diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-08 08:57:53 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-08 09:02:47 +0000 |
commit | c5dd08b28f84d42f5ab35c7781828df7ba2dcac7 (patch) | |
tree | a8504337427d40bde15dcb4c6d0d96c25f3f9571 | |
parent | 560bf753a9c8dfeff4bdf07d7ab91c00d15e2218 (diff) | |
download | alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.bz2 alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.xz alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.zip |
main/openssl: fix regression
http://marc.info/?t=136018837600003&r=1&w=2
(cherry picked from commit 24db490f2be6cab64aba36142309daf3fb624d34)
Conflicts:
main/openssl/APKBUILD
-rw-r--r-- | main/openssl/0001-Fix-IV-check-and-padding-removal.patch | 72 | ||||
-rw-r--r-- | main/openssl/APKBUILD | 6 |
2 files changed, 76 insertions, 2 deletions
diff --git a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch new file mode 100644 index 0000000000..321791251f --- /dev/null +++ b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch | |||
@@ -0,0 +1,72 @@ | |||
1 | From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Thu, 7 Feb 2013 21:06:37 +0000 | ||
4 | Subject: [PATCH] Fix IV check and padding removal. | ||
5 | |||
6 | Fix the calculation that checks there is enough room in a record | ||
7 | after removing padding and optional explicit IV. (by Steve) | ||
8 | |||
9 | For AEAD remove the correct number of padding bytes (by Andy) | ||
10 | --- | ||
11 | ssl/s3_cbc.c | 33 ++++++++++++--------------------- | ||
12 | 1 file changed, 12 insertions(+), 21 deletions(-) | ||
13 | |||
14 | diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c | ||
15 | index ce77acd..0f60507 100644 | ||
16 | --- a/ssl/s3_cbc.c | ||
17 | +++ b/ssl/s3_cbc.c | ||
18 | @@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, | ||
19 | unsigned mac_size) | ||
20 | { | ||
21 | unsigned padding_length, good, to_check, i; | ||
22 | - const char has_explicit_iv = | ||
23 | - s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; | ||
24 | - const unsigned overhead = 1 /* padding length byte */ + | ||
25 | - mac_size + | ||
26 | - (has_explicit_iv ? block_size : 0); | ||
27 | - | ||
28 | - /* These lengths are all public so we can test them in non-constant | ||
29 | - * time. */ | ||
30 | - if (overhead > rec->length) | ||
31 | - return 0; | ||
32 | - | ||
33 | - /* We can always safely skip the explicit IV. We check at the beginning | ||
34 | - * of this function that the record has at least enough space for the | ||
35 | - * IV, MAC and padding length byte. (These can be checked in | ||
36 | - * non-constant time because it's all public information.) So, if the | ||
37 | - * padding was invalid, then we didn't change |rec->length| and this is | ||
38 | - * safe. If the padding was valid then we know that we have at least | ||
39 | - * overhead+padding_length bytes of space and so this is still safe | ||
40 | - * because overhead accounts for the explicit IV. */ | ||
41 | - if (has_explicit_iv) | ||
42 | + const unsigned overhead = 1 /* padding length byte */ + mac_size; | ||
43 | + /* Check if version requires explicit IV */ | ||
44 | + if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) | ||
45 | { | ||
46 | + /* These lengths are all public so we can test them in | ||
47 | + * non-constant time. | ||
48 | + */ | ||
49 | + if (overhead + block_size > rec->length) | ||
50 | + return 0; | ||
51 | + /* We can now safely skip explicit IV */ | ||
52 | rec->data += block_size; | ||
53 | rec->input += block_size; | ||
54 | rec->length -= block_size; | ||
55 | } | ||
56 | + else if (overhead > rec->length) | ||
57 | + return 0; | ||
58 | |||
59 | padding_length = rec->data[rec->length-1]; | ||
60 | |||
61 | @@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, | ||
62 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) | ||
63 | { | ||
64 | /* padding is already verified */ | ||
65 | - rec->length -= padding_length; | ||
66 | + rec->length -= padding_length + 1; | ||
67 | return 1; | ||
68 | } | ||
69 | |||
70 | -- | ||
71 | 1.8.1.2 | ||
72 | |||
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 22ccd760d6..41d21201ad 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Timo Teras <timo.teras@iki.fi> | 1 | # Maintainer: Timo Teras <timo.teras@iki.fi> |
2 | pkgname=openssl | 2 | pkgname=openssl |
3 | pkgver=1.0.1d | 3 | pkgver=1.0.1d |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" | 5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" |
6 | url="http://openssl.org" | 6 | url="http://openssl.org" |
7 | depends= | 7 | depends= |
@@ -20,6 +20,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz | |||
20 | 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 20 | 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 21 | 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
22 | 0005-s_client-ircv3-starttls.patch | 22 | 0005-s_client-ircv3-starttls.patch |
23 | 0001-Fix-IV-check-and-padding-removal.patch | ||
23 | " | 24 | " |
24 | 25 | ||
25 | _builddir="$srcdir"/$pkgname-$pkgver | 26 | _builddir="$srcdir"/$pkgname-$pkgver |
@@ -76,4 +77,5 @@ ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH | |||
76 | 4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch | 77 | 4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch |
77 | d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 78 | d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
78 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch | 79 | c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch |
79 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch" | 80 | c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch |
81 | b92ec62a1f3e7fdc65481afff709cd8b 0001-Fix-IV-check-and-padding-removal.patch" | ||