~ubuntu-branches/ubuntu/vivid/openssl/vivid-updates

Viewing changes to .pc/CVE-2013-0169.patch/test/testssl

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2013-03-19 14:33:14 UTC
Revision ID: package-import@ubuntu.com-20130319143314-b3hsxjjcin3ebyy0

Tags: 1.0.1c-4ubuntu8

* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
  - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
    commit from upstream to fix regression.
  - CVE-2013-0169

files added:
.pc/CVE-2013-0169.patch

.pc/CVE-2013-0169.patch/crypto

.pc/CVE-2013-0169.patch/crypto/bn

.pc/CVE-2013-0169.patch/crypto/bn/bn_word.c

.pc/CVE-2013-0169.patch/crypto/cryptlib.c

.pc/CVE-2013-0169.patch/crypto/crypto.h

.pc/CVE-2013-0169.patch/crypto/evp

.pc/CVE-2013-0169.patch/crypto/evp/e_aes_cbc_hmac_sha1.c

.pc/CVE-2013-0169.patch/crypto/rsa

.pc/CVE-2013-0169.patch/crypto/rsa/rsa_oaep.c

.pc/CVE-2013-0169.patch/openssl.ld

.pc/CVE-2013-0169.patch/ssl

.pc/CVE-2013-0169.patch/ssl/Makefile

.pc/CVE-2013-0169.patch/ssl/d1_enc.c

.pc/CVE-2013-0169.patch/ssl/d1_pkt.c

.pc/CVE-2013-0169.patch/ssl/s2_clnt.c

.pc/CVE-2013-0169.patch/ssl/s2_pkt.c

.pc/CVE-2013-0169.patch/ssl/s3_both.c

.pc/CVE-2013-0169.patch/ssl/s3_cbc.c

.pc/CVE-2013-0169.patch/ssl/s3_enc.c

.pc/CVE-2013-0169.patch/ssl/s3_pkt.c

.pc/CVE-2013-0169.patch/ssl/ssl.h

.pc/CVE-2013-0169.patch/ssl/ssl_algs.c

.pc/CVE-2013-0169.patch/ssl/ssl_err.c

.pc/CVE-2013-0169.patch/ssl/ssl_lib.c

.pc/CVE-2013-0169.patch/ssl/ssl_locl.h

.pc/CVE-2013-0169.patch/ssl/ssltest.c

.pc/CVE-2013-0169.patch/ssl/t1_enc.c

.pc/CVE-2013-0169.patch/ssl/t1_lib.c

.pc/CVE-2013-0169.patch/test

.pc/CVE-2013-0169.patch/test/testssl

.pc/CVE-2013-0169.patch/util

.pc/CVE-2013-0169.patch/util/libeay.num

ssl/s3_cbc.c

files modified:
.pc/applied-patches

crypto/bn/bn_word.c

crypto/cryptlib.c

crypto/crypto.h

crypto/evp/e_aes_cbc_hmac_sha1.c

crypto/rsa/rsa_oaep.c

debian/changelog

debian/patches/CVE-2013-0169.patch

debian/patches/series

openssl.ld

ssl/Makefile

ssl/d1_enc.c

ssl/d1_pkt.c

ssl/s2_clnt.c

ssl/s2_pkt.c

ssl/s3_both.c

ssl/s3_enc.c

ssl/s3_pkt.c

ssl/ssl.h

ssl/ssl_algs.c

ssl/ssl_err.c

ssl/ssl_lib.c

ssl/ssl_locl.h

ssl/ssltest.c

ssl/t1_enc.c

ssl/t1_lib.c

test/testssl

util/libeay.num

Show diffs side-by-side

added added

removed removed

.pc/CVE-2013-0169.patch/test/testssl

#!/bin/sh

if [ "$1" = "" ]; then

key=../apps/server.pem

else

key="$1"

if [ "$2" = "" ]; then

cert=../apps/server.pem

else

cert="$2"

ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"

if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then

dsa_cert=YES

else

dsa_cert=NO

if [ "$3" = "" ]; then

CA="-CApath ../certs"

else

CA="-CAfile $3"

if [ "$4" = "" ]; then

extra=""

else

extra="$4"

#############################################################################

echo test sslv2

$ssltest -ssl2 $extra || exit 1

echo test sslv2 with server authentication

$ssltest -ssl2 -server_auth $CA $extra || exit 1

if [ $dsa_cert = NO ]; then

echo test sslv2 with client authentication

$ssltest -ssl2 -client_auth $CA $extra || exit 1

echo test sslv2 with both client and server authentication

$ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1

echo test sslv3

$ssltest -ssl3 $extra || exit 1

echo test sslv3 with server authentication

$ssltest -ssl3 -server_auth $CA $extra || exit 1

echo test sslv3 with client authentication

$ssltest -ssl3 -client_auth $CA $extra || exit 1

echo test sslv3 with both client and server authentication

$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3

$ssltest $extra || exit 1

echo test sslv2/sslv3 with server authentication

$ssltest -server_auth $CA $extra || exit 1

echo test sslv2/sslv3 with client authentication

$ssltest -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 with both client and server authentication

$ssltest -server_auth -client_auth $CA $extra || exit 1

echo test sslv2 via BIO pair

$ssltest -bio_pair -ssl2 $extra || exit 1

echo test sslv2 with server authentication via BIO pair

$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1

if [ $dsa_cert = NO ]; then

echo test sslv2 with client authentication via BIO pair

$ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1

echo test sslv2 with both client and server authentication via BIO pair

$ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1

echo test sslv3 via BIO pair

$ssltest -bio_pair -ssl3 $extra || exit 1

echo test sslv3 with server authentication via BIO pair

$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1

echo test sslv3 with client authentication via BIO pair

$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1

echo test sslv3 with both client and server authentication via BIO pair

$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1

echo test sslv2/sslv3 via BIO pair

100

$ssltest $extra || exit 1

101

102

if [ $dsa_cert = NO ]; then

103

echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'

104

$ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1

105

106

107

echo test sslv2/sslv3 with 1024bit DHE via BIO pair

108

$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1

109

110

echo test sslv2/sslv3 with server authentication

111

$ssltest -bio_pair -server_auth $CA $extra || exit 1

112

113

echo test sslv2/sslv3 with client authentication via BIO pair

114

$ssltest -bio_pair -client_auth $CA $extra || exit 1

115

116

echo test sslv2/sslv3 with both client and server authentication via BIO pair

117

$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1

118

119

echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify

120

$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1

121

122

#############################################################################

123

124

if ../util/shlib_wrap.sh ../apps/openssl no-dh; then

125

echo skipping anonymous DH tests

126

else

127

echo test tls1 with 1024bit anonymous DH, multiple handshakes

128

$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1

129

130

131

if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then

132

echo skipping RSA tests

133

else

134

echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'

135

../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1

136

137

if ../util/shlib_wrap.sh ../apps/openssl no-dh; then

138

echo skipping RSA+DHE tests

139

else

140

echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes

141

../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1

142

143

144

145

echo test tls1 with PSK

146

$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1

147

148

echo test tls1 with PSK via BIO pair

149

$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1

150

151

if ../util/shlib_wrap.sh ../apps/openssl no-srp; then

152

echo skipping SRP tests

153

else

154

echo test tls1 with SRP

155

$ssltest -tls1 -cipher SRP -srpuser test -srppass abc123

156

157

echo test tls1 with SRP via BIO pair

158

$ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123

159

160

161

exit 0

Older »