3 files changed, 12 insertions, 84 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 4a9c46c85f37..6a4c075beea6 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -3,8 +3,8 @@
 
 PORTNAME=	openssl
 PORTVERSION=	1.0.1
-DISTVERSIONSUFFIX=	d
-PORTREVISION=	7
+DISTVERSIONSUFFIX=	e
+PORTREVISION=	8
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index c1323956d3bf..c24a4c54a6ad 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,10 +1,10 @@
-SHA256 (openssl-1.0.1d/openssl-1.0.1d.tar.gz) = 88a423f9b08a994054583691b968815875580e12df754e881d7cfe9f1bd1f49d
-SIZE (openssl-1.0.1d/openssl-1.0.1d.tar.gz) = 4459791
-SHA256 (openssl-1.0.1d/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae
-SIZE (openssl-1.0.1d/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3512
-SHA256 (openssl-1.0.1d/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 39c31c2e33cded09543a2d1fd2e3238e9d11c672ba71a14d13095baad3ec9696
-SIZE (openssl-1.0.1d/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 5867
-SHA256 (openssl-1.0.1d/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = e59f86fb779d327479fa97506c6d0d2df44b97f8182b45ca2eefebe9bef44b8d
-SIZE (openssl-1.0.1d/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20593
-SHA256 (openssl-1.0.1d/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f
-SIZE (openssl-1.0.1d/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 777
+SHA256 (openssl-1.0.1e/openssl-1.0.1e.tar.gz) = f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+SIZE (openssl-1.0.1e/openssl-1.0.1e.tar.gz) = 4459777
+SHA256 (openssl-1.0.1e/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae
+SIZE (openssl-1.0.1e/0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3512
+SHA256 (openssl-1.0.1e/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 39c31c2e33cded09543a2d1fd2e3238e9d11c672ba71a14d13095baad3ec9696
+SIZE (openssl-1.0.1e/0002-engines-e_padlock-backport-cvs-head-changes.patch) = 5867
+SHA256 (openssl-1.0.1e/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = e59f86fb779d327479fa97506c6d0d2df44b97f8182b45ca2eefebe9bef44b8d
+SIZE (openssl-1.0.1e/0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20593
+SHA256 (openssl-1.0.1e/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f
+SIZE (openssl-1.0.1e/0004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 777
diff --git a/security/openssl/files/patch-tls-bug b/security/openssl/files/patch-tls-bug
deleted file mode 100644
index d3fb14357b65..000000000000
--- a/security/openssl/files/patch-tls-bug
+++ /dev/null
@@ -1,72 +0,0 @@
-From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Thu, 7 Feb 2013 21:06:37 +0000
-Subject: [PATCH] Fix IV check and padding removal.
-
-Fix the calculation that checks there is enough room in a record
-after removing padding and optional explicit IV. (by Steve)
-
-For AEAD remove the correct number of padding bytes (by Andy)
----
- ssl/s3_cbc.c |   33 ++++++++++++---------------------
- 1 file changed, 12 insertions(+), 21 deletions(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index ce77acd..0f60507 100644
---- a/ssl/s3_cbc.c
-+++ ssl/s3_cbc.c
-@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s,
- 			    unsigned mac_size)
- 	{
- 	unsigned padding_length, good, to_check, i;
--	const char has_explicit_iv =
--		s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION;
--	const unsigned overhead = 1 /* padding length byte */ +
--				  mac_size +
--				  (has_explicit_iv ? block_size : 0);
--
--	/* These lengths are all public so we can test them in non-constant
--	 * time. */
--	if (overhead > rec->length)
--		return 0;
--
--	/* We can always safely skip the explicit IV. We check at the beginning
--	 * of this function that the record has at least enough space for the
--	 * IV, MAC and padding length byte. (These can be checked in
--	 * non-constant time because it's all public information.) So, if the
--	 * padding was invalid, then we didn't change |rec->length| and this is
--	 * safe. If the padding was valid then we know that we have at least
--	 * overhead+padding_length bytes of space and so this is still safe
--	 * because overhead accounts for the explicit IV. */
--	if (has_explicit_iv)
-+	const unsigned overhead = 1 /* padding length byte */ + mac_size;
-+	/* Check if version requires explicit IV */
-+	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
- 		{
-+		/* These lengths are all public so we can test them in
-+		 * non-constant time.
-+		 */
-+		if (overhead + block_size > rec->length)
-+			return 0;
-+		/* We can now safely skip explicit IV */
- 		rec->data += block_size;
- 		rec->input += block_size;
- 		rec->length -= block_size;
- 		}
-+	else if (overhead > rec->length)
-+		return 0;
- 
- 	padding_length = rec->data[rec->length-1];
- 
-@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- 	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
- 		{
- 		/* padding is already verified */
--		rec->length -= padding_length;
-+		rec->length -= padding_length + 1;
- 		return 1;
- 		}
- 
--- 
-1.7.9.5
-