Backup_Repos/pentoo-overlay
1
0
Fork 0
mirror of https://github.com/pentoo/pentoo-overlay synced 2026-05-08 12:30:44 +02:00
Code Issues Projects Releases Wiki Activity

openssl-bad: fix https://github.com/testssl/openssl-1.0.2.bad/issues/3

Browse source
This commit is contained in:
Anton Bolshakov 2025-01-19 11:54:31 +08:00
parent eb17c17501
commit 98d795423c
No known key found for this signature in database
GPG key ID: 32BDCED870788F04
2 changed files with 162 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
dev-libs/openssl-bad/files/4.patch Normal file
View file

@ -0,0 +1,149 @@
From 152026f7b1f3221e73de2a9dc21c002d1565dd8e Mon Sep 17 00:00:00 2001
From: Anton Bolshakov <blshkv@users.noreply.github.com>
Date: Sun, 19 Jan 2025 11:37:52 +0800
Subject: [PATCH] Update e_aes.c
replace that file with 1.0.2r version
---
crypto/evp/e_aes.c | 84 ++++++++++++++++++++++++++--------------------
1 file changed, 47 insertions(+), 37 deletions(-)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 3574b17f0c8d3..ccc626f1d81c2 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &ctx->num, ctx->encrypt, dat->block);
len -= MAXBITCHUNK;
+ out += MAXBITCHUNK;
+ in += MAXBITCHUNK;
}
if (len)
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
@@ -1120,6 +1122,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
EVP_AES_GCM_CTX *gctx = c->cipher_data;
+ if (gctx == NULL)
+ return 0;
OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv);
@@ -1235,10 +1239,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
/* Correct length for explicit IV */
+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+ return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */
- if (!c->encrypt)
+ if (!c->encrypt) {
+ if (len < EVP_GCM_TLS_TAG_LEN)
+ return 0;
len -= EVP_GCM_TLS_TAG_LEN;
+ }
c->buf[arg - 2] = len >> 8;
c->buf[arg - 1] = len & 0xff;
}
@@ -1271,56 +1280,57 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
}
}
-static ctr128_f aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
- const unsigned char *key, size_t key_len)
+static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
+ EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+ if (!iv && !key)
+ return 1;
+ if (key) {
+ do {
# ifdef HWAES_CAPABLE
- if (HWAES_CAPABLE) {
- HWAES_set_encrypt_key(key, key_len * 8, aes_key);
- CRYPTO_gcm128_init(gcm_ctx, aes_key,
- (block128_f) HWAES_encrypt);
+ if (HWAES_CAPABLE) {
+ HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) HWAES_encrypt);
# ifdef HWAES_ctr32_encrypt_blocks
- return (ctr128_f) HWAES_ctr32_encrypt_blocks;
+ gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
# else
- return NULL;
+ gctx->ctr = NULL;
# endif
- } else
+ break;
+ } else
# endif
# ifdef BSAES_CAPABLE
- if (BSAES_CAPABLE) {
- AES_set_encrypt_key(key, key_len * 8, aes_key);
- CRYPTO_gcm128_init(gcm_ctx, aes_key,
- (block128_f) AES_encrypt);
- return (ctr128_f) bsaes_ctr32_encrypt_blocks;
- }
+ if (BSAES_CAPABLE) {
+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) AES_encrypt);
+ gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+ break;
+ } else
# endif
# ifdef VPAES_CAPABLE
- if (VPAES_CAPABLE) {
- vpaes_set_encrypt_key(key, key_len * 8, aes_key);
- CRYPTO_gcm128_init(gcm_ctx, aes_key,
- (block128_f)vpaes_encrypt);
- return NULL;
- } else
+ if (VPAES_CAPABLE) {
+ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) vpaes_encrypt);
+ gctx->ctr = NULL;
+ break;
+ } else
# endif
- (void)0; /* terminate potentially open 'else' */
+ (void)0; /* terminate potentially open 'else' */
- AES_set_encrypt_key(key, key_len * 8, aes_key);
- CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f) AES_encrypt);
+ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+ (block128_f) AES_encrypt);
# ifdef AES_CTR_ASM
- return (ctr128_f) AES_ctr32_encrypt;
+ gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
# else
- return NULL;
+ gctx->ctr = NULL;
# endif
-}
+ } while (0);
-static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
- if (!iv && !key)
- return 1;
- if (key) {
- gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm, key, ctx->key_len);
/*
* If we have an iv can set it directly, otherwise use saved IV.
*/

31
dev-libs/openssl-bad/openssl-bad-1.0.2_p20250104.ebuild
View file

@ -91,6 +91,8 @@ src_prepare() {
if ! use vanilla ; then
eapply "${FILESDIR}"/patch/*.patch
fi
# Fix https://github.com/testssl/openssl-1.0.2.bad/issues/3
eapply "${FILESDIR}"/4.patch
eapply_user
@ -112,8 +114,7 @@ src_prepare() {
# since we're forcing $(CC) as makedep anyway, just fix
# the conditional as always-on
# helps clang (#417795), and versioned gcc (#499818)
# this breaks build with 1.0.2p, not sure if it is needed anymore
#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
# quiet out unknown driver argument warnings since openssl
# doesn't have well-split CFLAGS and we're making it even worse
@ -128,7 +129,7 @@ src_prepare() {
append-flags $(test-flags-CC -Wa,--noexecstack)
append-cppflags -DOPENSSL_NO_BUF_FREELISTS
sed -i '1s,^:$,#!'"${EPREFIX}"'/usr/bin/perl,' Configure #141906
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
@ -179,9 +180,7 @@ multilib_src_configure() {
${sslout} \
$(use cpu_flags_x86_sse2 || echo "no-sse2") \
enable-camellia \
enable-ec \
$(use_ssl !bindist ec2m) \
$(use_ssl !bindist srp) \
$(use_ssl !bindist ec) \
${ec_nistp_64_gcc_128} \
enable-idea \
enable-mdc2 \
@ -203,23 +202,19 @@ multilib_src_configure() {
|| die
# Clean out hardcoded flags that openssl uses
local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
-e 's:\(^\| \)-fomit-frame-pointer::g' \
-e 's:\(^\| \)-O[^ ]*::g' \
-e 's:\(^\| \)-march=[^ ]*::g' \
-e 's:\(^\| \)-mcpu=[^ ]*::g' \
-e 's:\(^\| \)-m[^ ]*::g' \
-e 's:^ *::' \
-e 's: *$::' \
-e 's: \+: :g' \
-e 's:\\:\\\\:g'
-e 's:-fomit-frame-pointer ::g' \
-e 's:-O[0-9] ::g' \
-e 's:-march=[-a-z0-9]* ::g' \
-e 's:-mcpu=[-a-z0-9]* ::g' \
-e 's:-m[a-z0-9]* ::g' \
)
# Now insert clean default flags with user flags
sed -i \
-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
Makefile || die
}