summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/openssl/Makefile3
-rw-r--r--security/openssl/distinfo3
-rw-r--r--security/openssl/patches/patch-ag101
3 files changed, 105 insertions, 2 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 9e53d5c7b3c..9a3eb706ccd 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2003/01/28 22:04:07 jlam Exp $
+# $NetBSD: Makefile,v 1.66 2003/02/20 07:59:24 wiz Exp $
DISTNAME= openssl-0.9.6g
+PKGREVISION= 1
SVR4_PKGNAME= ossl
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssl.org/source/
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 363dd38cd53..a4e2a93950c 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2002/12/03 14:02:24 grant Exp $
+$NetBSD: distinfo,v 1.16 2003/02/20 07:59:25 wiz Exp $
SHA1 (openssl-0.9.6g.tar.gz) = 5b3cdad1d33134c97f659a8ad5dbf4ca4cf3d9c8
Size (openssl-0.9.6g.tar.gz) = 2170570 bytes
@@ -10,3 +10,4 @@ SHA1 (patch-ac) = 9d53250cf7267461d57edc26573bcd822cd945db
SHA1 (patch-ad) = ee8283d5537edce1bb60470c616ebabfda0aa084
SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288
SHA1 (patch-af) = fd470396c5f54ea2d333df44504c03e7c6c8dc96
+SHA1 (patch-ag) = d470c7da2cff7ba37ac38d6ceb79751a7d21d432
diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag
new file mode 100644
index 00000000000..3b5fda10917
--- /dev/null
+++ b/security/openssl/patches/patch-ag
@@ -0,0 +1,101 @@
+$NetBSD: patch-ag,v 1.8 2003/02/20 07:59:26 wiz Exp $
+
+--- ssl/s3_pkt.c.orig Fri May 10 01:07:45 2002
++++ ssl/s3_pkt.c
+@@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s)
+ unsigned int mac_size;
+ int clear=0;
+ size_t extra;
++ int decryption_failed_or_bad_record_mac = 0;
++ unsigned char *mac = NULL;
+
+ rr= &(s->s3->rrec);
+ sess=s->session;
+@@ -353,8 +355,11 @@ again:
+ /* SSLerr() and ssl3_send_alert() have been called */
+ goto err;
+
+- /* otherwise enc_err == -1 */
+- goto decryption_failed_or_bad_record_mac;
++ /* Otherwise enc_err == -1, which indicates bad padding
++ * (rec->length has not been changed in this case).
++ * To minimize information leaked via timing, we will perform
++ * the MAC computation anyway. */
++ decryption_failed_or_bad_record_mac = 1;
+ }
+
+ #ifdef TLS_DEBUG
+@@ -380,28 +385,46 @@ printf("\n");
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+ goto f_err;
+ #else
+- goto decryption_failed_or_bad_record_mac;
++ decryption_failed_or_bad_record_mac = 1;
+ #endif
+ }
+ /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+- if (rr->length < mac_size)
++ if (rr->length >= mac_size)
+ {
++ rr->length -= mac_size;
++ mac = &rr->data[rr->length];
++ }
++ else
++ {
++ /* record (minus padding) is too short to contain a MAC */
+ #if 0 /* OK only for stream ciphers */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ #else
+- goto decryption_failed_or_bad_record_mac;
++ decryption_failed_or_bad_record_mac = 1;
++ rr->length = 0;
+ #endif
+ }
+- rr->length-=mac_size;
+ i=s->method->ssl3_enc->mac(s,md,0);
+- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
++ if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+ {
+- goto decryption_failed_or_bad_record_mac;
++ decryption_failed_or_bad_record_mac = 1;
+ }
+ }
+
++ if (decryption_failed_or_bad_record_mac)
++ {
++ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
++ * failure is directly visible from the ciphertext anyway,
++ * we should not reveal which kind of error occured -- this
++ * might become visible to an attacker (e.g. via a logfile) */
++ al=SSL_AD_BAD_RECORD_MAC;
++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ goto f_err;
++ }
++
+ /* r->length is now just compressed */
+ if (s->expand != NULL)
+ {
+@@ -443,19 +466,12 @@ printf("\n");
+
+ return(1);
+
+-decryption_failed_or_bad_record_mac:
+- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+- * failure is directly visible from the ciphertext anyway,
+- * we should not reveal which kind of error occured -- this
+- * might become visible to an attacker (e.g. via logfile) */
+- al=SSL_AD_BAD_RECORD_MAC;
+- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ f_err:
+ ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ err:
+ return(ret);
+ }
++const char *CAN_2003_0078_patch_ID="CAN-2003-0078 patch 2003-02-19";
+
+ static int do_uncompress(SSL *ssl)
+ {