Sun Feb 5 05:53:27 2017 UTC ()
Apply patch (requested by spz in ticket #1355):
Fix CVE-2017-3731.


(snj)
diff -r1.1.1.1.2.4 -r1.1.1.1.2.5 src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c
cvs diff -r1.1.1.1.2.4 -r1.1.1.1.2.5 src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c (expand / switch to unified diff)

--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c 2015/07/12 18:39:14 1.1.1.1.2.4
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c 2017/02/05 05:53:27 1.1.1.1.2.5
@@ -257,26 +257,28 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_ @@ -257,26 +257,28 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
257 return 1; 257 return 1;
258 } 258 }
259 case EVP_CTRL_AEAD_TLS1_AAD: 259 case EVP_CTRL_AEAD_TLS1_AAD:
260 { 260 {
261 unsigned char *p = ptr; 261 unsigned char *p = ptr;
262 unsigned int len; 262 unsigned int len;
263 263
264 if (arg != EVP_AEAD_TLS1_AAD_LEN) 264 if (arg != EVP_AEAD_TLS1_AAD_LEN)
265 return -1; 265 return -1;
266 266
267 len = p[arg - 2] << 8 | p[arg - 1]; 267 len = p[arg - 2] << 8 | p[arg - 1];
268 268
269 if (!ctx->encrypt) { 269 if (!ctx->encrypt) {
 270 if (len < MD5_DIGEST_LENGTH)
 271 return -1;
270 len -= MD5_DIGEST_LENGTH; 272 len -= MD5_DIGEST_LENGTH;
271 p[arg - 2] = len >> 8; 273 p[arg - 2] = len >> 8;
272 p[arg - 1] = len; 274 p[arg - 1] = len;
273 } 275 }
274 key->payload_length = len; 276 key->payload_length = len;
275 key->md = key->head; 277 key->md = key->head;
276 MD5_Update(&key->md, p, arg); 278 MD5_Update(&key->md, p, arg);
277 279
278 return MD5_DIGEST_LENGTH; 280 return MD5_DIGEST_LENGTH;
279 } 281 }
280 default: 282 default:
281 return -1; 283 return -1;
282 } 284 }