File ECDSA_signatures_timing_attack.patch of Package openssl.444

Index: openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.0c.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,16 @@ static int ecdsa_sign_setup(EC_KEY *ecke
 			}
 		while (BN_is_zero(k));
 
+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
+		/* We do not want timing information to leak the length of k,
+		 * so we compute G*k using an equivalent scalar of fixed
+		 * bit-length. */
+
+		if (!BN_add(k, k, order)) goto err;
+		if (BN_num_bits(k) <= BN_num_bits(order))
+			if (!BN_add(k, k, order)) goto err;
+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
+
 		/* compute r the x-coordinate of generator * k */
 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 		{
Index: openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
===================================================================
--- openssl-1.0.0c.orig/crypto/ocsp/ocsp_lib.c
+++ openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
@@ -170,13 +170,14 @@ int OCSP_parse_url(char *url, char **pho
 
 	char *host, *port;
 
+	*phost = NULL;
+	*pport = NULL;
+	*ppath = NULL;
+
 	/* dup the buffer since we are going to mess with it */
 	buf = BUF_strdup(url);
 	if (!buf) goto mem_err;
 
-	*phost = NULL;
-	*pport = NULL;
-	*ppath = NULL;
 
 	/* Check for initial colon */
 	p = strchr(buf, ':');