diff options
Diffstat (limited to 'share/security/patches/SA-03:06/openssl.patch')
-rw-r--r-- | share/security/patches/SA-03:06/openssl.patch | 135 |
1 files changed, 0 insertions, 135 deletions
diff --git a/share/security/patches/SA-03:06/openssl.patch b/share/security/patches/SA-03:06/openssl.patch deleted file mode 100644 index 7081d256b8..0000000000 --- a/share/security/patches/SA-03:06/openssl.patch +++ /dev/null @@ -1,135 +0,0 @@ -Index: crypto/openssl/crypto/rsa/rsa_eay.c -=================================================================== -RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_eay.c,v -retrieving revision 1.10 -diff -u -r1.10 rsa_eay.c ---- crypto/openssl/crypto/rsa/rsa_eay.c 19 Feb 2003 23:24:16 -0000 1.10 -+++ crypto/openssl/crypto/rsa/rsa_eay.c 20 Mar 2003 14:01:30 -0000 -@@ -195,6 +195,25 @@ - return(r); - } - -+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) -+ { -+ int ret = 1; -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ /* Check again inside the lock - the macro's check is racey */ -+ if(rsa->blinding == NULL) -+ ret = RSA_blinding_on(rsa, ctx); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -+ return ret; -+ } -+ -+#define BLINDING_HELPER(rsa, ctx, err_instr) \ -+ do { \ -+ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ -+ ((rsa)->blinding == NULL) && \ -+ !rsa_eay_blinding(rsa, ctx)) \ -+ err_instr \ -+ } while(0) -+ - /* signing */ - static int RSA_eay_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -@@ -239,8 +258,8 @@ - goto err; - } - -- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) -- RSA_blinding_on(rsa,ctx); -+ BLINDING_HELPER(rsa, ctx, goto err;); -+ - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - -@@ -318,8 +337,8 @@ - goto err; - } - -- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) -- RSA_blinding_on(rsa,ctx); -+ BLINDING_HELPER(rsa, ctx, goto err;); -+ - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - -Index: crypto/openssl/crypto/rsa/rsa_lib.c -=================================================================== -RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_lib.c,v -retrieving revision 1.8 -diff -u -r1.8 rsa_lib.c ---- crypto/openssl/crypto/rsa/rsa_lib.c 19 Feb 2003 23:24:16 -0000 1.8 -+++ crypto/openssl/crypto/rsa/rsa_lib.c 20 Mar 2003 14:01:30 -0000 -@@ -72,7 +72,13 @@ - - RSA *RSA_new(void) - { -- return(RSA_new_method(NULL)); -+ RSA *r=RSA_new_method(NULL); -+ -+#ifndef OPENSSL_NO_FORCE_RSA_BLINDING -+ r->flags|=RSA_FLAG_BLINDING; -+#endif -+ -+ return r; - } - - void RSA_set_default_method(const RSA_METHOD *meth) -Index: crypto/openssl/ssl/s3_srvr.c -=================================================================== -RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v -retrieving revision 1.1.1.10 -diff -u -r1.1.1.10 s3_srvr.c ---- crypto/openssl/ssl/s3_srvr.c 28 Jan 2003 21:38:47 -0000 1.1.1.10 -+++ crypto/openssl/ssl/s3_srvr.c 20 Mar 2003 14:01:31 -0000 -@@ -1447,7 +1447,7 @@ - if (i != SSL_MAX_MASTER_KEY_LENGTH) - { - al=SSL_AD_DECODE_ERROR; -- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); -+ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ - } - - if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) -@@ -1463,30 +1463,29 @@ - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) - { - al=SSL_AD_DECODE_ERROR; -- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); -- goto f_err; -+ /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ -+ -+ /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack -+ * (http://eprint.iacr.org/2003/052/) exploits the version -+ * number check as a "bad version oracle" -- an alert would -+ * reveal that the plaintext corresponding to some ciphertext -+ * made up by the adversary is properly formatted except -+ * that the version number is wrong. To avoid such attacks, -+ * we should treat this just like any other decryption error. */ -+ p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; - } - } - - if (al != -1) - { --#if 0 -- goto f_err; --#else - /* Some decryption failure -- use random value instead as countermeasure - * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding -- * (see RFC 2246, section 7.4.7.1). -- * But note that due to length and protocol version checking, the -- * attack is impractical anyway (see section 5 in D. Bleichenbacher: -- * "Chosen Ciphertext Attacks Against Protocols Based on the RSA -- * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). -- */ -+ * (see RFC 2246, section 7.4.7.1). */ - ERR_clear_error(); - i = SSL_MAX_MASTER_KEY_LENGTH; - p[0] = s->client_version >> 8; - p[1] = s->client_version & 0xff; - RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ --#endif - } - - s->session->master_key_length= |