main/openssl: fix regression

http://marc.info/?t=136018837600003&r=1&w=2 (cherry picked from commit 24db490f2be6cab64aba36142309daf3fb624d34) Conflicts: main/openssl/APKBUILD
author: Natanael Copa <ncopa@alpinelinux.org> 2013-02-08 08:57:53 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-02-08 09:02:47 +0000
commit: c5dd08b28f84d42f5ab35c7781828df7ba2dcac7 (patch)
tree: a8504337427d40bde15dcb4c6d0d96c25f3f9571
parent: 560bf753a9c8dfeff4bdf07d7ab91c00d15e2218 (diff)
download: alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.bz2
alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.xz
alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.zip
2 files changed, 76 insertions, 2 deletions
diff --git a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch
new file mode 100644
index 0000000000..321791251f
--- /dev/null
+++ b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch
@@ -0,0 +1,72 @@
+From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 7 Feb 2013 21:06:37 +0000
+Subject: [PATCH] Fix IV check and padding removal.
+Fix the calculation that checks there is enough room in a record
+after removing padding and optional explicit IV. (by Steve)
+For AEAD remove the correct number of padding bytes (by Andy)
+---
+ ssl/s3_cbc.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index ce77acd..0f60507 100644
+--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
+@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
+                            unsigned mac_size)
+        {
+        unsigned padding_length, good, to_check, i;
+-       const char has_explicit_iv =
+-               s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
+-       const unsigned overhead = 1 /* padding length byte */ +
+-                                 mac_size +
+-                                 (has_explicit_iv ? block_size : 0);
+-
+-       /* These lengths are all public so we can test them in non-constant
+-        * time. */
+-       if (overhead > rec->length)
+-               return 0;
+-
+-       /* We can always safely skip the explicit IV. We check at the beginning
+-        * of this function that the record has at least enough space for the
+-        * IV, MAC and padding length byte. (These can be checked in
+-        * non-constant time because it's all public information.) So, if the
+-        * padding was invalid, then we didn't change |rec->length| and this is
+-        * safe. If the padding was valid then we know that we have at least
+-        * overhead+padding_length bytes of space and so this is still safe
+-        * because overhead accounts for the explicit IV. */
+-       if (has_explicit_iv)
+       const unsigned overhead = 1 /* padding length byte */ + mac_size;
+       /* Check if version requires explicit IV */
+       if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+                {
+               /* These lengths are all public so we can test them in
+                * non-constant time.
+                */
+               if (overhead + block_size > rec->length)
+                       return 0;
+               /* We can now safely skip explicit IV */
+                rec->data += block_size;
+                rec->input += block_size;
+                rec->length -= block_size;
+                }
+       else if (overhead > rec->length)
+               return 0;
+ 
+        padding_length = rec->data[rec->length-1];
+ 
+@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+        if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
+                {
+                /* padding is already verified */
+-               rec->length -= padding_length;
+               rec->length -= padding_length + 1;
+                return 1;
+                }
+ 
+-- 
+1.8.1.2
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 22ccd760d6..41d21201ad 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
 pkgver=1.0.1d
-pkgrel=0
+pkgrel=1
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
@@ -20,6 +20,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
        0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
        0004-crypto-engine-autoload-padlock-dynamic-engine.patch
        0005-s_client-ircv3-starttls.patch
+        0001-Fix-IV-check-and-padding-removal.patch
        "
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -76,4 +77,5 @@ ddb5fc155145d5b852425adaec32234d  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH
 4a7b9e20beb33a5e262ab64c2b8e5b48  0002-engines-e_padlock-backport-cvs-head-changes.patch
 d95bbaa38889836afd3c52f3962f3b54  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 c32f42451a07267ee5dfb3781fa40c00  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
-c5b1042a3acaf3591f3f5620b7086e12  0005-s_client-ircv3-starttls.patch"
+c5b1042a3acaf3591f3f5620b7086e12  0005-s_client-ircv3-starttls.patch
+b92ec62a1f3e7fdc65481afff709cd8b  0001-Fix-IV-check-and-padding-removal.patch"
author	Natanael Copa <ncopa@alpinelinux.org>	2013-02-08 08:57:53 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-02-08 09:02:47 +0000
commit	c5dd08b28f84d42f5ab35c7781828df7ba2dcac7 (patch)
tree	a8504337427d40bde15dcb4c6d0d96c25f3f9571
parent	560bf753a9c8dfeff4bdf07d7ab91c00d15e2218 (diff)
download	alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.bz2 alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.tar.xz alpine_aports-c5dd08b28f84d42f5ab35c7781828df7ba2dcac7.zip

diff --git a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch new file mode 100644 index 0000000000..321791251f --- /dev/null +++ b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch
@@ -0,0 +1,72 @@
		1	From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
		2	From: "Dr. Stephen Henson" <steve@openssl.org>
		3	Date: Thu, 7 Feb 2013 21:06:37 +0000
		4	Subject: [PATCH] Fix IV check and padding removal.
		5
		6	Fix the calculation that checks there is enough room in a record
		7	after removing padding and optional explicit IV. (by Steve)
		8
		9	For AEAD remove the correct number of padding bytes (by Andy)
		10	---
		11	ssl/s3_cbc.c \| 33 ++++++++++++---------------------
		12	1 file changed, 12 insertions(+), 21 deletions(-)
		13
		14	diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
		15	index ce77acd..0f60507 100644
		16	--- a/ssl/s3_cbc.c
		17	+++ b/ssl/s3_cbc.c
		18	@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
		19	unsigned mac_size)
		20	{
		21	unsigned padding_length, good, to_check, i;
		22	- const char has_explicit_iv =
		23	- s->version >= TLS1_1_VERSION \|\| s->version == DTLS1_VERSION;
		24	- const unsigned overhead = 1 /* padding length byte */ +
		25	- mac_size +
		26	- (has_explicit_iv ? block_size : 0);
		27	-
		28	- /* These lengths are all public so we can test them in non-constant
		29	- * time. */
		30	- if (overhead > rec->length)
		31	- return 0;
		32	-
		33	- /* We can always safely skip the explicit IV. We check at the beginning
		34	- * of this function that the record has at least enough space for the
		35	- * IV, MAC and padding length byte. (These can be checked in
		36	- * non-constant time because it's all public information.) So, if the
		37	- * padding was invalid, then we didn't change \|rec->length\| and this is
		38	- * safe. If the padding was valid then we know that we have at least
		39	- * overhead+padding_length bytes of space and so this is still safe
		40	- * because overhead accounts for the explicit IV. */
		41	- if (has_explicit_iv)
		42	+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
		43	+ /* Check if version requires explicit IV */
		44	+ if (s->version >= TLS1_1_VERSION \|\| s->version == DTLS1_VERSION)
		45	{
		46	+ /* These lengths are all public so we can test them in
		47	+ * non-constant time.
		48	+ */
		49	+ if (overhead + block_size > rec->length)
		50	+ return 0;
		51	+ /* We can now safely skip explicit IV */
		52	rec->data += block_size;
		53	rec->input += block_size;
		54	rec->length -= block_size;
		55	}
		56	+ else if (overhead > rec->length)
		57	+ return 0;
		58
		59	padding_length = rec->data[rec->length-1];
		60
		61	@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
		62	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
		63	{
		64	/* padding is already verified */
		65	- rec->length -= padding_length;
		66	+ rec->length -= padding_length + 1;
		67	return 1;
		68	}
		69
		70	--
		71	1.8.1.2
		72


diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 22ccd760d6..41d21201ad 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Timo Teras <timo.teras@iki.fi>	1	# Maintainer: Timo Teras <timo.teras@iki.fi>
2	pkgname=openssl	2	pkgname=openssl
3	pkgver=1.0.1d	3	pkgver=1.0.1d
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"	5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
6	url="http://openssl.org"	6	url="http://openssl.org"
7	depends=	7	depends=
@@ -20,6 +20,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
20	0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	20	0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch	21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch
22	0005-s_client-ircv3-starttls.patch	22	0005-s_client-ircv3-starttls.patch
		23	0001-Fix-IV-check-and-padding-removal.patch
23	"	24	"
24		25
25	_builddir="$srcdir"/$pkgname-$pkgver	26	_builddir="$srcdir"/$pkgname-$pkgver
@@ -76,4 +77,5 @@ ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH
76	4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch	77	4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch
77	d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	78	d95bbaa38889836afd3c52f3962f3b54 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
78	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	79	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
79	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch"	80	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch
		81	b92ec62a1f3e7fdc65481afff709cd8b 0001-Fix-IV-check-and-padding-removal.patch"