From 9a1311344f67edd8c3cecb088bb562de1dc4679b Mon Sep 17 00:00:00 2001 From: Kevin Mihelich <kevin@archlinuxarm.org> Date: Fri, 8 Feb 2013 14:35:02 +0000 Subject: [PATCH] core/openssl to 1.0.1d-1 --- .../Fix-IV-check-and-padding-removal.patch | 72 +++++++++++++++++++ core/openssl-cryptodev/PKGBUILD | 12 ++-- .../Fix-IV-check-and-padding-removal.patch | 72 +++++++++++++++++++ core/openssl/PKGBUILD | 12 ++-- 4 files changed, 160 insertions(+), 8 deletions(-) create mode 100644 core/openssl-cryptodev/Fix-IV-check-and-padding-removal.patch create mode 100644 core/openssl/Fix-IV-check-and-padding-removal.patch diff --git a/core/openssl-cryptodev/Fix-IV-check-and-padding-removal.patch b/core/openssl-cryptodev/Fix-IV-check-and-padding-removal.patch new file mode 100644 index 000000000..321791251 --- /dev/null +++ b/core/openssl-cryptodev/Fix-IV-check-and-padding-removal.patch @@ -0,0 +1,72 @@ +From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" <steve@openssl.org> +Date: Thu, 7 Feb 2013 21:06:37 +0000 +Subject: [PATCH] Fix IV check and padding removal. + +Fix the calculation that checks there is enough room in a record +after removing padding and optional explicit IV. (by Steve) + +For AEAD remove the correct number of padding bytes (by Andy) +--- + ssl/s3_cbc.c | 33 ++++++++++++--------------------- + 1 file changed, 12 insertions(+), 21 deletions(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index ce77acd..0f60507 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; +- const char has_explicit_iv = +- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; +- const unsigned overhead = 1 /* padding length byte */ + +- mac_size + +- (has_explicit_iv ? block_size : 0); +- +- /* These lengths are all public so we can test them in non-constant +- * time. */ +- if (overhead > rec->length) +- return 0; +- +- /* We can always safely skip the explicit IV. We check at the beginning +- * of this function that the record has at least enough space for the +- * IV, MAC and padding length byte. (These can be checked in +- * non-constant time because it's all public information.) So, if the +- * padding was invalid, then we didn't change |rec->length| and this is +- * safe. If the padding was valid then we know that we have at least +- * overhead+padding_length bytes of space and so this is still safe +- * because overhead accounts for the explicit IV. */ +- if (has_explicit_iv) ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ /* Check if version requires explicit IV */ ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + { ++ /* These lengths are all public so we can test them in ++ * non-constant time. ++ */ ++ if (overhead + block_size > rec->length) ++ return 0; ++ /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } ++ else if (overhead > rec->length) ++ return 0; + + padding_length = rec->data[rec->length-1]; + +@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) + { + /* padding is already verified */ +- rec->length -= padding_length; ++ rec->length -= padding_length + 1; + return 1; + } + +-- +1.8.1.2 + diff --git a/core/openssl-cryptodev/PKGBUILD b/core/openssl-cryptodev/PKGBUILD index d175b1280..8f1073eed 100644 --- a/core/openssl-cryptodev/PKGBUILD +++ b/core/openssl-cryptodev/PKGBUILD @@ -10,7 +10,7 @@ buildarch=6 pkgname=openssl-cryptodev _pkgname=openssl -_ver=1.0.1c +_ver=1.0.1d # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} #pkgver=$_ver @@ -33,11 +33,13 @@ provides=("openssl=${pkgver}") source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" 'fix-manpages.patch' 'no-rpath.patch' - 'ca-dir.patch') -md5sums=('ae412727c8c15b67880aef7bd2999b2e' + 'ca-dir.patch' + 'Fix-IV-check-and-padding-removal.patch') +md5sums=('b92fc634f0f1f31a67ed4175adc5ba33' '5bbc0655bda2af95bc8eb568963ce8ba' 'dc78d3d06baffc16217519242ce92478' - '3bf51be3a1bbd262be46dc619f92aa90') + '3bf51be3a1bbd262be46dc619f92aa90' + 'b92ec62a1f3e7fdc65481afff709cd8b') build() { cd $srcdir/$_pkgname-$_ver @@ -63,6 +65,8 @@ build() { patch -p0 -i $srcdir/no-rpath.patch # set ca dir to /etc/ssl by default patch -p0 -i $srcdir/ca-dir.patch + # https://rt.openssl.org/Ticket/Display.html?id=2975 + patch -p1 -i $srcdir/Fix-IV-check-and-padding-removal.patch # mark stack as non-executable: http://bugs.archlinux.org/task/12434 ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 \ diff --git a/core/openssl/Fix-IV-check-and-padding-removal.patch b/core/openssl/Fix-IV-check-and-padding-removal.patch new file mode 100644 index 000000000..321791251 --- /dev/null +++ b/core/openssl/Fix-IV-check-and-padding-removal.patch @@ -0,0 +1,72 @@ +From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" <steve@openssl.org> +Date: Thu, 7 Feb 2013 21:06:37 +0000 +Subject: [PATCH] Fix IV check and padding removal. + +Fix the calculation that checks there is enough room in a record +after removing padding and optional explicit IV. (by Steve) + +For AEAD remove the correct number of padding bytes (by Andy) +--- + ssl/s3_cbc.c | 33 ++++++++++++--------------------- + 1 file changed, 12 insertions(+), 21 deletions(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index ce77acd..0f60507 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; +- const char has_explicit_iv = +- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; +- const unsigned overhead = 1 /* padding length byte */ + +- mac_size + +- (has_explicit_iv ? block_size : 0); +- +- /* These lengths are all public so we can test them in non-constant +- * time. */ +- if (overhead > rec->length) +- return 0; +- +- /* We can always safely skip the explicit IV. We check at the beginning +- * of this function that the record has at least enough space for the +- * IV, MAC and padding length byte. (These can be checked in +- * non-constant time because it's all public information.) So, if the +- * padding was invalid, then we didn't change |rec->length| and this is +- * safe. If the padding was valid then we know that we have at least +- * overhead+padding_length bytes of space and so this is still safe +- * because overhead accounts for the explicit IV. */ +- if (has_explicit_iv) ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ /* Check if version requires explicit IV */ ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + { ++ /* These lengths are all public so we can test them in ++ * non-constant time. ++ */ ++ if (overhead + block_size > rec->length) ++ return 0; ++ /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } ++ else if (overhead > rec->length) ++ return 0; + + padding_length = rec->data[rec->length-1]; + +@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) + { + /* padding is already verified */ +- rec->length -= padding_length; ++ rec->length -= padding_length + 1; + return 1; + } + +-- +1.8.1.2 + diff --git a/core/openssl/PKGBUILD b/core/openssl/PKGBUILD index 9afc81427..e377cf52b 100644 --- a/core/openssl/PKGBUILD +++ b/core/openssl/PKGBUILD @@ -5,7 +5,7 @@ # - use linux-armv4 target for our architectures pkgname=openssl -_ver=1.0.1c +_ver=1.0.1d # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} #pkgver=$_ver @@ -21,11 +21,13 @@ backup=('etc/ssl/openssl.cnf') source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz" 'fix-manpages.patch' 'no-rpath.patch' - 'ca-dir.patch') -md5sums=('ae412727c8c15b67880aef7bd2999b2e' + 'ca-dir.patch' + 'Fix-IV-check-and-padding-removal.patch') +md5sums=('b92fc634f0f1f31a67ed4175adc5ba33' 'a3d90bc42253def61cd1c4237f1ce5f7' 'dc78d3d06baffc16217519242ce92478' - '3bf51be3a1bbd262be46dc619f92aa90') + '3bf51be3a1bbd262be46dc619f92aa90' + 'b92ec62a1f3e7fdc65481afff709cd8b') build() { cd $srcdir/$pkgname-$_ver @@ -45,6 +47,8 @@ build() { patch -p0 -i $srcdir/no-rpath.patch # set ca dir to /etc/ssl by default patch -p0 -i $srcdir/ca-dir.patch + # https://rt.openssl.org/Ticket/Display.html?id=2975 + patch -p1 -i $srcdir/Fix-IV-check-and-padding-removal.patch # mark stack as non-executable: http://bugs.archlinux.org/task/12434 ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ shared zlib enable-md2 \