diff options
| -rw-r--r-- | security/openssl/Makefile | 4 | ||||
| -rw-r--r-- | security/openssl/distinfo | 5 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ah | 55 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ai | 52 | ||||
| -rw-r--r-- | security/openssl/patches/patch-aj | 19 |
5 files changed, 132 insertions, 3 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 9a3eb706ccd..814c36832c9 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.66 2003/02/20 07:59:24 wiz Exp $ +# $NetBSD: Makefile,v 1.67 2003/03/21 18:40:48 seb Exp $ DISTNAME= openssl-0.9.6g -PKGREVISION= 1 +PKGREVISION= 2 SVR4_PKGNAME= ossl CATEGORIES= security MASTER_SITES= ftp://ftp.openssl.org/source/ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index d9cc91cdcc7..7bba0e1b0af 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2003/02/28 08:08:22 grant Exp $ +$NetBSD: distinfo,v 1.18 2003/03/21 18:40:49 seb Exp $ SHA1 (openssl-0.9.6g.tar.gz) = 5b3cdad1d33134c97f659a8ad5dbf4ca4cf3d9c8 Size (openssl-0.9.6g.tar.gz) = 2170570 bytes @@ -11,3 +11,6 @@ SHA1 (patch-ad) = ee8283d5537edce1bb60470c616ebabfda0aa084 SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288 SHA1 (patch-af) = fd470396c5f54ea2d333df44504c03e7c6c8dc96 SHA1 (patch-ag) = d470c7da2cff7ba37ac38d6ceb79751a7d21d432 +SHA1 (patch-ah) = f8a6522c5e00605c47e149f8c70878960257c65a +SHA1 (patch-ai) = 9d2e1dae0882450b7c10cdd2ea8156dced550c4a +SHA1 (patch-aj) = 8c71a29e8f2cbbe9c105f9bec27f4dc1835f5338 diff --git a/security/openssl/patches/patch-ah b/security/openssl/patches/patch-ah new file mode 100644 index 00000000000..ede9af6ae95 --- /dev/null +++ b/security/openssl/patches/patch-ah @@ -0,0 +1,55 @@ +$NetBSD: patch-ah,v 1.4 2003/03/21 18:40:49 seb Exp $ + +--- ssl/s3_srvr.c.orig 2002-08-08 21:17:58.000000000 +0000 ++++ ssl/s3_srvr.c +@@ -1418,7 +1418,7 @@ static int ssl3_get_client_key_exchange( + if (i != SSL_MAX_MASTER_KEY_LENGTH) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + } + + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) +@@ -1434,30 +1434,29 @@ static int ssl3_get_client_key_exchange( + (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) + { + al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); +- goto f_err; ++ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ ++ ++ /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack ++ * (http://eprint.iacr.org/2003/052/) exploits the version ++ * number check as a "bad version oracle" -- an alert would ++ * reveal that the plaintext corresponding to some ciphertext ++ * made up by the adversary is properly formatted except ++ * that the version number is wrong. To avoid such attacks, ++ * we should treat this just like any other decryption error. */ ++ p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; + } + } + + if (al != -1) + { +-#if 0 +- goto f_err; +-#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding +- * (see RFC 2246, section 7.4.7.1). +- * But note that due to length and protocol version checking, the +- * attack is impractical anyway (see section 5 in D. Bleichenbacher: +- * "Chosen Ciphertext Attacks Against Protocols Based on the RSA +- * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). +- */ ++ * (see RFC 2246, section 7.4.7.1). */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +-#endif + } + + s->session->master_key_length= diff --git a/security/openssl/patches/patch-ai b/security/openssl/patches/patch-ai new file mode 100644 index 00000000000..fc70fa6dd87 --- /dev/null +++ b/security/openssl/patches/patch-ai @@ -0,0 +1,52 @@ +$NetBSD: patch-ai,v 1.4 2003/03/21 18:40:49 seb Exp $ + +--- crypto/rsa/rsa_eay.c.orig 2002-08-08 21:16:29.000000000 +0000 ++++ crypto/rsa/rsa_eay.c +@@ -190,6 +190,25 @@ err: + return(r); + } + ++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) ++ { ++ int ret = 1; ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ /* Check again inside the lock - the macro's check is racey */ ++ if(rsa->blinding == NULL) ++ ret = RSA_blinding_on(rsa, ctx); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ return ret; ++ } ++ ++#define BLINDING_HELPER(rsa, ctx, err_instr) \ ++ do { \ ++ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ ++ ((rsa)->blinding == NULL) && \ ++ !rsa_eay_blinding(rsa, ctx)) \ ++ err_instr \ ++ } while(0) ++ + /* signing */ + static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +@@ -234,8 +253,8 @@ static int RSA_eay_private_encrypt(int f + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + +@@ -313,8 +332,8 @@ static int RSA_eay_private_decrypt(int f + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + diff --git a/security/openssl/patches/patch-aj b/security/openssl/patches/patch-aj new file mode 100644 index 00000000000..608156bdf2e --- /dev/null +++ b/security/openssl/patches/patch-aj @@ -0,0 +1,19 @@ +$NetBSD: patch-aj,v 1.7 2003/03/21 18:40:49 seb Exp $ + +--- crypto/rsa/rsa_lib.c.orig 2001-02-24 17:32:30.000000000 +0000 ++++ crypto/rsa/rsa_lib.c +@@ -71,7 +71,13 @@ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *r + + RSA *RSA_new(void) + { +- return(RSA_new_method(NULL)); ++ RSA *r=RSA_new_method(NULL); ++ ++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING ++ r->flags|=RSA_FLAG_BLINDING; ++#endif ++ ++ return r; + } + + void RSA_set_default_method(RSA_METHOD *meth) |