diff options
| author | Michał Masłowski <mtjm@mtjm.eu> | 2013-02-09 11:13:39 +0100 |
|---|---|---|
| committer | Michał Masłowski <mtjm@mtjm.eu> | 2013-02-09 11:13:39 +0100 |
| commit | 80c5e58be137999f5d9690b682e888436ffe69b2 (patch) | |
| tree | 5aef91b2cbc21ef5471d9ab69066ba7beaf747f0 /core/openssl/Fix-IV-check-and-padding-removal.patch | |
| parent | 9866fa59a35ebbae88bec725eba8551f34990e03 (diff) | |
| parent | e9c244cac8e5dc1c59c7e8b7bc885fef04224b70 (diff) | |
Merge branch 'master' of ssh://parabolagnulinux.org:1863/home/parabola/abslibre-pre-mips64el
Conflicts:
community/haskell-dataenc/PKGBUILD
community/haskell-haskeline/PKGBUILD
community/haskell-hslogger/PKGBUILD
community/haskell-terminfo/PKGBUILD
community/haskell-utf8-string/PKGBUILD
community/haskell-x11-xft/PKGBUILD
core/openssl/PKGBUILD
extra/cabal-install/PKGBUILD
extra/haskell-http/PKGBUILD
extra/haskell-mtl/PKGBUILD
extra/haskell-network/PKGBUILD
extra/haskell-parsec/PKGBUILD
extra/haskell-text/PKGBUILD
extra/haskell-transformers/PKGBUILD
extra/haskell-zlib/PKGBUILD
extra/kdebindings-python/PKGBUILD
Diffstat (limited to 'core/openssl/Fix-IV-check-and-padding-removal.patch')
| -rw-r--r-- | core/openssl/Fix-IV-check-and-padding-removal.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/core/openssl/Fix-IV-check-and-padding-removal.patch b/core/openssl/Fix-IV-check-and-padding-removal.patch new file mode 100644 index 000000000..321791251 --- /dev/null +++ b/core/openssl/Fix-IV-check-and-padding-removal.patch @@ -0,0 +1,72 @@ +From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" <steve@openssl.org> +Date: Thu, 7 Feb 2013 21:06:37 +0000 +Subject: [PATCH] Fix IV check and padding removal. + +Fix the calculation that checks there is enough room in a record +after removing padding and optional explicit IV. (by Steve) + +For AEAD remove the correct number of padding bytes (by Andy) +--- + ssl/s3_cbc.c | 33 ++++++++++++--------------------- + 1 file changed, 12 insertions(+), 21 deletions(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index ce77acd..0f60507 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned mac_size) + { + unsigned padding_length, good, to_check, i; +- const char has_explicit_iv = +- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; +- const unsigned overhead = 1 /* padding length byte */ + +- mac_size + +- (has_explicit_iv ? block_size : 0); +- +- /* These lengths are all public so we can test them in non-constant +- * time. */ +- if (overhead > rec->length) +- return 0; +- +- /* We can always safely skip the explicit IV. We check at the beginning +- * of this function that the record has at least enough space for the +- * IV, MAC and padding length byte. (These can be checked in +- * non-constant time because it's all public information.) So, if the +- * padding was invalid, then we didn't change |rec->length| and this is +- * safe. If the padding was valid then we know that we have at least +- * overhead+padding_length bytes of space and so this is still safe +- * because overhead accounts for the explicit IV. */ +- if (has_explicit_iv) ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ /* Check if version requires explicit IV */ ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) + { ++ /* These lengths are all public so we can test them in ++ * non-constant time. ++ */ ++ if (overhead + block_size > rec->length) ++ return 0; ++ /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } ++ else if (overhead > rec->length) ++ return 0; + + padding_length = rec->data[rec->length-1]; + +@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, + if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) + { + /* padding is already verified */ +- rec->length -= padding_length; ++ rec->length -= padding_length + 1; + return 1; + } + +-- +1.8.1.2 + |