UPDATE: security/polarssl: 1.3.6 -> 1.3.7

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: security/polarssl: 1.3.6 -> 1.3.7

Joachim Schipper-2
PolarSSL has been updated, bringing some additional functionality.

This release rolls in our patches, using arc4random_buf() #ifdef
__OpenBSD__. I have removed our patches, and I have not added patches
for the two test programs that started using rand() (let me know if that
would be appreciated; this is about benchmark and ssl_test.)

The PolarSSL maintainers believe that they have fixed the problem that
we saw on sparc64, and would especially appreciate a re-test there.
(Florian?)

As always, thanks for taking a look!

                Joachim

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/polarssl/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- Makefile 18 Apr 2014 20:51:48 -0000 1.2
+++ Makefile 3 May 2014 10:06:53 -0000
@@ -4,11 +4,10 @@ BROKEN-sparc64= problems with mpi_mul_hl
 
 COMMENT= SSL library with an intuitive API and readable source code
 
-DISTNAME= polarssl-1.3.6
-REVISION= 0
+DISTNAME= polarssl-1.3.7
 EXTRACT_SUFX= -gpl.tgz
 
-SHARED_LIBS += polarssl                  0.0 # 1.3
+SHARED_LIBS += polarssl                  0.1 # 1.3
 
 CATEGORIES= security
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/polarssl/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ distinfo 3 May 2014 10:06:53 -0000
@@ -1,2 +1,2 @@
-SHA256 (polarssl-1.3.6-gpl.tgz) = uXllwaBS30EgHTXgH5HErAvyjkQ6Vt30Yb5jsgyFrgk=
-SIZE (polarssl-1.3.6-gpl.tgz) = 1596728
+SHA256 (polarssl-1.3.7-gpl.tgz) = a+7wKBFgvwf+/v1rQS3Rzkw5Jhz1MAg1rvRCJT8EAOU=
+SIZE (polarssl-1.3.7-gpl.tgz) = 1610166
Index: patches/patch-library_rsa_c
===================================================================
RCS file: patches/patch-library_rsa_c
diff -N patches/patch-library_rsa_c
--- patches/patch-library_rsa_c 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,22 +0,0 @@
-$OpenBSD: patch-library_rsa_c,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
-
-Avoid triggering APIWARN (though using rand() for this self-test is
-actually harmless).
-
---- library/rsa.c.orig Fri Apr 18 12:01:57 2014
-+++ library/rsa.c Fri Apr 18 12:02:07 2014
-@@ -1469,13 +1469,10 @@ void rsa_free( rsa_context *ctx )
- #if defined(POLARSSL_PKCS1_V15)
- static int myrand( void *rng_state, unsigned char *output, size_t len )
- {
--    size_t i;
--
-     if( rng_state != NULL )
-         rng_state  = NULL;
-
--    for( i = 0; i < len; ++i )
--        output[i] = rand();
-+    arc4random_buf(output, len);
-
-     return( 0 );
- }
Index: patches/patch-tests_suites_helpers_function
===================================================================
RCS file: patches/patch-tests_suites_helpers_function
diff -N patches/patch-tests_suites_helpers_function
--- patches/patch-tests_suites_helpers_function 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-tests_suites_helpers_function,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
-
-Stops test_suite_pk from looping forever.
-
---- tests/suites/helpers.function.orig Fri Apr 18 11:59:32 2014
-+++ tests/suites/helpers.function Fri Apr 18 11:59:54 2014
-@@ -105,13 +105,10 @@ static void hexify(unsigned char *obuf, const unsigned
-  */
- static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
- {
--    size_t i;
--
-     if( rng_state != NULL )
-         rng_state  = NULL;
-
--    for( i = 0; i < len; ++i )
--        output[i] = rand();
-+    arc4random_buf(output, len);
-
-     return( 0 );
- }

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: security/polarssl: 1.3.6 -> 1.3.7

Joachim Schipper-2
On Sat, May 03, 2014 at 12:07:46PM +0200, Joachim Schipper wrote:
> PolarSSL has been updated, bringing some additional functionality.

> The PolarSSL maintainers believe that they have fixed the problem that
> we saw on sparc64, and would especially appreciate a re-test there.
> (Florian?)

I hear sparc64 is still broken, so let's not remove BROKEN-sparc64 just
yet... (the patch I sent earlier does not.)

                Joachim