[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web          Date:   17-Mar-2003 15:30:22
  Branch: HEAD                             Handle: 2003031714302001

  Added files:
    openpkg-src/openssl     openssl.patch
  Modified files:
    openpkg-src/openssl     openssl.spec
    openpkg-web             news.txt

  Log:
    apply official OpenSSL RSA blinding security patch

  Summary:
    Revision    Changes     Path
    1.8         +77 -0      openpkg-src/openssl/openssl.patch
    1.39        +3  -1      openpkg-src/openssl/openssl.spec
    1.3708      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.8 openssl.patch
  --- /dev/null 2003-03-17 15:30:22.000000000 +0100
  +++ openssl.patch     2003-03-17 15:30:22.000000000 +0100
  @@ -0,0 +1,77 @@
  +Index: crypto/rsa/rsa_eay.c
  +===================================================================
  +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
  +retrieving revision 1.28.2.3
  +diff -u -r1.28.2.3 rsa_eay.c
  +--- crypto/rsa/rsa_eay.c     30 Jan 2003 17:37:46 -0000      1.28.2.3
  ++++ crypto/rsa/rsa_eay.c     16 Mar 2003 10:34:13 -0000
  +@@ -195,6 +195,25 @@
  +     return(r);
  +     }
  + 
  ++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
  ++    {
  ++    int ret = 1;
  ++    CRYPTO_w_lock(CRYPTO_LOCK_RSA);
  ++    /* Check again inside the lock - the macro's check is racey */
  ++    if(rsa->blinding == NULL)
  ++            ret = RSA_blinding_on(rsa, ctx);
  ++    CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
  ++    return ret;
  ++    }
  ++
  ++#define BLINDING_HELPER(rsa, ctx, err_instr) \
  ++    do { \
  ++            if(((rsa)->flags & RSA_FLAG_BLINDING) && \
  ++                            ((rsa)->blinding == NULL) && \
  ++                            !rsa_eay_blinding(rsa, ctx)) \
  ++                    err_instr \
  ++    } while(0)
  ++
  + /* signing */
  + static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
  +          unsigned char *to, RSA *rsa, int padding)
  +@@ -239,8 +258,8 @@
  +             goto err;
  +             }
  + 
  +-    if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
  +-            RSA_blinding_on(rsa,ctx);
  ++    BLINDING_HELPER(rsa, ctx, goto err;);
  ++
  +     if (rsa->flags & RSA_FLAG_BLINDING)
  +             if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
  + 
  +@@ -318,8 +337,8 @@
  +             goto err;
  +             }
  + 
  +-    if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
  +-            RSA_blinding_on(rsa,ctx);
  ++    BLINDING_HELPER(rsa, ctx, goto err;);
  ++
  +     if (rsa->flags & RSA_FLAG_BLINDING)
  +             if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
  + 
  +Index: crypto/rsa/rsa_lib.c
  +===================================================================
  +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
  +retrieving revision 1.30.2.2
  +diff -u -r1.30.2.2 rsa_lib.c
  +--- crypto/rsa/rsa_lib.c     30 Jan 2003 17:37:46 -0000      1.30.2.2
  ++++ crypto/rsa/rsa_lib.c     16 Mar 2003 10:34:13 -0000
  +@@ -72,7 +72,13 @@
  + 
  + RSA *RSA_new(void)
  +     {
  +-    return(RSA_new_method(NULL));
  ++    RSA *r=RSA_new_method(NULL);
  ++
  ++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
  ++    r->flags|=RSA_FLAG_BLINDING;
  ++#endif
  ++
  ++    return r;
  +     }
  + 
  + void RSA_set_default_method(const RSA_METHOD *meth)
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.38 -r1.39 openssl.spec
  --- openpkg-src/openssl/openssl.spec  19 Feb 2003 14:03:47 -0000      1.38
  +++ openpkg-src/openssl/openssl.spec  17 Mar 2003 14:30:21 -0000      1.39
  @@ -33,10 +33,11 @@
   Group:        Cryptography
   License:      BSD-style
   Version:      0.9.7a
  -Release:      20030219
  +Release:      20030317
   
   #   list of sources
   Source0:      ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
  +Patch0:       openssl.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -57,6 +58,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
       %{l_shtool} subst -e 's;-m486;-march=i486;g' Configure
       %{l_shtool} subst -e 's;test "$OSTYPE" = msdosdjgpp;true;' util/point.sh
   
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.3707 -r1.3708 news.txt
  --- openpkg-web/news.txt      17 Mar 2003 12:46:33 -0000      1.3707
  +++ openpkg-web/news.txt      17 Mar 2003 14:30:20 -0000      1.3708
  @@ -1,3 +1,4 @@
  +17-Mar-2003: Upgraded package: P<openssl-0.9.7a-20030317>
   17-Mar-2003: Upgraded package: P<binutils-2.13.2.1-20030317>
   17-Mar-2003: Upgraded package: P<awk-20030314-20030317>
   16-Mar-2003: Upgraded package: P<iozone-3.164-20030316>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]