openssl: Fix CVE-2016-7056

package/libs/openssl/Makefile

@@ -11,7 +11,7 @@ PKG_NAME:=openssl
 PKG_BASE:=1.0.2
 PKG_BUGFIX:=j
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1

package/libs/openssl/patches/500-CVE-2016-7056.patch

+--- a/crypto/ecdsa/ecs_ossl.c
++++ b/crypto/ecdsa/ecs_ossl.c
+@@ -147,6 +147,8 @@ static int ecdsa_sign_setup(EC_KEY *ecke
+             if (!BN_add(k, k, order))
+                 goto err;
+ 
++        BN_set_flags(k, BN_FLG_CONSTTIME);
++
+         /* compute r the x-coordinate of generator * k */
+         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+             ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);