snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

libressl: update to 2.3.6

This commit is contained in:
Alessio Sergi 2016-06-09 21:53:36 +02:00
parent 7c6ef61c30
commit f39013a469
2 changed files with 3 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
srcpkgs/libressl/patches/011_crypto.patch
View File

@ -1,32 +0,0 @@
OpenBSD 5.9 errata 11, June 6, 2016:
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set. This issue
was reported by Cesar Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA). The fix was developed by Cesar Pereida.
--- crypto/dsa/dsa_ossl.c 10 Sep 2015 07:58:28 -0000 1.23
+++ crypto/dsa/dsa_ossl.c 5 Jun 2016 20:17:11 -0000
@@ -247,9 +247,6 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_rand_range(&k, dsa->q))
goto err;
} while (BN_is_zero(&k));
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
- BN_set_flags(&k, BN_FLG_CONSTTIME);
- }
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
@@ -283,6 +280,11 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} else {
K = &k;
}
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
+ }
+
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
dsa->method_mont_p);
if (!BN_mod(r,r,dsa->q,ctx))

6
srcpkgs/libressl/template
View File

@ -1,7 +1,7 @@
# Template file for 'libressl'
pkgname=libressl
version=2.3.5
revision=2
version=2.3.6
revision=1
bootstrap=yes
build_style=gnu-configure
short_desc="Version of the TLS/crypto stack forked from OpenSSL"
@ -9,7 +9,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
license="OpenSSL-License, SSLeay-License, ISC"
homepage="http://www.libressl.org/"
distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${pkgname}-${version}.tar.gz"
checksum=f425275ce7debcc7282c9dcb46bd6eebbaf41ac60136e2fd32d8fd60be8b753b
checksum=358a4779e6813bd06f07db0cf0f0fe531401ed0c6ed958973d404416c3d537fa
provides="openssl-${version}_${revision}"
replaces="openssl>=0"