[gnome-continuous-yocto/gnomeostree-3.28-rocko: 1448/8267] openssl: Security fix CVE-2016-2178

[Emmanuele Bassi <ebassi src gnome org>]

commit c0dbed63c6f1d7ac758672f20489ffaea3736758
Author: Armin Kuster <akuster mvista com>
Date:   Sat Jul 16 16:04:12 2016 -0700

    openssl: Security fix CVE-2016-2178
    
    affects  openssl <=  1.0.2h
    CVSS v2 Base Score: 2.1 LOW
    
    (From OE-Core rev: 5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e)
    
    Signed-off-by: Armin Kuster <akuster mvista com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../openssl/openssl/CVE-2016-2178.patch            |   51 ++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.0.2h.bb |    1 +
 2 files changed, 52 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch 
b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
new file mode 100644
index 0000000..27ade4e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
@@ -0,0 +1,51 @@
+From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001
+From: Cesar Pereida <cesar pereida aalto fi>
+Date: Mon, 23 May 2016 12:45:25 +0300
+Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
+
+Operations in the DSA signing algorithm should run in constant time in
+order to avoid side channel attacks. A flaw in the OpenSSL DSA
+implementation means that a non-constant time codepath is followed for
+certain operations. This has been demonstrated through a cache-timing
+attack to be sufficient for an attacker to recover the private DSA key.
+
+CVE-2016-2178
+
+Reviewed-by: Richard Levitte <levitte openssl org>
+Reviewed-by: Matt Caswell <matt openssl org>
+
+Upstream-Status: Backport
+CVE: CVE-2016-2178
+
+Signed-off-by: Armin Kuster <akuster mvista com>
+
+---
+ crypto/dsa/dsa_ossl.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c
+===================================================================
+--- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c
++++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c
+@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C
+         if (!BN_rand_range(&k, dsa->q))
+             goto err;
+     while (BN_is_zero(&k)) ;
+-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+-        BN_set_flags(&k, BN_FLG_CONSTTIME);
+-    }
+ 
+     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C
+     } else {
+         K = &k;
+     }
++
++    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
++        BN_set_flags(K, BN_FLG_CONSTTIME);
++    }
++
+     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                    dsa->method_mont_p);
+     if (!BN_mod(r, r, dsa->q, ctx))
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index e7d1106..4f91e55 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -40,6 +40,7 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
             file://configure-musl-target.patch \
             file://parallel.patch \
             file://CVE-2016-2177.patch \
+            file://CVE-2016-2178.patch \
            "
 SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
 SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"