com/openssl-dev%openssl.org@localhost/msg29283.html

diffstat:

 security/openssl/Makefile                               |   4 ++--
 security/openssl/distinfo                               |   4 ++--
 security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c |  11 ++++++-----
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (69 lines):

diff -r 7ad26d7eb010 -r 056a98e5e722 security/openssl/Makefile
--- a/security/openssl/Makefile Mon Jul 04 12:08:51 2011 +0000
+++ b/security/openssl/Makefile Mon Jul 04 14:42:56 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.156 2011/05/31 17:18:42 tez Exp $
+# $NetBSD: Makefile,v 1.157 2011/07/04 14:42:56 tez Exp $
 
 OPENSSL_SNAPSHOT?=     # empty
 OPENSSL_STABLE?=       # empty
@@ -22,7 +22,7 @@
 .endif
 
 SVR4_PKGNAME=  ossl
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    security
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://www.openssl.org/
diff -r 7ad26d7eb010 -r 056a98e5e722 security/openssl/distinfo
--- a/security/openssl/distinfo Mon Jul 04 12:08:51 2011 +0000
+++ b/security/openssl/distinfo Mon Jul 04 14:42:56 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.81 2011/05/31 17:18:42 tez Exp $
+$NetBSD: distinfo,v 1.82 2011/07/04 14:42:56 tez Exp $
 
 SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d
 RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450
@@ -11,5 +11,5 @@
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
-SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = 07e038d0fa4df429336e9f879f3323fae5c6b9d9
+SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = d5eeefca9df411d7478f731809133dea8f1978f5
 SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa
diff -r 7ad26d7eb010 -r 056a98e5e722 security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c
--- a/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c   Mon Jul 04 12:08:51 2011 +0000
+++ b/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c   Mon Jul 04 14:42:56 2011 +0000
@@ -1,17 +1,19 @@
-$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.1 2011/05/31 17:18:42 tez Exp $
+$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.2 2011/07/04 14:42:57 tez Exp $
 
 Add protection against ECDSA timing attacks as mentioned in the paper
 by Billy Bob Brumley and Nicola Tuveri, see:
   http://eprint.iacr.org/2011/232.pdf
 [Billy Bob Brumley and Nicola Tuveri]
 
+#ifdef conditional removed per
+   http://www.mail-archive.com/openssl-dev%openssl.org@localhost/msg29283.html
+
 --- crypto/ecdsa/ecs_ossl.c.orig       2009-12-01 11:32:16.000000000 -0600
-+++ crypto/ecdsa/ecs_ossl.c    2011-05-31 11:17:14.168169900 -0500
-@@ -144,6 +144,16 @@
++++ crypto/ecdsa/ecs_ossl.c    2011-06-03 10:10:10.161291300 -0500
+@@ -144,6 +144,14 @@
                        }
                while (BN_is_zero(k));
  
-+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
 +              /* We do not want timing information to leak the length of k,
 +               * so we compute G*k using an equivalent scalar of fixed
 +               * bit-length. */
@@ -19,7 +21,6 @@
 +              if (!BN_add(k, k, order)) goto err;
 +              if (BN_num_bits(k) <= BN_num_bits(order))
 +                      if (!BN_add(k, k, order)) goto err;
-+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
 +
                /* compute r the x-coordinate of generator * k */
                if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))