Inicio Explorar Ayuda
Iniciar sesión
openpkg
/
openpkg-packages
Seguir 2
Destacar 0
Fork 0
Archivos Incidencias 0 Pull Requests 0
Árbol: aaf2feccc6
Ramas Etiquetas
openpkg-pack...
/
openssl
/
openssl.patch

openssl.patch 4.3 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. Index: crypto/rsa/rsa_eay.c
    2. 

  2. ===================================================================
    3. 

  3. RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
    4. 

  4. retrieving revision 1.28.2.3
    5. 

  5. diff -u -r1.28.2.3 rsa_eay.c
    6. 

  6. --- crypto/rsa/rsa_eay.c	30 Jan 2003 17:37:46 -0000	1.28.2.3
    7. 

  7. +++ crypto/rsa/rsa_eay.c	16 Mar 2003 10:34:13 -0000
    8. 

  8. @@ -195,6 +195,25 @@
    9. 

  9.  	return(r);
    10. 

  10.  	}
    11. 

  11.  
    12. 

  12. +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
    13. 

  13. +	{
    14. 

  14. +	int ret = 1;
    15. 

  15. +	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
    16. 

  16. +	/* Check again inside the lock - the macro's check is racey */
    17. 

  17. +	if(rsa->blinding == NULL)
    18. 

  18. +		ret = RSA_blinding_on(rsa, ctx);
    19. 

  19. +	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
    20. 

  20. +	return ret;
    21. 

  21. +	}
    22. 

  22. +
    23. 

  23. +#define BLINDING_HELPER(rsa, ctx, err_instr) \
    24. 

  24. +	do { \
    25. 

  25. +		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
    26. 

  26. +				((rsa)->blinding == NULL) && \
    27. 

  27. +				!rsa_eay_blinding(rsa, ctx)) \
    28. 

  28. +			err_instr \
    29. 

  29. +	} while(0)
    30. 

  30. +
    31. 

  31.  /* signing */
    32. 

  32.  static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
    33. 

  33.  	     unsigned char *to, RSA *rsa, int padding)
    34. 

  34. @@ -239,8 +258,8 @@
    35. 

  35.  		goto err;
    36. 

  36.  		}
    37. 

  37.  
    38. 

  38. -	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
    39. 

  39. -		RSA_blinding_on(rsa,ctx);
    40. 

  40. +	BLINDING_HELPER(rsa, ctx, goto err;);
    41. 

  41. +
    42. 

  42.  	if (rsa->flags & RSA_FLAG_BLINDING)
    43. 

  43.  		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
    44. 

  44.  
    45. 

  45. @@ -318,8 +337,8 @@
    46. 

  46.  		goto err;
    47. 

  47.  		}
    48. 

  48.  
    49. 

  49. -	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
    50. 

  50. -		RSA_blinding_on(rsa,ctx);
    51. 

  51. +	BLINDING_HELPER(rsa, ctx, goto err;);
    52. 

  52. +
    53. 

  53.  	if (rsa->flags & RSA_FLAG_BLINDING)
    54. 

  54.  		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
    55. 

  55.  
    56. 

  56. Index: crypto/rsa/rsa_lib.c
    57. 

  57. ===================================================================
    58. 

  58. RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
    59. 

  59. retrieving revision 1.30.2.2
    60. 

  60. diff -u -r1.30.2.2 rsa_lib.c
    61. 

  61. --- crypto/rsa/rsa_lib.c	30 Jan 2003 17:37:46 -0000	1.30.2.2
    62. 

  62. +++ crypto/rsa/rsa_lib.c	16 Mar 2003 10:34:13 -0000
    63. 

  63. @@ -72,7 +72,13 @@
    64. 

  64.  
    65. 

  65.  RSA *RSA_new(void)
    66. 

  66.  	{
    67. 

  67. -	return(RSA_new_method(NULL));
    68. 

  68. +	RSA *r=RSA_new_method(NULL);
    69. 

  69. +
    70. 

  70. +#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
    71. 

  71. +	r->flags|=RSA_FLAG_BLINDING;
    72. 

  72. +#endif
    73. 

  73. +
    74. 

  74. +	return r;
    75. 

  75.  	}
    76. 

  76.  
    77. 

  77.  void RSA_set_default_method(const RSA_METHOD *meth)
    78. 

  78. Index: ssl/s3_srvr.c
    79. 

  79. ============================================================================
    80. 

  80. $ cvs diff -u -r1.104 -r1.105 s3_srvr.c
    81. 

  81. --- ssl/s3_srvr.c	28 Feb 2003 15:37:10 -0000	1.104
    82. 

  82. +++ ssl/s3_srvr.c	19 Mar 2003 19:19:53 -0000	1.105
    83. 

  83. @@ -1684,7 +1684,7 @@
    84. 

  84.  		if (i != SSL_MAX_MASTER_KEY_LENGTH)
    85. 

  85.  			{
    86. 

  86.  			al=SSL_AD_DECODE_ERROR;
    87. 

  87. -			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
    88. 

  88. +			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
    89. 

  89.  			}
    90. 

  90.  
    91. 

  91.  		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
    92. 

  92. @@ -1700,30 +1700,29 @@
    93. 

  93.  				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
    94. 

  94.  				{
    95. 

  95.  				al=SSL_AD_DECODE_ERROR;
    96. 

  96. -				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
    97. 

  97. -				goto f_err;
    98. 

  98. +				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
    99. 

  99. +
    100. 

  100. +				/* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
    101. 

  101. +				 * (http://eprint.iacr.org/2003/052/) exploits the version
    102. 

  102. +				 * number check as a "bad version oracle" -- an alert would
    103. 

  103. +				 * reveal that the plaintext corresponding to some ciphertext
    104. 

  104. +				 * made up by the adversary is properly formatted except
    105. 

  105. +				 * that the version number is wrong.  To avoid such attacks,
    106. 

  106. +				 * we should treat this just like any other decryption error. */
    107. 

  107. +				p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20";
    108. 

  108.  				}
    109. 

  109.  			}
    110. 

  110.  
    111. 

  111.  		if (al != -1)
    112. 

  112.  			{
    113. 

  113. -#if 0
    114. 

  114. -			goto f_err;
    115. 

  115. -#else
    116. 

  116.  			/* Some decryption failure -- use random value instead as countermeasure
    117. 

  117.  			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
    118. 

  118. -			 * (see RFC 2246, section 7.4.7.1).
    119. 

  119. -			 * But note that due to length and protocol version checking, the
    120. 

  120. -			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
    121. 

  121. -			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
    122. 

  122. -			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
    123. 

  123. -			 */
    124. 

  124. +			 * (see RFC 2246, section 7.4.7.1). */
    125. 

  125.  			ERR_clear_error();
    126. 

  126.  			i = SSL_MAX_MASTER_KEY_LENGTH;
    127. 

  127.  			p[0] = s->client_version >> 8;
    128. 

  128.  			p[1] = s->client_version & 0xff;
    129. 

  129.  			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
    130. 

  130. -#endif
    131. 

  131.  			}
    132. 

  132.  	
    133. 

  133.  		s->session->master_key_length=
    134. 

  134.