From 37f1ff68a103eac23f73ab18819d67ea9fd589f4 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov
Options described here are client specific or has a slightly different
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/src/dtls_record.erl
---- otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl 2015-08-05 16:52:39.989500508 -0400
-+++ otp-OTP-17.4/lib/ssl/src/dtls_record.erl 2015-08-05 16:52:50.478441422 -0400
+diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
+index a7bbb6b..ae35dd7 100644
+--- a/lib/ssl/src/dtls_record.erl
++++ b/lib/ssl/src/dtls_record.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -49,7 +57,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/sr
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
-@@ -146,7 +146,7 @@
+@@ -146,7 +146,7 @@ decode_cipher_text(#ssl_tls{type = Type, version = Version,
= ConnnectionStates0) ->
CompressAlg = SecParams#security_parameters.compression_algorithm,
{PlainFragment, Mac, ReadState1} = ssl_record:decipher(dtls_v1:corresponding_tls_version(Version),
@@ -58,9 +66,51 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/dtls_record.erl otp-OTP-17.4/lib/ssl/sr
MacHash = calc_mac_hash(ReadState1, Type, Version, Epoch, Seq, PlainFragment),
case ssl_record:is_correct_mac(Mac, MacHash) of
true ->
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src/ssl_cipher.erl
---- otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl 2015-08-05 16:52:39.989500508 -0400
-+++ otp-OTP-17.4/lib/ssl/src/ssl_cipher.erl 2015-08-05 16:52:50.479441417 -0400
+diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
+index b4bea25..4b7f495 100644
+--- a/lib/ssl/src/ssl.erl
++++ b/lib/ssl/src/ssl.erl
+@@ -1,7 +1,7 @@
+ %%
+ %% %CopyrightBegin%
+ %%
+-%% Copyright Ericsson AB 1999-2014. All Rights Reserved.
++%% Copyright Ericsson AB 1999-2015. All Rights Reserved.
+ %%
+ %% The contents of this file are subject to the Erlang Public License,
+ %% Version 1.1, (the "License"); you may not use this file except in
+@@ -656,7 +656,8 @@ handle_options(Opts0) ->
+ log_alert = handle_option(log_alert, Opts, true),
+ server_name_indication = handle_option(server_name_indication, Opts, undefined),
+ honor_cipher_order = handle_option(honor_cipher_order, Opts, false),
+- protocol = proplists:get_value(protocol, Opts, tls)
++ protocol = proplists:get_value(protocol, Opts, tls),
++ padding_check = proplists:get_value(padding_check, Opts, true)
+ },
+
+ CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
+@@ -669,7 +670,7 @@ handle_options(Opts0) ->
+ cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
+ erl_dist, next_protocols_advertised,
+ client_preferred_next_protocols, log_alert,
+- server_name_indication, honor_cipher_order],
++ server_name_indication, honor_cipher_order, padding_check],
+
+ SockOpts = lists:foldl(fun(Key, PropList) ->
+ proplists:delete(Key, PropList)
+@@ -847,6 +848,8 @@ validate_option(server_name_indication, undefined) ->
+ undefined;
+ validate_option(honor_cipher_order, Value) when is_boolean(Value) ->
+ Value;
++validate_option(padding_check, Value) when is_boolean(Value) ->
++ Value;
+ validate_option(Opt, Value) ->
+ throw({error, {options, {Opt, Value}}}).
+
+diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
+index 72467ea..ff9c618 100644
+--- a/lib/ssl/src/ssl_cipher.erl
++++ b/lib/ssl/src/ssl_cipher.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -80,7 +130,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src
ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0,
openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,
hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]).
-@@ -143,17 +142,18 @@
+@@ -143,17 +142,18 @@ block_cipher(Fun, BlockSz, #cipher_state{key=Key, iv=IV} = CS0,
{T, CS0#cipher_state{iv=NextIV}}.
%%--------------------------------------------------------------------
@@ -103,7 +153,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src
S -> S
end,
try crypto:stream_decrypt(State0, Fragment) of
-@@ -171,23 +171,23 @@
+@@ -171,23 +171,23 @@ decipher(?RC4, HashSz, CipherState, Fragment, _) ->
?ALERT_REC(?FATAL, ?BAD_RECORD_MAC)
end;
@@ -134,7 +184,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src
try
Text = Fun(Key, IV, Fragment),
NextIV = next_iv(Fragment, IV),
-@@ -195,7 +195,7 @@
+@@ -195,7 +195,7 @@ block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
Content = GBC#generic_block_cipher.content,
Mac = GBC#generic_block_cipher.mac,
CipherState1 = CipherState0#cipher_state{iv=GBC#generic_block_cipher.next_iv},
@@ -143,7 +193,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src
true ->
{Content, Mac, CipherState1};
false ->
-@@ -1288,16 +1288,18 @@
+@@ -1288,16 +1288,18 @@ generic_stream_cipher_from_bin(T, HashSz) ->
#generic_stream_cipher{content=Content,
mac=Mac}.
@@ -170,49 +220,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_cipher.erl otp-OTP-17.4/lib/ssl/src
Len == byte_size(Padding) andalso
list_to_binary(lists:duplicate(Len, Len)) == Padding.
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl.erl otp-OTP-17.4/lib/ssl/src/ssl.erl
---- otp-OTP-17.4.orig/lib/ssl/src/ssl.erl 2015-08-05 16:52:39.989500508 -0400
-+++ otp-OTP-17.4/lib/ssl/src/ssl.erl 2015-08-05 16:52:50.479441417 -0400
-@@ -1,7 +1,7 @@
- %%
- %% %CopyrightBegin%
- %%
--%% Copyright Ericsson AB 1999-2014. All Rights Reserved.
-+%% Copyright Ericsson AB 1999-2015. All Rights Reserved.
- %%
- %% The contents of this file are subject to the Erlang Public License,
- %% Version 1.1, (the "License"); you may not use this file except in
-@@ -656,7 +656,8 @@
- log_alert = handle_option(log_alert, Opts, true),
- server_name_indication = handle_option(server_name_indication, Opts, undefined),
- honor_cipher_order = handle_option(honor_cipher_order, Opts, false),
-- protocol = proplists:get_value(protocol, Opts, tls)
-+ protocol = proplists:get_value(protocol, Opts, tls),
-+ padding_check = proplists:get_value(padding_check, Opts, true)
- },
-
- CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
-@@ -669,7 +670,7 @@
- cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
- erl_dist, next_protocols_advertised,
- client_preferred_next_protocols, log_alert,
-- server_name_indication, honor_cipher_order],
-+ server_name_indication, honor_cipher_order, padding_check],
-
- SockOpts = lists:foldl(fun(Key, PropList) ->
- proplists:delete(Key, PropList)
-@@ -847,6 +848,8 @@
- undefined;
- validate_option(honor_cipher_order, Value) when is_boolean(Value) ->
- Value;
-+validate_option(padding_check, Value) when is_boolean(Value) ->
-+ Value;
- validate_option(Opt, Value) ->
- throw({error, {options, {Opt, Value}}}).
-
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl otp-OTP-17.4/lib/ssl/src/ssl_internal.hrl
---- otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl 2015-08-05 16:52:39.990500503 -0400
-+++ otp-OTP-17.4/lib/ssl/src/ssl_internal.hrl 2015-08-05 16:52:50.479441417 -0400
+diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
+index 155fa81..1250b50 100644
+--- a/lib/ssl/src/ssl_internal.hrl
++++ b/lib/ssl/src/ssl_internal.hrl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -232,9 +243,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_internal.hrl otp-OTP-17.4/lib/ssl/s
}).
-record(socket_options,
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src/ssl_record.erl
---- otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl 2015-08-05 16:52:39.989500508 -0400
-+++ otp-OTP-17.4/lib/ssl/src/ssl_record.erl 2015-08-05 16:52:50.479441417 -0400
+diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
+index 7337225..025a46b 100644
+--- a/lib/ssl/src/ssl_record.erl
++++ b/lib/ssl/src/ssl_record.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -253,7 +265,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src
-export_type([ssl_version/0, ssl_atom_version/0]).
-@@ -376,8 +376,9 @@
+@@ -376,8 +376,9 @@ cipher(Version, Fragment,
{CipherFragment, CipherS1} =
ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version),
{CipherFragment, WriteState0#connection_state{cipher_state = CipherS1}}.
@@ -264,7 +276,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src
%%
%% Description: Payload decryption
%%--------------------------------------------------------------------
-@@ -387,8 +388,8 @@
+@@ -387,8 +388,8 @@ decipher(Version, CipherFragment,
BulkCipherAlgo,
hash_size = HashSz},
cipher_state = CipherS0
@@ -275,9 +287,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/ssl_record.erl otp-OTP-17.4/lib/ssl/src
{PlainFragment, Mac, CipherS1} ->
CS1 = ReadState#connection_state{cipher_state = CipherS1},
{PlainFragment, Mac, CS1};
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl/src/tls_connection.erl
---- otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl 2015-08-05 16:52:39.990500503 -0400
-+++ otp-OTP-17.4/lib/ssl/src/tls_connection.erl 2015-08-05 16:52:50.479441417 -0400
+diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
+index 7df73fb..77d3aa7 100644
+--- a/lib/ssl/src/tls_connection.erl
++++ b/lib/ssl/src/tls_connection.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -287,7 +300,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
-@@ -482,8 +482,9 @@
+@@ -482,8 +482,9 @@ next_record(#state{protocol_buffers = #protocol_buffers{tls_packets = [], tls_ci
next_record(#state{protocol_buffers =
#protocol_buffers{tls_packets = [], tls_cipher_texts = [CT | Rest]}
= Buffers,
@@ -299,9 +312,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_connection.erl otp-OTP-17.4/lib/ssl
{Plain, ConnStates} ->
{Plain, State#state{protocol_buffers =
Buffers#protocol_buffers{tls_cipher_texts = Rest},
-diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src/tls_record.erl
---- otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl 2015-08-05 16:52:39.990500503 -0400
-+++ otp-OTP-17.4/lib/ssl/src/tls_record.erl 2015-08-05 16:52:50.480441411 -0400
+diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl
+index aa4fc8d..bb7a701 100644
+--- a/lib/ssl/src/tls_record.erl
++++ b/lib/ssl/src/tls_record.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -320,7 +334,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src
%% Encoding
-export([encode_plain_text/4]).
-@@ -142,19 +142,21 @@
+@@ -142,19 +142,21 @@ encode_plain_text(Type, Version, Data,
{CipherText, ConnectionStates#connection_states{current_write = WriteState#connection_state{sequence_number = Seq +1}}}.
%%--------------------------------------------------------------------
@@ -350,9 +364,10 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/src/tls_record.erl otp-OTP-17.4/lib/ssl/src
{PlainFragment, Mac, ReadState1} ->
MacHash = calc_mac_hash(Type, Version, PlainFragment, ReadState1),
case ssl_record:is_correct_mac(Mac, MacHash) of
-diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/ssl/test/ssl_cipher_SUITE.erl
---- otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl 2015-08-05 16:52:39.990500503 -0400
-+++ otp-OTP-17.4/lib/ssl/test/ssl_cipher_SUITE.erl 2015-08-05 16:52:50.480441411 -0400
+diff --git a/lib/ssl/test/ssl_cipher_SUITE.erl b/lib/ssl/test/ssl_cipher_SUITE.erl
+index 45e9178..0e48b67 100644
+--- a/lib/ssl/test/ssl_cipher_SUITE.erl
++++ b/lib/ssl/test/ssl_cipher_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
@@ -371,7 +386,7 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/
groups() ->
[].
-@@ -73,93 +73,123 @@
+@@ -73,93 +73,123 @@ end_per_testcase(_TestCase, Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
aes_decipher_good() ->
@@ -470,15 +485,13 @@ diff -Naur otp-OTP-17.4.orig/lib/ssl/test/ssl_cipher_SUITE.erl otp-OTP-17.4/lib/
- #alert{level = ?FATAL, description = ?BAD_RECORD_MAC} =
- ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version1),
- ok.
--
--%%--------------------------------------------------------------------
+ CipherState = incorrect_cipher_state(),
+ decipher_check_fail(HashSz, CipherState, {3,0}),
+ decipher_check_fail(HashSz, CipherState, {3,1}),
+ decipher_check_fail(HashSz, CipherState, {3,2}),
+ decipher_check_fail(HashSz, CipherState, {3,3}).
-+
-+%%--------------------------------------------------------------------
+
+ %%--------------------------------------------------------------------
+padding_test(Config) when is_list(Config) ->
+ HashSz = 16,
+ CipherState = correct_cipher_state(),
diff --git a/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch b/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch
new file mode 100644
index 0000000..35d248e
--- /dev/null
+++ b/otp-0011-Quickfix-for-cmpxchg8b-inline-asm-when-pic-and-gcc-5.patch
@@ -0,0 +1,27 @@
+From: Rickard Green