Update security/openssl to 1.0.2k.

Changes between 1.0.2j and 1.0.2k [26 Jan 2017]

  *) Truncated packet could crash via OOB read

     If one side of an SSL/TLS path is running on a 32-bit host and a specific
     cipher is being used, then a truncated packet can cause that host to
     perform an out-of-bounds read, usually resulting in a crash.

     This issue was reported to OpenSSL by Robert Święcki of Google.
     (CVE-2017-3731)
     [Andy Polyakov]

  *) BN_mod_exp may produce incorrect results on x86_64

     There is a carry propagating bug in the x86_64 Montgomery squaring
     procedure. No EC algorithms are affected. Analysis suggests that attacks
     against RSA and DSA as a result of this defect would be very difficult to
     perform and are not believed likely. Attacks against DH are considered just
     feasible (although very difficult) because most of the work necessary to
     deduce information about a private key may be performed offline. The amount
     of resources required for such an attack would be very significant and
     likely only accessible to a limited number of attackers. An attacker would
     additionally need online access to an unpatched system using the target
     private key in a scenario with persistent DH parameters and a private
     key that is shared between multiple clients. For example this can occur by
     default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
     similar to CVE-2015-3193 but must be treated as a separate problem.

     This issue was reported to OpenSSL by the OSS-Fuzz project.
     (CVE-2017-3732)
     [Andy Polyakov]

  *) Montgomery multiplication may produce incorrect results

     There is a carry propagating bug in the Broadwell-specific Montgomery
     multiplication procedure that handles input lengths divisible by, but
     longer than 256 bits. Analysis suggests that attacks against RSA, DSA
     and DH private keys are impossible. This is because the subroutine in
     question is not used in operations with the private key itself and an input
     of the attacker's direct choice. Otherwise the bug can manifest itself as
     transient authentication and key negotiation failures or reproducible
     erroneous outcome of public-key operations with specially crafted input.
     Among EC algorithms only Brainpool P-512 curves are affected and one
     presumably can attack ECDH key negotiation. Impact was not analyzed in
     detail, because pre-requisites for attack are considered unlikely. Namely
     multiple clients have to choose the curve in question and the server has to
     share the private key among them, neither of which is default behaviour.
     Even then only clients that chose the curve will be affected.

     This issue was publicly reported as transient failures and was not
     initially recognized as a security issue. Thanks to Richard Morgan for
     providing reproducible case.
     (CVE-2016-7055)
     [Andy Polyakov]

  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
     prevent issues where no progress is being made and the peer continually
     sends unrecognised record types, using up resources processing them.
     [Matt Caswell]

3 files changed, 7 insertions, 24 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 200ff60df0c..28bce6f4fa4 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.229 2016/12/06 18:18:54 marino Exp $
+# $NetBSD: Makefile,v 1.230 2017/01/26 16:31:57 jperkin Exp $
 
-DISTNAME=	openssl-1.0.2j
-PKGREVISION=	1
+DISTNAME=	openssl-1.0.2k
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/
 
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 0e7bc835a89..60a5264e54f 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.126 2016/11/02 13:10:31 maya Exp $
+$NetBSD: distinfo,v 1.127 2017/01/26 16:31:57 jperkin Exp $
 
-SHA1 (openssl-1.0.2j.tar.gz) = bdfbdb416942f666865fa48fe13c2d0e588df54f
-RMD160 (openssl-1.0.2j.tar.gz) = d5be416caf523f3496323dbd05547144348e7854
-SHA512 (openssl-1.0.2j.tar.gz) = 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd
-Size (openssl-1.0.2j.tar.gz) = 5307912 bytes
+SHA1 (openssl-1.0.2k.tar.gz) = 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
+RMD160 (openssl-1.0.2k.tar.gz) = 56b70831e49f83987ec14b3878d0d693f9a7d862
+SHA512 (openssl-1.0.2k.tar.gz) = 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016
+Size (openssl-1.0.2k.tar.gz) = 5309236 bytes
 SHA1 (patch-Configure) = 2d963d781314276a0ee1bc531df6bc50f0f6b32b
 SHA1 (patch-Makefile.org) = d2a9295003a8b88718a328b01ff6bcbbc102ec0b
 SHA1 (patch-Makefile.shared) = d317004d6ade167fc3b6e533bb8a1e93657188b2
@@ -11,5 +11,4 @@ SHA1 (patch-apps_Makefile) = 60113291f2a25f5f1c1dba35e8173087bcd4cc30
 SHA1 (patch-config) = 345cadece3bdf0ef0a273a6c9ba6d0cbb1026a31
 SHA1 (patch-crypto_bn_bn__prime.pl) = a516f3709a862d85e659d466e895419b1e0a94c8
 SHA1 (patch-crypto_des_Makefile) = 7a23f9883ff6c93ec0e5d08e1332cc95de8cdba2
-SHA1 (patch-engines_ccgost_Makefile) = 5ff1e2705f6cb46075d5e005af9e804bb81d65e5
 SHA1 (patch-tools_Makefile) = 67f0b9b501969382fd89b678c277d32bf5d294bc
diff --git a/security/openssl/patches/patch-engines_ccgost_Makefile b/security/openssl/patches/patch-engines_ccgost_Makefile
deleted file mode 100644
index 0be590e39c0..00000000000
--- a/security/openssl/patches/patch-engines_ccgost_Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-engines_ccgost_Makefile,v 1.4 2016/01/28 16:30:43 jperkin Exp $
-
-* Make sure rpath is set properly on the libgost.so engine lib.
-
---- engines/ccgost/Makefile.orig	2016-01-28 13:57:20.000000000 +0000
-+++ engines/ccgost/Makefile
-@@ -32,7 +32,7 @@ lib: $(LIBOBJ)
- 		$(MAKE) -f $(TOP)/Makefile.shared -e \
- 			LIBNAME=$(LIBNAME) \
- 			LIBEXTRAS='$(LIBOBJ)' \
--			LIBDEPS='-L$(TOP) -lcrypto' \
-+			LIBDEPS='-L$(TOP) -lcrypto $(EX_LIBS)' \
- 			link_o.$(SHLIB_TARGET); \
- 	else \
- 		$(AR) $(LIB) $(LIBOBJ); \