gentoo resync : 18.11.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-11-18 09:38:27 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2018-11-18 09:38:27 +0000
commit: 536c3711867ec947c1738f2c4b96f22e4863322d (patch)
tree: 697733f5cb713908dcf378e13fd15a798a906a91 /dev-libs/openssl
parent: f65628136faa35d0c4d3b5e7332275c7b35fcd96 (diff)
6 files changed, 272 insertions, 6 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9d43bd0321eb..b6fbc0dc952f 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -6,10 +6,12 @@ AUX openssl-0.9.8m-binutils.patch 684 BLAKE2B 35650e98595910d2e6b6fc846b49fecbb2
 AUX openssl-0.9.8z_p8-perl-5.26.patch 310 BLAKE2B 29c46391d127cd2b1cb3943f1bb162a8b931e455f35f9e045372102d1461e3e3fd4cf4e4f544ec06a0b46a573d2009c8decf22678df03707c2487bade64f27b5 SHA512 b8e745ff90e447b000ace9cfd5f746c1bc8f3bb8249064d1d2f1072a1a628f5a89c405c7f384c73f0310f2a2f7af672950a9b7adbc583b1ee94b41d911b8a708
 AUX openssl-1.0.2a-x32-asm.patch 1561 BLAKE2B ee5e5b91e4babacff71edf36cce80fbcb2b8dbb9a7ea63a816d3a5de544fbffd8b4216d7a95bd44e718c7a83dd8b8b5ad85caed4205eab5de566b0b7e5054fc1 SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c
 AUX openssl-1.0.2p-hobble-ecc.patch 10875 BLAKE2B fc8240a074f8cc354c5ae584b76b3fc895170e026767d2d99d8bd5e5028614c861dd2b3c7b955c223883062f9a057ee302ae0deecfbbed00ddc53ae8a4d50919 SHA512 29f64bacac4f61071db6caf9d92131633d2dff56d899171888cc4c8432790930ff0912cea90ad03ca59b13ca0357f812d2f0a3f42567e2bd72c260f49b2b59aa
+AUX openssl-1.1.0i-CVE-2018-0734.patch 4386 BLAKE2B bb4b8c6e576d32e3e006a57972350bde37489afae10f4d9dce3164923572a5ecfd9a8db45c15135edab237a98c6d163874b918c49b7bebacf7e89130c64aacea SHA512 3947233cdf3ecac55e139939a4c3328d1eff8c97ccb6fef3ebbc2af147bf814f3ceda5b0430b93f6960e89836512efb8b41bed46e5ee68d15d08dbcc877c6845
 AUX openssl-1.1.0i-CVE-2018-0735.patch 1612 BLAKE2B 44402dc7e1a39f47fb3b359edbd3deeeb2aedba5d6b9b12ff86c93c7e80699f8109b327d94c2a6cf443c8b087ad461d959bd5307b17bfe0ff429d33e4949dc1b SHA512 4f2e586021f049f9c2dd6ee9925568fdd82b0372ddb81172540acd4093c9b033db312ab0a722dfeab918d18405562100d7ed061c986fc1a0f5557ba5445a955f
+AUX openssl-1.1.1-CVE-2018-0734.patch 4382 BLAKE2B 7e2f4ab59fbc1920c28c3aad294c6b3b7cc71ce3aa301917a758d2c0d6081d178dc2888ff6ae36a23de3f00eec762af489d9340c1180e69ab1f1dba01a365c34 SHA512 8f6c5bc15f8e2cf4aa99378c90c7baf767f3c7e155f4ac0b96fd7ee09189754219b7c7ce2bcc34c5f4dbcd34f5052223271c1aa867bdffc03db07aa7d9bd545d
 AUX openssl-1.1.1-CVE-2018-0735.patch 1642 BLAKE2B dffad919b1acd1af05044211b24a71cd4e972e0bd1cea3095610e06e06fafa1f61021a92eb9f8e2d800d20c86c8dc99b783509d124d444f6ff56f24871a8e31e SHA512 754f1290cb91f154e8614e145bea2df29e82cfc87ebb3b9ec506af70b0d8ea6785da8b76e7ac49ecd2e5e975f7d2a93b443acd60d2e8494141911d1afd81d750
 DIST openssl-0.9.8zh.tar.gz 3818524 BLAKE2B 610bb4858900983cf4519fa8b63f1e03b3845e39e68884fd8bebd738cd5cd6c2c75513643af49bf9e2294adc446a6516480fe9b62de55d9b6379bf9e7c5cd364 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6
-DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
+DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
 DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
 DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
@@ -22,7 +24,7 @@ DIST openssl-1.1.0i_ectest.c 29908 BLAKE2B b398bafd5d5aea71daa9c3e2749dece9e5159
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1.tar.gz 8337920 BLAKE2B 266fb97bad4e1e7c0694c67a065d6669560695c92ad8fa10824169288a3fdfb9798faf408274a1e0c4e10a83a12b57367611bf4037dd2ab7ee74d7edab580a7b SHA512 c0284a4fe84bdf765ca5bc5148da4441ffc36392cfecaf9d372af00cf93b6de5681cab1248b6f8246474532155dc205da5ad49549ad7c61c07c917145e7c9c71
 EBUILD openssl-0.9.8z_p8-r1.ebuild 4937 BLAKE2B 4d8c960161f15f38dbcef1ba1529906d81ad1b8574c90b7e09f3b2a8f2fcfdda1d69d9c4259a7f616246fe34b5794ea08f5ef8f5cb1ecb4117784062587a1fa7 SHA512 2693d1d1cf167e0e0031d5b7b3ac2f850290ea2fa8513c8fe2f5b8c52fd5efd4296b574533165e24ddd315e271dad6e7f5b00afdf8d036864e27af62fae30e43
-EBUILD openssl-1.0.2p.ebuild 10101 BLAKE2B c0e4eb3bd9dd21687d7a4be4c329baa6ca569b97ec16a090d0b5eaece0171a6f656facaab06fe085592038dd3d9d9aded69a5426e8605a32c3af8f295f74f34f SHA512 fc0affd0d6fe6dc12a6301135c6fed7beb5ca74fb0940d0af05551b402e09b6e130acc19de6f7b2853278f743c44a5f8c7da773c5324877b95bdc25b1b51b623
-EBUILD openssl-1.1.0i-r1.ebuild 9145 BLAKE2B a8221eac616d96a039e579122ff6f8d40015fba33ed604a2a0058b4af6c40caaa26ab69627ad0153852cee2711ddfce9bf4049e9a2035db4499b755212b2bf2a SHA512 7a67c698a8dad600ec522694df303d5077ce51d54908dd21cdbf6a6d3655aab81534accc22629c5c7544abdba3bf560d98bb8d74406b5de9b2764f308d49bcfb
-EBUILD openssl-1.1.1-r1.ebuild 7930 BLAKE2B 7a4c38b0c2088834cf285fbdb38c2a509149f85b2435427d7fd4d57f469003afca1fa1755087931b20a67a87e07bcd70dc6430703ae9e8a51b4b12ae558c382b SHA512 dd42cb4022bcceb40f741195cb09da480dd61c4e4abad7e71083379f572382806d6c4489e1fa6365cf60025d39cc3795e984f05ec730cd967f20d129abd30165
+EBUILD openssl-1.0.2p-r1.ebuild 10098 BLAKE2B c440754d7c2b257509cb2796372afb58ac031d7a5bc8125a5cceec9889e3498eb6660610171972e61a1332eb5e130076167cfed3e8dfcda16238ef443db9454f SHA512 0b45aa92749affdc1ed3c7fefecb49f7fc2f92b062b6045dda241b1d28ecddb98fc1767f56c31a0dadd4eaf9d44a2142f3dc6cbc724275fa70db07aab5dcedaf
+EBUILD openssl-1.1.0i-r2.ebuild 9185 BLAKE2B 69c53e057dd900b2cee07b14c155ceb826fad004a831a4556cad4d9b33dc471e6ab0f6d06a9aa8cab320ed82a66ef90923b5029a35f5640b5d9d485adc50901d SHA512 420f428bfcb4f63b62ba312d55abf43d9911a55005b249aba38b0045e7e8a2f227e8dcadff5029bc5fe44547a1673f90d0d36a1ea45a9e3ae76b9615ed0228b0
+EBUILD openssl-1.1.1-r2.ebuild 7970 BLAKE2B 6647ed5b1ecfa49dbe8450fd3480e18a7dee6521363927272596b4b327306ca84a89445f6423899eed2ae4850c068a258dde0e58762694128a0532edbcdabf92 SHA512 026aca158925d9c8a614f27bde17f836e1c155375e31837b1c2be122c9b057210a797f3160553bffc3f941aad49526bf018c66fca0491b94e0c8ca1769c86697
 MISC metadata.xml 1273 BLAKE2B 8eb61c2bfd56f428fa4c262972c0b140662a68c95fdf5e3101624b307985f83dc6d757fc13565e467c99188de93d90ec2db6de3719e22495da67155cbaa91aa9 SHA512 3ffb56f8bc35d71c2c67b4cb97d350825260f9d78c97f4ba9462c2b08b8ef65d7f684139e99bb2f7f32698d3cb62404567b36ce849e7dc4e7f7c5b6367c723a7
diff --git a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
new file mode 100644
index 000000000000..47b082f4085f
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
@@ -0,0 +1,131 @@
+CVE-2018-0734
+https://github.com/openssl/openssl/commit/415c33563528667868c3c653a612e6fc8736fd79
+https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7
+
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -11,6 +11,7 @@
+ 
+ #include <stdio.h>
+ #include "internal/cryptlib.h"
++#include "internal/bn_int.h"
+ #include <openssl/bn.h>
+ #include <openssl/sha.h>
+ #include "dsa_locl.h"
+@@ -25,6 +26,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+ static int dsa_init(DSA *dsa);
+ static int dsa_finish(DSA *dsa);
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx);
+ 
+ static DSA_METHOD openssl_dsa_meth = {
+     "OpenSSL DSA method",
+@@ -180,9 +183,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ {
+     BN_CTX *ctx = NULL;
+     BIGNUM *k, *kinv = NULL, *r = *rp;
+-    BIGNUM *l, *m;
++    BIGNUM *l;
+     int ret = 0;
+-    int q_bits;
++    int q_bits, q_words;
+ 
+     if (!dsa->p || !dsa->q || !dsa->g) {
+         DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+@@ -191,8 +194,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     k = BN_new();
+     l = BN_new();
+-    m = BN_new();
+-    if (k == NULL || l == NULL || m == NULL)
++    if (k == NULL || l == NULL)
+         goto err;
+ 
+     if (ctx_in == NULL) {
+@@ -203,9 +205,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     /* Preallocate space */
+     q_bits = BN_num_bits(dsa->q);
+-    if (!BN_set_bit(k, q_bits)
+-        || !BN_set_bit(l, q_bits)
+-        || !BN_set_bit(m, q_bits))
++    q_words = bn_get_top(dsa->q);
++    if (!bn_wexpand(k, q_words + 2)
++        || !bn_wexpand(l, q_words + 2))
+         goto err;
+ 
+     /* Get random k */
+@@ -240,14 +242,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+      * small timing information leakage.  We then choose the sum that is
+      * one bit longer than the modulus.
+      *
+-     * TODO: revisit the BN_copy aiming for a memory access agnostic
+-     * conditional copy.
++     * There are some concerns about the efficacy of doing this.  More
++     * specificly refer to the discussion starting with:
++     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
++     * The fix is to rework BN so these gymnastics aren't required.
+      */
+     if (!BN_add(l, k, dsa->q)
+-        || !BN_add(m, l, dsa->q)
+-        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
++        || !BN_add(k, l, dsa->q))
+         goto err;
+ 
++    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
++
+     if ((dsa)->meth->bn_mod_exp != NULL) {
+             if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                        dsa->method_mont_p))
+@@ -260,8 +265,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+     if (!BN_mod(r, r, dsa->q, ctx))
+         goto err;
+ 
+-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+-    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
++    /* Compute part of 's = inv(k) (m + xr) mod q' */
++    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+         goto err;
+ 
+     BN_clear_free(*kinvp);
+@@ -275,7 +280,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+         BN_CTX_free(ctx);
+     BN_clear_free(k);
+     BN_clear_free(l);
+-    BN_clear_free(m);
+     return ret;
+ }
+ 
+@@ -395,3 +399,31 @@ static int dsa_finish(DSA *dsa)
+     BN_MONT_CTX_free(dsa->method_mont_p);
+     return (1);
+ }
++
++/*
++ * Compute the inverse of k modulo q.
++ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
++ * mod-exp operation.  Both the exponent and modulus are public information
++ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
++ * BIGNUM is returned which the caller must free.
++ */
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx)
++{
++    BIGNUM *res = NULL;
++    BIGNUM *r, *e;
++
++    if ((r = BN_new()) == NULL)
++        return NULL;
++
++    BN_CTX_start(ctx);
++    if ((e = BN_CTX_get(ctx)) != NULL
++            && BN_set_word(r, 2)
++            && BN_sub(e, q, r)
++            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
++        res = r;
++    else
++        BN_free(r);
++    BN_CTX_end(ctx);
++    return res;
++}
diff --git a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
new file mode 100644
index 000000000000..dbc379c80d43
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
@@ -0,0 +1,131 @@
+CVE-2018-0734
+https://github.com/openssl/openssl/commit/f1b12b8713a739f27d74e6911580b2e70aea2fa4
+https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
+
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -9,6 +9,7 @@
+ 
+ #include <stdio.h>
+ #include "internal/cryptlib.h"
++#include "internal/bn_int.h"
+ #include <openssl/bn.h>
+ #include <openssl/sha.h>
+ #include "dsa_locl.h"
+@@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+ static int dsa_init(DSA *dsa);
+ static int dsa_finish(DSA *dsa);
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx);
+ 
+ static DSA_METHOD openssl_dsa_meth = {
+     "OpenSSL DSA method",
+@@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ {
+     BN_CTX *ctx = NULL;
+     BIGNUM *k, *kinv = NULL, *r = *rp;
+-    BIGNUM *l, *m;
++    BIGNUM *l;
+     int ret = 0;
+-    int q_bits;
++    int q_bits, q_words;
+ 
+     if (!dsa->p || !dsa->q || !dsa->g) {
+         DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+@@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     k = BN_new();
+     l = BN_new();
+-    m = BN_new();
+-    if (k == NULL || l == NULL || m == NULL)
++    if (k == NULL || l == NULL)
+         goto err;
+ 
+     if (ctx_in == NULL) {
+@@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     /* Preallocate space */
+     q_bits = BN_num_bits(dsa->q);
+-    if (!BN_set_bit(k, q_bits)
+-        || !BN_set_bit(l, q_bits)
+-        || !BN_set_bit(m, q_bits))
++    q_words = bn_get_top(dsa->q);
++    if (!bn_wexpand(k, q_words + 2)
++        || !bn_wexpand(l, q_words + 2))
+         goto err;
+ 
+     /* Get random k */
+@@ -238,14 +240,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+      * small timing information leakage.  We then choose the sum that is
+      * one bit longer than the modulus.
+      *
+-     * TODO: revisit the BN_copy aiming for a memory access agnostic
+-     * conditional copy.
++     * There are some concerns about the efficacy of doing this.  More
++     * specificly refer to the discussion starting with:
++     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
++     * The fix is to rework BN so these gymnastics aren't required.
+      */
+     if (!BN_add(l, k, dsa->q)
+-        || !BN_add(m, l, dsa->q)
+-        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
++        || !BN_add(k, l, dsa->q))
+         goto err;
+ 
++    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
++
+     if ((dsa)->meth->bn_mod_exp != NULL) {
+             if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                        dsa->method_mont_p))
+@@ -258,8 +263,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+     if (!BN_mod(r, r, dsa->q, ctx))
+         goto err;
+ 
+-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+-    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
++    /* Compute part of 's = inv(k) (m + xr) mod q' */
++    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+         goto err;
+ 
+     BN_clear_free(*kinvp);
+@@ -273,7 +278,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+         BN_CTX_free(ctx);
+     BN_clear_free(k);
+     BN_clear_free(l);
+-    BN_clear_free(m);
+     return ret;
+ }
+ 
+@@ -393,3 +397,31 @@ static int dsa_finish(DSA *dsa)
+     BN_MONT_CTX_free(dsa->method_mont_p);
+     return 1;
+ }
++
++/*
++ * Compute the inverse of k modulo q.
++ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
++ * mod-exp operation.  Both the exponent and modulus are public information
++ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
++ * BIGNUM is returned which the caller must free.
++ */
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx)
++{
++    BIGNUM *res = NULL;
++    BIGNUM *r, *e;
++
++    if ((r = BN_new()) == NULL)
++        return NULL;
++
++    BN_CTX_start(ctx);
++    if ((e = BN_CTX_get(ctx)) != NULL
++            && BN_set_word(r, 2)
++            && BN_sub(e, q, r)
++            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
++        res = r;
++    else
++        BN_free(r);
++    BN_CTX_end(ctx);
++    return res;
++}
diff --git a/dev-libs/openssl/openssl-1.0.2p.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
index b8c283fe9175..d691659c26a2 100644
--- a/dev-libs/openssl/openssl-1.0.2p.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
@@ -1,11 +1,11 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.5"
+PATCH_SET="openssl-1.0.2-patches-1.6"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
diff --git a/dev-libs/openssl/openssl-1.1.0i-r1.ebuild b/dev-libs/openssl/openssl-1.1.0i-r2.ebuild
index 4cc9eb656d0e..f38621117297 100644
--- a/dev-libs/openssl/openssl-1.1.0i-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0i-r2.ebuild
@@ -56,6 +56,7 @@ MULTILIB_WRAPPED_HEADERS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+	"${FILESDIR}"/${P}-CVE-2018-0734.patch
 	"${FILESDIR}"/${P}-CVE-2018-0735.patch
 )
 
diff --git a/dev-libs/openssl/openssl-1.1.1-r1.ebuild b/dev-libs/openssl/openssl-1.1.1-r2.ebuild
index 01dfbd3ec61f..87d4a44d49a4 100644
--- a/dev-libs/openssl/openssl-1.1.1-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1-r2.ebuild
@@ -35,6 +35,7 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 PATCHES=(
+	"${FILESDIR}"/${P}-CVE-2018-0734.patch
 	"${FILESDIR}"/${P}-CVE-2018-0735.patch
 )
author	V3n3RiX <venerix@redcorelinux.org>	2018-11-18 09:38:27 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2018-11-18 09:38:27 +0000
commit	536c3711867ec947c1738f2c4b96f22e4863322d (patch)
tree	697733f5cb713908dcf378e13fd15a798a906a91 /dev-libs/openssl
parent	f65628136faa35d0c4d3b5e7332275c7b35fcd96 (diff)