static-build: fix possible div-by-zero in openssl

n_ssl3_mac(): Fix possible divide by zero. Fixed in openssl3: https://github.com/openssl/openssl/commit/624efd2ba6f1dabdcdecf17c77bd206c421efdaf Closes tarantool/security#90 NO_DOC=security NO_TEST=security NO_CHANGELOG=security (cherry picked from commit cf0d3203)

static-build: fix possible div-by-zero in openssl
b0f0df46 · Pavel Balaev · Vladimir Davydov · 2df10ef1 · b0f0df46 · b0f0df46
Commit b0f0df46 authored 2 years ago by Pavel Balaev Committed by Vladimir Davydov 2 years ago
--- a/static-build/cmake/AddDependencyProjects.cmake
+++ b/static-build/cmake/AddDependencyProjects.cmake
@@ -77,6 +77,7 @@ ExternalProject_Add(openssl
    PATCH_COMMAND patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/openssl-111q-gh-18720.patch"
    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/openssl-tarantool-security-27.patch"
    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/openssl-tarantool-security-54.patch"
+    COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/openssl-tarantool-security-90.patch"
 )
 set(TARANTOOL_DEPENDS openssl ${TARANTOOL_DEPENDS})


--- a/static-build/patches/openssl-tarantool-security-90.patch
+++ b/static-build/patches/openssl-tarantool-security-90.patch
+--- openssl.old/ssl/record/ssl3_record.c	2023-02-17 11:10:19.399907899 +0300
+++ openssl/ssl/record/ssl3_record.c	2023-02-17 11:12:52.921915746 +0300
+@@ -1201,7 +1201,7 @@
+     }
+ 
+     t = EVP_MD_CTX_size(hash);
+-    if (t < 0)
+    if (t <= 0)
+         return 0;
+     md_size = t;
+     npad = (48 / md_size) * md_size;