diff options
Diffstat (limited to 'main/openssl')
| -rw-r--r-- | main/openssl/0001-Fix-IV-check-and-padding-removal.patch | 72 | ||||
| -rw-r--r-- | main/openssl/APKBUILD | 6 |
2 files changed, 76 insertions, 2 deletions
diff --git a/main/openssl/0001-Fix-IV-check-and-padding-removal.patch b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch new file mode 100644 index 000000000..321791251 --- /dev/null +++ b/main/openssl/0001-Fix-IV-check-and-padding-removal.patch @@ -0,0 +1,72 @@ +From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" <steve@openssl.org> +Date: Thu, 7 Feb 2013 21:06:37 +0000 +Subject: [PATCH] Fix IV check and padding removal. + +Fix the calculation that checks there is enough room in a record +after removing padding and optional explicit IV. (by Steve) + +For AEAD remove the correct number of padding bytes (by Andy) +--- + ssl/s3_cbc.c | 33 ++++++++++++--------------------- + 1 file changed, 12 insertions(+), 21 deletions(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index ce77acd..0f60507 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; +- const char has_explicit_iv = +- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; +- const unsigned overhead = 1 /* padding length byte */ + +- mac_size + +- (has_explicit_iv ? block_size : 0); +- +- /* These lengths are all public so we can test them in non-constant +- * time. */ +- if (overhead > rec->length) +- return 0; +- +- /* We can always safely skip the explicit IV. We check at the beginning +- * of this function that the record has at least enough space for the +- * IV, MAC and padding length byte. (These can be checked in +- * non-constant time because it's all public information.) So, if the +- * padding was invalid, then we didn't change |rec->length| and this is +- * safe. If the padding was valid then we know that we have at least +- * overhead+padding_length bytes of space and so this is still safe +- * because overhead accounts for the explicit IV. */ +- if (has_explicit_iv) ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ /* Check if version requires explicit IV */ ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + { ++ /* These lengths are all public so we can test them in ++ * non-constant time. ++ */ ++ if (overhead + block_size > rec->length) ++ return 0; ++ /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } ++ else if (overhead > rec->length) ++ return 0; + + padding_length = rec->data[rec->length-1]; + +@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) + { + /* padding is already verified */ +- rec->length -= padding_length; ++ rec->length -= padding_length + 1; + return 1; + } + +-- +1.8.1.2 + diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 6ce2d333d..044b171a4 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl pkgver=1.0.1d -pkgrel=0 +pkgrel=1 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -19,6 +19,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 0003-engines-e_padlock-backport-cvs-head-changes.patch 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 0005-crypto-engine-autoload-padlock-dynamic-engine.patch + 0001-Fix-IV-check-and-padding-removal.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -74,4 +75,5 @@ c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch 1f607b8e11347e56a0906756f3d6928a 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch c0dae72e29e8fdfb753906411b1722bc 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch -7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch" +7820941f69acf58f05cccb33faf4ee70 0005-crypto-engine-autoload-padlock-dynamic-engine.patch +b92ec62a1f3e7fdc65481afff709cd8b 0001-Fix-IV-check-and-padding-removal.patch" |