[Pkg-openssl-changes] r637 - in openssl/branches/wheezy/debian: . patches

Kurt Roeckx kroeckx at moszumanska.debian.org
Mon Dec 23 16:50:55 UTC 2013 

Author: kroeckx
Date: 2013-12-23 16:50:55 +0000 (Mon, 23 Dec 2013)
New Revision: 637

Added:
   openssl/branches/wheezy/debian/patches/disable_rdrand.patch
Modified:
   openssl/branches/wheezy/debian/changelog
   openssl/branches/wheezy/debian/patches/series
Log:
disable rdrand by default.


Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog	2013-12-23 16:45:45 UTC (rev 636)
+++ openssl/branches/wheezy/debian/changelog	2013-12-23 16:50:55 UTC (rev 637)
@@ -2,8 +2,10 @@
 
   * Fix CVE-2013-6449 (Closes: #732754)
   * Fix CVE-2013-6450
+  * disable rdrand by default.  It was used as only source of entropy when
+    available. (Closes: #732710)
 
- -- Kurt Roeckx <kurt at roeckx.be>  Mon, 23 Dec 2013 17:43:52 +0100
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 23 Dec 2013 17:47:19 +0100
 
 openssl (1.0.1e-2) unstable; urgency=high
 

Added: openssl/branches/wheezy/debian/patches/disable_rdrand.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/disable_rdrand.patch	                        (rev 0)
+++ openssl/branches/wheezy/debian/patches/disable_rdrand.patch	2013-12-23 16:50:55 UTC (rev 637)
@@ -0,0 +1,26 @@
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 11 Dec 2013 14:45:12 +0000
+Subject: [PATCH] Don't use rdrand engine as default unless explicitly
+ requested.
+Origin: upstream, commit:1c2c5e402a757a63d690bd2390bd6b8b491ef184
+
+
+---
+ crypto/engine/eng_rdrand.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
+index a9ba5ae..4e9e91d 100644
+--- a/crypto/engine/eng_rdrand.c
++++ b/crypto/engine/eng_rdrand.c
+@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
+ 	{
+ 	if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+ 	    !ENGINE_set_name(e, engine_e_rdrand_name) ||
++            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+ 	    !ENGINE_set_init_function(e, rdrand_init) ||
+ 	    !ENGINE_set_RAND(e, &rdrand_meth) )
+ 		return 0;
+-- 
+1.8.5.1
+

Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series	2013-12-23 16:45:45 UTC (rev 636)
+++ openssl/branches/wheezy/debian/patches/series	2013-12-23 16:50:55 UTC (rev 637)
@@ -38,3 +38,4 @@
 get_certificate.patch
 CVE-2013-6449.patch
 CVE-2013-6450.patch
+disable_rdrand.patch

More information about the Pkg-openssl-changes mailing list