Pullup ticket #3447 - requested by tez

security/openssl security fix

Revisions pulled up:
- security/openssl/Makefile                                     1.156
- security/openssl/distinfo                                     1.81
- security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c       1.1

---
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Tue May 31 17:18:42 UTC 2011

   Modified Files:
           pkgsrc/security/openssl: Makefile distinfo
   Added Files:
           pkgsrc/security/openssl/patches: patch-crypto_ecdsa_ecs__ossl.c

   Log Message:
   Add protection against ECDSA timing attacks as mentioned in the paper
   by Billy Bob Brumley and Nicola Tuveri, see:
     http://eprint.iacr.org/2011/232.pdf
   [Billy Bob Brumley and Nicola Tuveri]

   (patch confirmed in upstream cvs)

3 files changed, 31 insertions, 3 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index ea0b34b184f..4c585879ca0 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.155 2011/04/01 21:02:48 tez Exp $
+# $NetBSD: Makefile,v 1.155.2.1 2011/06/04 01:42:24 sbd Exp $
 
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
@@ -22,7 +22,7 @@ MASTER_SITES=	ftp://ftp.openssl.org/snapshot/
 .endif
 
 SVR4_PKGNAME=	ossl
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	security
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.openssl.org/
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index b4eec094ade..0b4c9d2163b 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.80 2011/02/09 00:15:30 taca Exp $
+$NetBSD: distinfo,v 1.80.2.1 2011/06/04 01:42:24 sbd Exp $
 
 SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d
 RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450
@@ -11,4 +11,5 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
+SHA1 (patch-crypto_ecdsa_ecs__ossl.c) = 07e038d0fa4df429336e9f879f3323fae5c6b9d9
 SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa
diff --git a/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c b/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c
new file mode 100644
index 00000000000..6d43b6c7818
--- /dev/null
+++ b/security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-crypto_ecdsa_ecs__ossl.c,v 1.1.2.2 2011/06/04 01:42:24 sbd Exp $
+
+Add protection against ECDSA timing attacks as mentioned in the paper
+by Billy Bob Brumley and Nicola Tuveri, see:
+  http://eprint.iacr.org/2011/232.pdf
+[Billy Bob Brumley and Nicola Tuveri]
+
+--- crypto/ecdsa/ecs_ossl.c.orig	2009-12-01 11:32:16.000000000 -0600
++++ crypto/ecdsa/ecs_ossl.c	2011-05-31 11:17:14.168169900 -0500
+@@ -144,6 +144,16 @@
+ 			}
+ 		while (BN_is_zero(k));
+ 
++#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
++		/* We do not want timing information to leak the length of k,
++		 * so we compute G*k using an equivalent scalar of fixed
++		 * bit-length. */
++
++		if (!BN_add(k, k, order)) goto err;
++		if (BN_num_bits(k) <= BN_num_bits(order))
++			if (!BN_add(k, k, order)) goto err;
++#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
++
+ 		/* compute r the x-coordinate of generator * k */
+ 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ 		{
+