testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity

Accepting request 74715 from Base:System

Browse Source 
update to latest stable version 1.0.0d.

OBS-URL: https://build.opensuse.org/request/show/74715
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=59
This commit is contained in:
Sascha Peilicke 2011-06-28 08:06:25 +00:00 committed by Git OBS Bridge
parent ca270b4d26
commit afb2b76da7
6 changed files with 69 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2011-0014.patch
View File

@ -1,28 +0,0 @@
Index: openssl-1.0.0c/ssl/t1_lib.c
===================================================================
--- openssl-1.0.0c.orig/ssl/t1_lib.c
+++ openssl-1.0.0c/ssl/t1_lib.c
@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize < 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
}
/* Read in request_extensions */
+ if (size < 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
- if (dsize > size)
+ if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;

43
ECDSA_signatures_timing_attack.patch Normal file
View File

@ -0,0 +1,43 @@
Index: openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.0c.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.0c/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,16 @@ static int ecdsa_sign_setup(EC_KEY *ecke
}
while (BN_is_zero(k));
+#ifdef ECDSA_POINT_MUL_NO_CONSTTIME
+ /* We do not want timing information to leak the length of k,
+ * so we compute G*k using an equivalent scalar of fixed
+ * bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
+#endif /* def(ECDSA_POINT_MUL_NO_CONSTTIME) */
+
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
Index: openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
===================================================================
--- openssl-1.0.0c.orig/crypto/ocsp/ocsp_lib.c
+++ openssl-1.0.0c/crypto/ocsp/ocsp_lib.c
@@ -170,13 +170,14 @@ int OCSP_parse_url(char *url, char **pho
char *host, *port;
+ *phost = NULL;
+ *pport = NULL;
+ *ppath = NULL;
+
/* dup the buffer since we are going to mess with it */
buf = BUF_strdup(url);
if (!buf) goto mem_err;
- *phost = NULL;
- *pport = NULL;
- *ppath = NULL;
/* Check for initial colon */
p = strchr(buf, ':');

3
openssl-1.0.0c.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fabc7750eb05c2b15916b1abdff7287064dd4bc120b0b77e233bc390352bae5d
size 3207024

3
openssl-1.0.0d.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1544c7464c7b6cd40bed63cf9e7e27a913d1af881f14d9afd15e61f401056eda
size 3223694

18
openssl.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Fri Jun 24 04:51:50 UTC 2011 - gjhe@novell.com
- update to latest stable version 1.0.0d.
patch removed(already in the new package):
CVE-2011-0014
patch added:
ECDSA_signatures_timing_attack.patch
-------------------------------------------------------------------
Tue May 31 07:07:49 UTC 2011 - gjhe@novell.com
- fix bug[bnc#693027].
Add protection against ECDSA timing attacks as mentioned in the paper
by Billy Bob Brumley and Nicola Tuveri, see:
http://eprint.iacr.org/2011/232.pdf
[Billy Bob Brumley and Nicola Tuveri]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org Mon May 16 14:38:26 UTC 2011 - andrea@opensuse.org

8
openssl.spec
View File

@ -32,7 +32,7 @@ Obsoletes: openssl-64bit
%endif %endif
# #
#Version: 1.0.0 #Version: 1.0.0
Version: 1.0.0c Version: 1.0.0d
Release: 25 Release: 25
Summary: Secure Sockets and Transport Layer Security Summary: Secure Sockets and Transport Layer Security
Url: http://www.openssl.org/ Url: http://www.openssl.org/
@ -49,7 +49,8 @@ Patch2: bug610223.patch
#Patch5: CVE-2010-2939.patch #Patch5: CVE-2010-2939.patch
#Patch6: CVE-2010-3864.patch #Patch6: CVE-2010-3864.patch
Patch7: openssl-1.0.0b-aesni.patch Patch7: openssl-1.0.0b-aesni.patch
Patch8: CVE-2011-0014.patch #Patch8: CVE-2011-0014.patch
Patch9: ECDSA_signatures_timing_attack.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -185,7 +186,8 @@ Authors:
#%patch5 -p1 #%patch5 -p1
#%patch6 -p1 #%patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 #%patch8 -p1
%patch9 -p1
cp -p %{S:10} . cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure" echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags