svn commit: r312033 - in head/security/openssl: . files
Dirk Meyer
dinoex at FreeBSD.org
Sun Feb 10 16:20:48 UTC 2013
Author: dinoex
Date: Sun Feb 10 16:20:47 2013
New Revision: 312033
URL: http://svnweb.freebsd.org/changeset/ports/312033
Log:
- fix paddding in TLS1.1 and DTLS on amd64
Added:
head/security/openssl/files/patch-tls-bug (contents, props changed)
Modified:
head/security/openssl/Makefile
Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile Sun Feb 10 16:18:19 2013 (r312032)
+++ head/security/openssl/Makefile Sun Feb 10 16:20:47 2013 (r312033)
@@ -4,7 +4,7 @@
PORTNAME= openssl
PORTVERSION= 1.0.1
DISTVERSIONSUFFIX= d
-PORTREVISION= 6
+PORTREVISION= 7
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \
ftp://ftp.openssl.org/%SUBDIR%/ \
Added: head/security/openssl/files/patch-tls-bug
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openssl/files/patch-tls-bug Sun Feb 10 16:20:47 2013 (r312033)
@@ -0,0 +1,72 @@
+From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Thu, 7 Feb 2013 21:06:37 +0000
+Subject: [PATCH] Fix IV check and padding removal.
+
+Fix the calculation that checks there is enough room in a record
+after removing padding and optional explicit IV. (by Steve)
+
+For AEAD remove the correct number of padding bytes (by Andy)
+---
+ ssl/s3_cbc.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index ce77acd..0f60507 100644
+--- a/ssl/s3_cbc.c
++++ ssl/s3_cbc.c
+@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
+ unsigned mac_size)
+ {
+ unsigned padding_length, good, to_check, i;
+- const char has_explicit_iv =
+- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
+- const unsigned overhead = 1 /* padding length byte */ +
+- mac_size +
+- (has_explicit_iv ? block_size : 0);
+-
+- /* These lengths are all public so we can test them in non-constant
+- * time. */
+- if (overhead > rec->length)
+- return 0;
+-
+- /* We can always safely skip the explicit IV. We check at the beginning
+- * of this function that the record has at least enough space for the
+- * IV, MAC and padding length byte. (These can be checked in
+- * non-constant time because it's all public information.) So, if the
+- * padding was invalid, then we didn't change |rec->length| and this is
+- * safe. If the padding was valid then we know that we have at least
+- * overhead+padding_length bytes of space and so this is still safe
+- * because overhead accounts for the explicit IV. */
+- if (has_explicit_iv)
++ const unsigned overhead = 1 /* padding length byte */ + mac_size;
++ /* Check if version requires explicit IV */
++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ {
++ /* These lengths are all public so we can test them in
++ * non-constant time.
++ */
++ if (overhead + block_size > rec->length)
++ return 0;
++ /* We can now safely skip explicit IV */
+ rec->data += block_size;
+ rec->input += block_size;
+ rec->length -= block_size;
+ }
++ else if (overhead > rec->length)
++ return 0;
+
+ padding_length = rec->data[rec->length-1];
+
+@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
+ {
+ /* padding is already verified */
+- rec->length -= padding_length;
++ rec->length -= padding_length + 1;
+ return 1;
+ }
+
+--
+1.7.9.5
+
More information about the svn-ports-head
mailing list