From ac47871dfb962355c3c8971cd2fde2e4d03c9790 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Mon, 26 Sep 2016 12:18:14 +0200
Subject: openssl: Security fix CVE-2016-2178

affects openssl < 1.0.2i

Reference:
https://www.openssl.org/news/secadv/20160922.txt

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
---
 .../openssl/openssl/CVE-2016-2178.patch            | 54 ++++++++++++++++++++++
 .../openssl/openssl_1.0.2h.bbappend                |  3 ++
 2 files changed, 57 insertions(+)
 create mode 100644 recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
 create mode 100644 recipes-connectivity/openssl/openssl_1.0.2h.bbappend

diff --git a/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
new file mode 100644
index 0000000..07b1310
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
@@ -0,0 +1,54 @@
+From 621eaf49a289bfac26d4cbcdb7396e796784c534 Mon Sep 17 00:00:00 2001
+From: Cesar Pereida <cesar.pereida@aalto.fi>
+Date: Mon, 23 May 2016 12:45:25 +0300
+Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME
+
+Operations in the DSA signing algorithm should run in constant time in
+order to avoid side channel attacks. A flaw in the OpenSSL DSA
+implementation means that a non-constant time codepath is followed for
+certain operations. This has been demonstrated through a cache-timing
+attack to be sufficient for an attacker to recover the private DSA key.
+
+CVE-2016-2178
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+
+Upstream-Status: Backport
+CVE: CVE-2016-2178
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ crypto/dsa/dsa_ossl.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
+index efc4f1b..b29eb4b 100644
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+         if (!BN_rand_range(&k, dsa->q))
+             goto err;
+     while (BN_is_zero(&k)) ;
+-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+-        BN_set_flags(&k, BN_FLG_CONSTTIME);
+-    }
+ 
+     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+@@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+         }
+ 
+         K = &kq;
++
++        BN_set_flags(K, BN_FLG_CONSTTIME);
+     } else {
+         K = &k;
+     }
++
+     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                    dsa->method_mont_p);
+     if (!BN_mod(r, r, dsa->q, ctx))
+-- 
+2.7.4
+
diff --git a/recipes-connectivity/openssl/openssl_1.0.2h.bbappend b/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
new file mode 100644
index 0000000..9f70a33
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.2h.bbappend
@@ -0,0 +1,3 @@
+
+SRC_URI += "file://CVE-2016-2178.patch \
+           "
-- 
cgit v1.2.3-54-g00ecf