~ubuntu-branches/ubuntu/hardy/openssl/hardy-security

Viewing changes to ssl/d1_enc.c

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2013-02-18 15:49:05 UTC
Revision ID: package-import@ubuntu.com-20130218154905-wk025r1lxtt4g4ug

Tags: 0.9.8g-4ubuntu3.20

* SECURITY UPDATE: denial of service via invalid OCSP key
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
  - CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43
  - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c
  - CVE-2013-0169

Show diffs side-by-side

added added

removed removed

ssl/d1_enc.c

122

#include <openssl/rand.h>

123

124

125

/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.

126

127

* Returns:

128

* 0: (in non-constant time) if the record is publically invalid (i.e. too

129

* short etc).

130

* 1: if the record's padding is valid / the encryption was successful.

131

* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,

132

* an internal error occured. */

125

133

int dtls1_enc(SSL *s, int send)

126

134

{

127

135

SSL3_RECORD *rec;

128

136

EVP_CIPHER_CTX *ds;

129

137

unsigned long l;

130

int bs,i,ii,j,k,n=0;

138

int bs,i,j,k,n=0;

131

139

const EVP_CIPHER *enc;

132

140

133

141

if (send)

134

142

{

135

143

if (s->write_hash != NULL)

144

{

136

145

n=EVP_MD_size(s->write_hash);

146

if (n < 0)

147

return -1;

148

}

137

149

ds=s->enc_write_ctx;

138

150

rec= &(s->s3->wrec);

139

151

if (s->enc_write_ctx == NULL)

155

167

else

156

168

{

157

169

if (s->read_hash != NULL)

170

{

158

171

n=EVP_MD_size(s->read_hash);

172

OPENSSL_assert(n >= 0);

173

}

159

174

ds=s->enc_read_ctx;

160

175

rec= &(s->s3->rrec);

161

176

if (s->enc_read_ctx == NULL)

238

253

#endif /* KSSL_DEBUG */

239

254

240

255

if ((bs != 1) && !send)

241

{

242

ii=i=rec->data[l-1]; /* padding_length */

243

i++;

244

if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)

245

{

246

/* First packet is even in size, so check */

247

if ((memcmp(s->s3->read_sequence,

248

"\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))

249

s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;

250

if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)

251

i--;

252

}

253

/* TLS 1.0 does not bound the number of padding bytes by the block size.

254

* All of them must have value 'padding_length'. */

255

if (i + bs > (int)rec->length)

256

{

257

/* Incorrect padding. SSLerr() and ssl3_alert are done

258

* by caller: we don't want to reveal whether this is

259

* a decryption error or a MAC verification failure

260

* (see http://www.openssl.org/~bodo/tls-cbc.txt)

261

262

return -1;

263

}

264

for (j=(int)(l-i); j<(int)l; j++)

265

{

266

if (rec->data[j] != ii)

267

{

268

/* Incorrect padding */

269

return -1;

270

}

271

}

272

rec->length-=i;

273

274

rec->data += bs; /* skip the implicit IV */

275

rec->input += bs;

276

rec->length -= bs;

277

}

256

return tls1_cbc_remove_padding(s, rec, bs, n);

278

257

}

279

258

return(1);

280

259

}

Older »