untrusted comment: signature from openbsd 6.0 base secret key
RWSho3oKSqgLQ55BCxFoKK3pckJBYNZ3l6vujvan4SYLtXvRIsH6PNnmu7Xu18ILyYPxIQnYmCf1ux+IeoD8vzKfEeoCb+UVdQg=

OpenBSD 6.0 errata 16, Jan 5, 2017:

Avoid possible side-channel leak of ECDSA private keys when signing.

Apply by doing:
   signify -Vep /etc/signify/openbsd-60-base.pub -x 016_libcrypto.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install libcrypto:
       cd /usr/src/lib/libcrypto
       make obj
       make depend
       make
       make install

Index: lib/libssl/src/crypto/ecdsa/ecs_ossl.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/ecdsa/Attic/ecs_ossl.c,v
retrieving revision 1.6
retrieving revision 1.6.8.1
diff -u -p -r1.6 -r1.6.8.1
--- lib/libssl/src/crypto/ecdsa/ecs_ossl.c      8 Feb 2015 13:35:07 -0000       1.6
+++ lib/libssl/src/crypto/ecdsa/ecs_ossl.c      5 Jan 2017 13:28:48 -0000       1.6.8.1
@@ -141,6 +141,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *
               if (BN_num_bits(k) <= BN_num_bits(order))
                       if (!BN_add(k, k, order))
                               goto err;
+
+               BN_set_flags(k, BN_FLG_CONSTTIME);

               /* compute r the x-coordinate of generator * k */
               if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.