Commit 26dd3845 authored by Timo Teräs's avatar Timo Teräs

main/openssl: security upgrade to 1.0.1k

CVE-2014-3571 DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 no-ssl3 configuration sets method to NULL
CVE-2014-3572 ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 DH client certificates accepted without verification [Server]
CVE-2014-8275 Certificate fingerprints can be modified
CVE-2014-3570 Bignum squaring may produce incorrect results
parent 200f97e8
From 6e182155643a6aeb07cbba1e7f79ac1adfcddad2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 28 Jul 2010 08:29:09 +0300
Subject: [PATCH 2/4] engines/e_padlock: backport cvs head changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Backport changes from upstream padlock module.
Includes support for VIA Nano 64-bit mode.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
engines/e_padlock.c | 140 +++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 122 insertions(+), 18 deletions(-)
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 9f7a85a..6ab42d2 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
diff -ru openssl-1.0.1k.orig/engines/e_padlock.c openssl-1.0.1k/engines/e_padlock.c
--- openssl-1.0.1k.orig/engines/e_padlock.c 2015-01-08 16:00:56.000000000 -0200
+++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 08:08:35.421516799 -0200
@@ -101,7 +101,10 @@
compiler choice is limited to GCC and Microsoft C. */
#undef COMPILE_HW_PADLOCK
......@@ -29,7 +18,7 @@ index 9f7a85a..6ab42d2 100644
(defined(_MSC_VER) && defined(_M_IX86))
# define COMPILE_HW_PADLOCK
# endif
@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
@@ -304,6 +307,7 @@
* =======================================================
*/
#if defined(__GNUC__) && __GNUC__>=2
......@@ -37,11 +26,12 @@ index 9f7a85a..6ab42d2 100644
/*
* As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let
@@ -383,21 +387,6 @@ padlock_available(void)
@@ -383,23 +387,6 @@
return padlock_use_ace + padlock_use_rng;
}
-#ifndef OPENSSL_NO_AES
-#ifndef AES_ASM
-/* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
......@@ -55,11 +45,12 @@ index 9f7a85a..6ab42d2 100644
- }
-}
-#endif
-#endif
-
/* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30]
which does the trick. */
@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \
@@ -457,12 +444,129 @@
: "edx", "cc", "memory"); \
return iv; \
}
......@@ -172,6 +163,7 @@ index 9f7a85a..6ab42d2 100644
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
+
+#ifndef AES_ASM
+/* Our own htonl()/ntohl() */
+static inline void
+padlock_bswapl(AES_KEY *ks)
......@@ -184,10 +176,11 @@ index 9f7a85a..6ab42d2 100644
+ key++;
+ }
+}
+#endif
#endif
/* The RNG call itself */
@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
@@ -493,8 +597,8 @@
static inline unsigned char *
padlock_memcpy(void *dst,const void *src,size_t n)
{
......@@ -198,6 +191,3 @@ index 9f7a85a..6ab42d2 100644
n /= sizeof(*d);
do { *d++ = *s++; } while (--n);
--
1.7.11.3
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1j
pkgver=1.0.1k
pkgrel=0
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
......@@ -129,11 +129,11 @@ libssl() {
done
}
md5sums="f7175c9cd3c39bb1907ac8bba9df8ed3 openssl-1.0.1j.tar.gz
md5sums="d4f002bd22a56881340105028842ae1f openssl-1.0.1k.tar.gz
f75151bfdd0e1f5191e0d0e7147e1638 fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch
a7717dd564ef876d4923a80751714d63 0002-engines-e_padlock-backport-cvs-head-changes.patch
cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch
......@@ -143,11 +143,11 @@ efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
05ad806219cef6fa5692ac727af7fab6 c_rehash.c
60ca340e32944e4825747e3681ccd553 openssl-1.0.1-parallel-build.patch
b7f2421187ae2b4c7e424cda2022d41d abi-compat-no-freelists.patch"
sha256sums="1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 openssl-1.0.1j.tar.gz
sha256sums="8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c openssl-1.0.1k.tar.gz
92296c9e121af10ecc1e302695bf2ceacaa9b00702e580504fc0ed04a9fba86e fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
39c31c2e33cded09543a2d1fd2e3238e9d11c672ba71a14d13095baad3ec9696 0002-engines-e_padlock-backport-cvs-head-changes.patch
30fbadf31dc13d9bcc758741f5560f6e13dd66c067f62d1b9066fb656f6aaaf2 0002-engines-e_padlock-backport-cvs-head-changes.patch
cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch
......@@ -157,11 +157,11 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e
7b0947fd09ad1e8d9cea360b883090025b40193d0fc8a631f2e3bb42db28d76b c_rehash.c
bd56e5fe1b6fe594ab93f34d25fef0b7372633bad8532f81da998f3e6655d221 openssl-1.0.1-parallel-build.patch
41c7c1e5bea7f7e0ccc59203a48f097948627d72fcf87f943fcfe8c14b4069a2 abi-compat-no-freelists.patch"
sha512sums="a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8 openssl-1.0.1j.tar.gz
sha512sums="8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 openssl-1.0.1k.tar.gz
b0eda7e9b53195b0855da68617201c3c7026eb7464ab58f0bc9923013663ec6b826d1868fe88b87118d3134114cbd9ac15d2c8389c85ef9c1bb4d18575b68a5b fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
96cdd28d1ad5efd3f5836b4c57c9c6ea8e790fbf919e32a8c4acd3883a3531b8d295053a4aa20e6165600153b141ce7b0a3d1d736fdfc325d59862b845aa4d98 0002-engines-e_padlock-backport-cvs-head-changes.patch
c86694b1931ef16eb467f5228a7ea2c36c90570daedb405bb24e7915b2e29f9ba20386cdef0ebea6af23ca04839d713bd05f0c8f3b7f6377331a6ab96c505f44 0002-engines-e_padlock-backport-cvs-head-changes.patch
b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment