Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Apr 2018 19:45:55 +0000 (UTC)
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r467729 - in branches/2018Q2/security/openssl-devel: . files
Message-ID:  <201804181945.w3IJjtSB066816@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: brnrd
Date: Wed Apr 18 19:45:55 2018
New Revision: 467729
URL: https://svnweb.freebsd.org/changeset/ports/467729

Log:
  MFH: r467499
  
  security/openssl-devel: Security update for CVE-2018-0737
  
  Security:	8f353420-4197-11e8-8777-b499baebfeaf
  
  Approved by:	ports-secteam (riggs)

Added:
  branches/2018Q2/security/openssl-devel/files/patch-CVE-2018-7037
     - copied unchanged from r467499, head/security/openssl-devel/files/patch-CVE-2018-7037
Modified:
  branches/2018Q2/security/openssl-devel/Makefile
Directory Properties:
  branches/2018Q2/   (props changed)

Modified: branches/2018Q2/security/openssl-devel/Makefile
==============================================================================
--- branches/2018Q2/security/openssl-devel/Makefile	Wed Apr 18 18:31:53 2018	(r467728)
+++ branches/2018Q2/security/openssl-devel/Makefile	Wed Apr 18 19:45:55 2018	(r467729)
@@ -3,6 +3,7 @@
 
 PORTNAME=	openssl
 PORTVERSION=	1.1.0h
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.openssl.org/source/ \
 		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/

Copied: branches/2018Q2/security/openssl-devel/files/patch-CVE-2018-7037 (from r467499, head/security/openssl-devel/files/patch-CVE-2018-7037)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q2/security/openssl-devel/files/patch-CVE-2018-7037	Wed Apr 18 19:45:55 2018	(r467729, copy of r467499, head/security/openssl-devel/files/patch-CVE-2018-7037)
@@ -0,0 +1,27 @@
+From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001
+From: Billy Brumley <bbrumley@gmail.com>
+Date: Wed, 11 Apr 2018 10:10:58 +0300
+Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
+ both get called with BN_FLG_CONSTTIME flag set.
+
+CVE-2018-0737
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/rsa/rsa_gen.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
+index 9af43e05863..79f77e3eafd 100644
+--- crypto/rsa/rsa_gen.c.orig
++++ crypto/rsa/rsa_gen.c
+@@ -89,6 +89,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+     if (BN_copy(rsa->e, e_value) == NULL)
+         goto err;
+ 
++    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
++    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+     BN_set_flags(r2, BN_FLG_CONSTTIME);
+     /* generate p and q */
+     for (;;) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804181945.w3IJjtSB066816>