core/openssl to 1.0.1d-1

core/openssl-cryptodev/Fix-IV-check-and-padding-removal.patch

@@ -0,0 +1,72 @@
+From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 7 Feb 2013 21:06:37 +0000
+Subject: [PATCH] Fix IV check and padding removal.
+
+Fix the calculation that checks there is enough room in a record
+after removing padding and optional explicit IV. (by Steve)
+
+For AEAD remove the correct number of padding bytes (by Andy)
+---
+ ssl/s3_cbc.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index ce77acd..0f60507 100644
+--- a/ssl/s3_cbc.c
++++ b/ssl/s3_cbc.c
+@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 			    unsigned mac_size)
+ 	{
+ 	unsigned padding_length, good, to_check, i;
+-	const char has_explicit_iv =
+-		s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
+-	const unsigned overhead = 1 /* padding length byte */ +
+-				  mac_size +
+-				  (has_explicit_iv ? block_size : 0);
+-
+-	/* These lengths are all public so we can test them in non-constant
+-	 * time. */
+-	if (overhead > rec->length)
+-		return 0;
+-
+-	/* We can always safely skip the explicit IV. We check at the beginning
+-	 * of this function that the record has at least enough space for the
+-	 * IV, MAC and padding length byte. (These can be checked in
+-	 * non-constant time because it's all public information.) So, if the
+-	 * padding was invalid, then we didn't change |rec->length| and this is
+-	 * safe. If the padding was valid then we know that we have at least
+-	 * overhead+padding_length bytes of space and so this is still safe
+-	 * because overhead accounts for the explicit IV. */
+-	if (has_explicit_iv)
++	const unsigned overhead = 1 /* padding length byte */ + mac_size;
++	/* Check if version requires explicit IV */
++	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ 		{
++		/* These lengths are all public so we can test them in
++		 * non-constant time.
++		 */
++		if (overhead + block_size > rec->length)
++			return 0;
++		/* We can now safely skip explicit IV */
+ 		rec->data += block_size;
+ 		rec->input += block_size;
+ 		rec->length -= block_size;
+ 		}
++	else if (overhead > rec->length)
++		return 0;
+ 
+ 	padding_length = rec->data[rec->length-1];
+ 
+@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
+ 		{
+ 		/* padding is already verified */
+-		rec->length -= padding_length;
++		rec->length -= padding_length + 1;
+ 		return 1;
+ 		}
+ 
+-- 
+1.8.1.2
+

core/openssl-cryptodev/PKGBUILD

@@ -10,7 +10,7 @@ buildarch=6
 
 pkgname=openssl-cryptodev
 _pkgname=openssl
-_ver=1.0.1c
+_ver=1.0.1d
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
@@ -33,11 +33,13 @@ provides=("openssl=${pkgver}")
 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
         'fix-manpages.patch'
         'no-rpath.patch'
-        'ca-dir.patch')
-md5sums=('ae412727c8c15b67880aef7bd2999b2e'
+        'ca-dir.patch'
+        'Fix-IV-check-and-padding-removal.patch')
+md5sums=('b92fc634f0f1f31a67ed4175adc5ba33'
          '5bbc0655bda2af95bc8eb568963ce8ba'
          'dc78d3d06baffc16217519242ce92478'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         'b92ec62a1f3e7fdc65481afff709cd8b')
 
 build() {
 	cd $srcdir/$_pkgname-$_ver
@@ -63,6 +65,8 @@ build() {
 	patch -p0 -i $srcdir/no-rpath.patch
 	# set ca dir to /etc/ssl by default
 	patch -p0 -i $srcdir/ca-dir.patch
+	# https://rt.openssl.org/Ticket/Display.html?id=2975
+	patch -p1 -i $srcdir/Fix-IV-check-and-padding-removal.patch
 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
 		-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 \

core/openssl/Fix-IV-check-and-padding-removal.patch

@@ -0,0 +1,72 @@
+From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Thu, 7 Feb 2013 21:06:37 +0000
+Subject: [PATCH] Fix IV check and padding removal.
+
+Fix the calculation that checks there is enough room in a record
+after removing padding and optional explicit IV. (by Steve)
+
+For AEAD remove the correct number of padding bytes (by Andy)
+---
+ ssl/s3_cbc.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index ce77acd..0f60507 100644
+--- a/ssl/s3_cbc.c
++++ b/ssl/s3_cbc.c
+@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 			    unsigned mac_size)
+ 	{
+ 	unsigned padding_length, good, to_check, i;
+-	const char has_explicit_iv =
+-		s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
+-	const unsigned overhead = 1 /* padding length byte */ +
+-				  mac_size +
+-				  (has_explicit_iv ? block_size : 0);
+-
+-	/* These lengths are all public so we can test them in non-constant
+-	 * time. */
+-	if (overhead > rec->length)
+-		return 0;
+-
+-	/* We can always safely skip the explicit IV. We check at the beginning
+-	 * of this function that the record has at least enough space for the
+-	 * IV, MAC and padding length byte. (These can be checked in
+-	 * non-constant time because it's all public information.) So, if the
+-	 * padding was invalid, then we didn't change |rec->length| and this is
+-	 * safe. If the padding was valid then we know that we have at least
+-	 * overhead+padding_length bytes of space and so this is still safe
+-	 * because overhead accounts for the explicit IV. */
+-	if (has_explicit_iv)
++	const unsigned overhead = 1 /* padding length byte */ + mac_size;
++	/* Check if version requires explicit IV */
++	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ 		{
++		/* These lengths are all public so we can test them in
++		 * non-constant time.
++		 */
++		if (overhead + block_size > rec->length)
++			return 0;
++		/* We can now safely skip explicit IV */
+ 		rec->data += block_size;
+ 		rec->input += block_size;
+ 		rec->length -= block_size;
+ 		}
++	else if (overhead > rec->length)
++		return 0;
+ 
+ 	padding_length = rec->data[rec->length-1];
+ 
+@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ 	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
+ 		{
+ 		/* padding is already verified */
+-		rec->length -= padding_length;
++		rec->length -= padding_length + 1;
+ 		return 1;
+ 		}
+ 
+-- 
+1.8.1.2
+

core/openssl/PKGBUILD

@@ -5,7 +5,7 @@
 #  - use linux-armv4 target for our architectures
 
 pkgname=openssl
-_ver=1.0.1c
+_ver=1.0.1d
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
@@ -21,11 +21,13 @@ backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
         'fix-manpages.patch'
         'no-rpath.patch'
-        'ca-dir.patch')
-md5sums=('ae412727c8c15b67880aef7bd2999b2e'
+        'ca-dir.patch'
+        'Fix-IV-check-and-padding-removal.patch')
+md5sums=('b92fc634f0f1f31a67ed4175adc5ba33'
          'a3d90bc42253def61cd1c4237f1ce5f7'
          'dc78d3d06baffc16217519242ce92478'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         'b92ec62a1f3e7fdc65481afff709cd8b')
 
 build() {
 	cd $srcdir/$pkgname-$_ver
@@ -45,6 +47,8 @@ build() {
 	patch -p0 -i $srcdir/no-rpath.patch
 	# set ca dir to /etc/ssl by default
 	patch -p0 -i $srcdir/ca-dir.patch
+	# https://rt.openssl.org/Ticket/Display.html?id=2975
+	patch -p1 -i $srcdir/Fix-IV-check-and-padding-removal.patch
 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
 		shared zlib enable-md2 \