diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-13 07:05:14 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-02-13 07:05:14 +0000 |
| commit | 595ecbd3a1659cb0c637180f85c1bed7d61ad550 (patch) | |
| tree | e18c783ca1cd860986852f50e54493c3dce1583c | |
| parent | 738191198182097cfe6f2a682c64c948ab25d881 (diff) | |
| download | aports-595ecbd3a1659cb0c637180f85c1bed7d61ad550.tar.bz2 aports-595ecbd3a1659cb0c637180f85c1bed7d61ad550.tar.xz | |
main/openssl: upgrade to 1.0.1e
| -rw-r--r-- | main/openssl/0001-Fix-IV-check-and-padding-removal.patch | 72 | ||||
| -rw-r--r-- | main/openssl/APKBUILD | 10 |
2 files changed, 4 insertions, 78 deletions
diff --git a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch deleted file mode 100644 index 321791251..000000000 --- a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Thu, 7 Feb 2013 21:06:37 +0000 -Subject: [PATCH] Fix IV check and padding removal. - -Fix the calculation that checks there is enough room in a record -after removing padding and optional explicit IV. (by Steve) - -For AEAD remove the correct number of padding bytes (by Andy) ---- - ssl/s3_cbc.c | 33 ++++++++++++--------------------- - 1 file changed, 12 insertions(+), 21 deletions(-) - -diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c -index ce77acd..0f60507 100644 ---- a/ssl/s3_cbc.c -+++ b/ssl/s3_cbc.c -@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, - unsigned mac_size) - { - unsigned padding_length, good, to_check, i; -- const char has_explicit_iv = -- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; -- const unsigned overhead = 1 /* padding length byte */ + -- mac_size + -- (has_explicit_iv ? block_size : 0); -- -- /* These lengths are all public so we can test them in non-constant -- * time. */ -- if (overhead > rec->length) -- return 0; -- -- /* We can always safely skip the explicit IV. We check at the beginning -- * of this function that the record has at least enough space for the -- * IV, MAC and padding length byte. (These can be checked in -- * non-constant time because it's all public information.) So, if the -- * padding was invalid, then we didn't change |rec->length| and this is -- * safe. If the padding was valid then we know that we have at least -- * overhead+padding_length bytes of space and so this is still safe -- * because overhead accounts for the explicit IV. */ -- if (has_explicit_iv) -+ const unsigned overhead = 1 /* padding length byte */ + mac_size; -+ /* Check if version requires explicit IV */ -+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) - { -+ /* These lengths are all public so we can test them in -+ * non-constant time. -+ */ -+ if (overhead + block_size > rec->length) -+ return 0; -+ /* We can now safely skip explicit IV */ - rec->data += block_size; - rec->input += block_size; - rec->length -= block_size; - } -+ else if (overhead > rec->length) -+ return 0; - - padding_length = rec->data[rec->length-1]; - -@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { - /* padding is already verified */ -- rec->length -= padding_length; -+ rec->length -= padding_length + 1; - return 1; - } - --- -1.8.1.2 - diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 044b171a4..4b2b73116 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl -pkgver=1.0.1d -pkgrel=1 +pkgver=1.0.1e +pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -19,7 +19,6 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 0003-engines-e_padlock-backport-cvs-head-changes.patch 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 0005-crypto-engine-autoload-padlock-dynamic-engine.patch - 0001-Fix-IV-check-and-padding-removal.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -69,11 +68,10 @@ libssl() { done } -md5sums="b92fc634f0f1f31a67ed4175adc5ba33 openssl-1.0.1d.tar.gz +md5sums="66bf6f10f060d561929de96f9dfe5b8c openssl-1.0.1e.tar.gz 115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch 1f607b8e11347e56a0906756f3d6928a 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch c0dae72e29e8fdfb753906411b1722bc 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch -b92ec62a1f3e7fdc65481afff709cd8b 0001-Fix-IV-check-and-padding-removal.patch" +7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch" |