Apply upstream patch to fix data corruption. Bump PKGREVISION.diff -r1.174 -r1.175 pkgsrc/security/openssl/Makefile
(jperkin)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.174 2013/02/06 23:20:57 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.175 2013/02/08 14:11:08 jperkin Exp $ | |
2 | 2 | |||
3 | DISTNAME= openssl-1.0.1d | 3 | DISTNAME= openssl-1.0.1d | |
4 | MASTER_SITES= http://ftp.openssl.org/source/ | 4 | MASTER_SITES= http://ftp.openssl.org/source/ | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | SVR4_PKGNAME= ossl | 6 | SVR4_PKGNAME= ossl | |
7 | CATEGORIES= security | 7 | CATEGORIES= security | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.openssl.org/ | 10 | HOMEPAGE= http://www.openssl.org/ | |
11 | COMMENT= Secure Socket Layer and cryptographic library | 11 | COMMENT= Secure Socket Layer and cryptographic library | |
12 | 12 | |||
13 | CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* | 13 | CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* | |
14 | 14 | |||
15 | CRYPTO= yes | 15 | CRYPTO= yes | |
16 | 16 | |||
17 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 17 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
18 | 18 |
@@ -1,13 +1,14 @@ | @@ -1,13 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.92 2013/02/06 21:40:33 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.93 2013/02/08 14:11:08 jperkin Exp $ | |
2 | 2 | |||
3 | SHA1 (openssl-1.0.1d.tar.gz) = 5e586810ea516a5eec1c7d7c730a17fb528de32d | 3 | SHA1 (openssl-1.0.1d.tar.gz) = 5e586810ea516a5eec1c7d7c730a17fb528de32d | |
4 | RMD160 (openssl-1.0.1d.tar.gz) = 37710d9841a9d89e55d01a09083801ee0cc63f76 | 4 | RMD160 (openssl-1.0.1d.tar.gz) = 37710d9841a9d89e55d01a09083801ee0cc63f76 | |
5 | Size (openssl-1.0.1d.tar.gz) = 4459791 bytes | 5 | Size (openssl-1.0.1d.tar.gz) = 4459791 bytes | |
6 | SHA1 (patch-aa) = c4b27857698c108fe495fe65ea8857b77e89a655 | 6 | SHA1 (patch-aa) = c4b27857698c108fe495fe65ea8857b77e89a655 | |
7 | SHA1 (patch-ac) = 89043b9e3369a9781de3a82cefa9b1cacab07510 | 7 | SHA1 (patch-ac) = 89043b9e3369a9781de3a82cefa9b1cacab07510 | |
8 | SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 | 8 | SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 | |
9 | SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 | 9 | SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 | |
10 | SHA1 (patch-af) = 376f474f3809365a20a53cfe1c91eca4bc02a5cd | 10 | SHA1 (patch-af) = 376f474f3809365a20a53cfe1c91eca4bc02a5cd | |
11 | SHA1 (patch-ag) = b407200455878a8a151fc9b4f771fe17552d04fc | 11 | SHA1 (patch-ag) = b407200455878a8a151fc9b4f771fe17552d04fc | |
12 | SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 | 12 | SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 | |
13 | SHA1 (patch-engines_ccgost_Makefile) = 08999f0f40969883482ad9ffc1aa9959ed7d402c | 13 | SHA1 (patch-engines_ccgost_Makefile) = 08999f0f40969883482ad9ffc1aa9959ed7d402c | |
14 | SHA1 (patch-ssl_s3__cbc.c) = e6b3e1f79b6cab8f8097a277302b078e12fcaf24 |
$NetBSD: patch-ssl_s3__cbc.c,v 1.1 2013/02/08 14:11:08 jperkin Exp $
Apply data-corruption patch from:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=32cc247
Fix IV check and padding removal.
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)
For AEAD remove the correct number of padding bytes (by Andy)
--- ssl/s3_cbc.c
+++ ssl/s3_cbc.c
@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
unsigned mac_size)
{
unsigned padding_length, good, to_check, i;
- const char has_explicit_iv =
- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
- const unsigned overhead = 1 /* padding length byte */ +
- mac_size +
- (has_explicit_iv ? block_size : 0);
-
- /* These lengths are all public so we can test them in non-constant
- * time. */
- if (overhead > rec->length)
- return 0;
-
- /* We can always safely skip the explicit IV. We check at the beginning
- * of this function that the record has at least enough space for the
- * IV, MAC and padding length byte. (These can be checked in
- * non-constant time because it's all public information.) So, if the
- * padding was invalid, then we didn't change |rec->length| and this is
- * safe. If the padding was valid then we know that we have at least
- * overhead+padding_length bytes of space and so this is still safe
- * because overhead accounts for the explicit IV. */
- if (has_explicit_iv)
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ /* Check if version requires explicit IV */
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
{
+ /* These lengths are all public so we can test them in
+ * non-constant time.
+ */
+ if (overhead + block_size > rec->length)
+ return 0;
+ /* We can now safely skip explicit IV */
rec->data += block_size;
rec->input += block_size;
rec->length -= block_size;
}
+ else if (overhead > rec->length)
+ return 0;
padding_length = rec->data[rec->length-1];
@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
{
/* padding is already verified */
- rec->length -= padding_length;
+ rec->length -= padding_length + 1;
return 1;
}