forked from rpms/openssl
- update to latest upstream release, SONAME bumped to 7
This commit is contained in:
parent
96585a061a
commit
3849a1678a
@ -1 +1 @@
|
||||
openssl-0.9.8b-usa.tar.bz2
|
||||
openssl-0.9.8g-usa.tar.bz2
|
||||
|
@ -1,69 +0,0 @@
|
||||
*) In the SSL/TLS server implementation, be strict about session ID
|
||||
context matching (which matters if an application uses a single
|
||||
external cache for different purposes). Previously,
|
||||
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
|
||||
set. This did ensure strict client verification, but meant that,
|
||||
with applications using a single external cache for quite
|
||||
different requirements, clients could circumvent ciphersuite
|
||||
restrictions for a given session ID context by starting a session
|
||||
in a different context.
|
||||
diff -up openssl-0.9.7a/ssl/ssl_sess.c.strict-matching openssl-0.9.7a/ssl/ssl_sess.c
|
||||
--- openssl-0.9.7a/ssl/ssl_sess.c.strict-matching 2002-11-28 09:09:03.000000000 +0100
|
||||
+++ openssl-0.9.7a/ssl/ssl_sess.c 2007-08-02 16:17:29.000000000 +0200
|
||||
@@ -322,33 +322,35 @@ int ssl_get_prev_session(SSL *s, unsigne
|
||||
|
||||
/* Now ret is non-NULL, and we own one of its reference counts. */
|
||||
|
||||
- if((s->verify_mode&SSL_VERIFY_PEER)
|
||||
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
|
||||
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
|
||||
- {
|
||||
+ if (ret->sid_ctx_length != s->sid_ctx_length
|
||||
+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
|
||||
+ {
|
||||
/* We've found the session named by the client, but we don't
|
||||
* want to use it in this context. */
|
||||
-
|
||||
- if (s->sid_ctx_length == 0)
|
||||
- {
|
||||
- /* application should have used SSL[_CTX]_set_session_id_context
|
||||
- * -- we could tolerate this and just pretend we never heard
|
||||
- * of this session, but then applications could effectively
|
||||
- * disable the session cache by accident without anyone noticing */
|
||||
|
||||
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
|
||||
- fatal = 1;
|
||||
- goto err;
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
#if 0 /* The client cannot always know when a session is not appropriate,
|
||||
- * so we shouldn't generate an error message. */
|
||||
+ * so we shouldn't generate an error message. */
|
||||
|
||||
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
||||
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
||||
#endif
|
||||
- goto err; /* treat like cache miss */
|
||||
- }
|
||||
+ goto err; /* treat like cache miss */
|
||||
+ }
|
||||
+
|
||||
+ if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
|
||||
+ {
|
||||
+ /* We can't be sure if this session is being used out of
|
||||
+ * context, which is especially important for SSL_VERIFY_PEER.
|
||||
+ * The application should have used SSL[_CTX]_set_session_id_context.
|
||||
+ *
|
||||
+ * For this error case, we generate an error instead of treating
|
||||
+ * the event like a cache miss (otherwise it would be easy for
|
||||
+ * applications to effectively disable the session cache by
|
||||
+ * accident without anyone noticing).
|
||||
+ */
|
||||
+
|
||||
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
|
||||
+ fatal = 1;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
if (ret->cipher == NULL)
|
@ -1,22 +0,0 @@
|
||||
--- openssl-0.9.8b/crypto/engine/eng_all.c.padlock 2005-04-19 15:24:44.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/engine/eng_all.c 2006-06-21 19:57:29.000000000 +0200
|
||||
@@ -69,6 +69,9 @@
|
||||
ENGINE_load_openssl();
|
||||
#endif
|
||||
ENGINE_load_dynamic();
|
||||
+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
|
||||
+ ENGINE_load_padlock();
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_STATIC_ENGINE
|
||||
#ifndef OPENSSL_NO_HW
|
||||
#ifndef OPENSSL_NO_HW_4758_CCA
|
||||
@@ -95,9 +98,6 @@
|
||||
#ifndef OPENSSL_NO_HW_UBSEC
|
||||
ENGINE_load_ubsec();
|
||||
#endif
|
||||
-#ifndef OPENSSL_NO_HW_PADLOCK
|
||||
- ENGINE_load_padlock();
|
||||
-#endif
|
||||
#endif
|
||||
#if defined(__OpenBSD__) || defined(__FreeBSD__)
|
||||
ENGINE_load_cryptodev();
|
@ -1,73 +0,0 @@
|
||||
--- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll 2005-08-29 01:20:48.000000000 +0200
|
||||
+++ openssl-0.9.8a/crypto/rand/rand_unix.c 2005-11-08 01:28:35.000000000 +0100
|
||||
@@ -125,6 +125,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
+#include <sys/poll.h>
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
int RAND_poll(void)
|
||||
@@ -157,6 +158,7 @@
|
||||
struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
|
||||
int fd;
|
||||
size_t i;
|
||||
+ struct pollfd pfd;
|
||||
#endif
|
||||
#ifdef DEVRANDOM_EGD
|
||||
static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
|
||||
@@ -184,11 +186,10 @@
|
||||
#endif
|
||||
)) >= 0)
|
||||
{
|
||||
- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
|
||||
+ int t = 10; /* Spend 10ms on
|
||||
each file. */
|
||||
int r;
|
||||
size_t j;
|
||||
- fd_set fset;
|
||||
struct stat *st=&randomstats[i];
|
||||
|
||||
/* Avoid using same input... Used to be O_NOFOLLOW
|
||||
@@ -204,30 +205,25 @@
|
||||
|
||||
do
|
||||
{
|
||||
- FD_ZERO(&fset);
|
||||
- FD_SET(fd, &fset);
|
||||
- r = -1;
|
||||
-
|
||||
- if (select(fd+1,&fset,NULL,NULL,&t) < 0)
|
||||
- t.tv_usec=0;
|
||||
- else if (FD_ISSET(fd, &fset))
|
||||
+ pfd.fd = fd;
|
||||
+ pfd.events = POLLIN;
|
||||
+ pfd.revents = 0;
|
||||
+
|
||||
+ if ((r=poll(&pfd,1,t)) == 0)
|
||||
+ t = 0;
|
||||
+ else if (r > 0 && (pfd.revents & POLLIN))
|
||||
{
|
||||
r=read(fd,(unsigned char *)tmpbuf+n,
|
||||
ENTROPY_NEEDED-n);
|
||||
if (r > 0)
|
||||
n += r;
|
||||
}
|
||||
-
|
||||
- /* Some Unixen will update t, some
|
||||
- won't. For those who won't, give
|
||||
- up here, otherwise, we will do
|
||||
- this once again for the remaining
|
||||
- time. */
|
||||
- if (t.tv_usec == 10*1000)
|
||||
- t.tv_usec=0;
|
||||
+ /* we don't know how big part of the timeout elapsed
|
||||
+ wait half the original timeout next time */
|
||||
+ t >>= 1;
|
||||
}
|
||||
while ((r > 0 || (errno == EINTR || errno == EAGAIN))
|
||||
- && t.tv_usec != 0 && n < ENTROPY_NEEDED);
|
||||
+ && t != 0 && n < ENTROPY_NEEDED);
|
||||
|
||||
close(fd);
|
||||
}
|
@ -1,777 +0,0 @@
|
||||
openssl/crypto/aes/aes_core.c 1.7 -> 1.7.2.1
|
||||
|
||||
--- openssl/crypto/aes/aes_core.c 2005/01/24 14:22:05 1.7
|
||||
+++ openssl/crypto/aes/aes_core.c 2006/06/28 08:58:15 1.7.2.1
|
||||
@@ -44,22 +44,14 @@
|
||||
Te1[x] = S [x].[03, 02, 01, 01];
|
||||
Te2[x] = S [x].[01, 03, 02, 01];
|
||||
Te3[x] = S [x].[01, 01, 03, 02];
|
||||
-Te4[x] = S [x].[01, 01, 01, 01];
|
||||
|
||||
Td0[x] = Si[x].[0e, 09, 0d, 0b];
|
||||
Td1[x] = Si[x].[0b, 0e, 09, 0d];
|
||||
Td2[x] = Si[x].[0d, 0b, 0e, 09];
|
||||
Td3[x] = Si[x].[09, 0d, 0b, 0e];
|
||||
-Td4[x] = Si[x].[01, 01, 01, 01];
|
||||
+Td4[x] = Si[x].[01];
|
||||
*/
|
||||
|
||||
-#ifdef AES_ASM
|
||||
-extern const u32 AES_Te[5][256];
|
||||
-#define Te0 AES_Te[0]
|
||||
-#define Te1 AES_Te[1]
|
||||
-#define Te2 AES_Te[2]
|
||||
-#define Te3 AES_Te[3]
|
||||
-#else
|
||||
static const u32 Te0[256] = {
|
||||
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
|
||||
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
|
||||
@@ -324,81 +316,7 @@
|
||||
0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
|
||||
0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
|
||||
};
|
||||
-#endif
|
||||
-static const u32 Te4[256] = {
|
||||
- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
|
||||
- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
|
||||
- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
|
||||
- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
|
||||
- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
|
||||
- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
|
||||
- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
|
||||
- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
|
||||
- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
|
||||
- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
|
||||
- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
|
||||
- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
|
||||
- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
|
||||
- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
|
||||
- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
|
||||
- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
|
||||
- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
|
||||
- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
|
||||
- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
|
||||
- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
|
||||
- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
|
||||
- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
|
||||
- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
|
||||
- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
|
||||
- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
|
||||
- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
|
||||
- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
|
||||
- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
|
||||
- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
|
||||
- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
|
||||
- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
|
||||
- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
|
||||
- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
|
||||
- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
|
||||
- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
|
||||
- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
|
||||
- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
|
||||
- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
|
||||
- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
|
||||
- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
|
||||
- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
|
||||
- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
|
||||
- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
|
||||
- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
|
||||
- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
|
||||
- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
|
||||
- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
|
||||
- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
|
||||
- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
|
||||
- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
|
||||
- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
|
||||
- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
|
||||
- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
|
||||
- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
|
||||
- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
|
||||
- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
|
||||
- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
|
||||
- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
|
||||
- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
|
||||
- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
|
||||
- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
|
||||
- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
|
||||
- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
|
||||
- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
|
||||
-};
|
||||
|
||||
-#ifdef AES_ASM
|
||||
-extern const u32 AES_Td[5][256];
|
||||
-#define Td0 AES_Td[0]
|
||||
-#define Td1 AES_Td[1]
|
||||
-#define Td2 AES_Td[2]
|
||||
-#define Td3 AES_Td[3]
|
||||
-#else
|
||||
static const u32 Td0[256] = {
|
||||
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
|
||||
0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
|
||||
@@ -663,72 +581,39 @@
|
||||
0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
|
||||
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
|
||||
};
|
||||
-#endif
|
||||
-static const u32 Td4[256] = {
|
||||
- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
|
||||
- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
|
||||
- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
|
||||
- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
|
||||
- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
|
||||
- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
|
||||
- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
|
||||
- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
|
||||
- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
|
||||
- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
|
||||
- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
|
||||
- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
|
||||
- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
|
||||
- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
|
||||
- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
|
||||
- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
|
||||
- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
|
||||
- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
|
||||
- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
|
||||
- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
|
||||
- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
|
||||
- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
|
||||
- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
|
||||
- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
|
||||
- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
|
||||
- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
|
||||
- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
|
||||
- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
|
||||
- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
|
||||
- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
|
||||
- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
|
||||
- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
|
||||
- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
|
||||
- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
|
||||
- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
|
||||
- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
|
||||
- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
|
||||
- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
|
||||
- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
|
||||
- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
|
||||
- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
|
||||
- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
|
||||
- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
|
||||
- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
|
||||
- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
|
||||
- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
|
||||
- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
|
||||
- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
|
||||
- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
|
||||
- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
|
||||
- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
|
||||
- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
|
||||
- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
|
||||
- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
|
||||
- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
|
||||
- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
|
||||
- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
|
||||
- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
|
||||
- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
|
||||
- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
|
||||
- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
|
||||
- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
|
||||
- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
|
||||
- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
|
||||
+static const u8 Td4[256] = {
|
||||
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
|
||||
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
|
||||
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
|
||||
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
|
||||
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
|
||||
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
|
||||
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
|
||||
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
|
||||
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
|
||||
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
|
||||
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
|
||||
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
|
||||
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
|
||||
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
|
||||
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
|
||||
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
|
||||
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
|
||||
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
|
||||
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
|
||||
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
|
||||
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
|
||||
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
|
||||
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
|
||||
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
|
||||
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
|
||||
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
|
||||
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
|
||||
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
|
||||
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
|
||||
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
|
||||
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
|
||||
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
|
||||
};
|
||||
static const u32 rcon[] = {
|
||||
0x01000000, 0x02000000, 0x04000000, 0x08000000,
|
||||
@@ -768,10 +653,10 @@
|
||||
while (1) {
|
||||
temp = rk[3];
|
||||
rk[4] = rk[0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[5] = rk[1] ^ rk[4];
|
||||
rk[6] = rk[2] ^ rk[5];
|
||||
@@ -788,10 +673,10 @@
|
||||
while (1) {
|
||||
temp = rk[ 5];
|
||||
rk[ 6] = rk[ 0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 7] = rk[ 1] ^ rk[ 6];
|
||||
rk[ 8] = rk[ 2] ^ rk[ 7];
|
||||
@@ -810,10 +695,10 @@
|
||||
while (1) {
|
||||
temp = rk[ 7];
|
||||
rk[ 8] = rk[ 0] ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 9] = rk[ 1] ^ rk[ 8];
|
||||
rk[10] = rk[ 2] ^ rk[ 9];
|
||||
@@ -823,10 +708,10 @@
|
||||
}
|
||||
temp = rk[11];
|
||||
rk[12] = rk[ 4] ^
|
||||
- (Te4[(temp >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(temp ) & 0xff] & 0x000000ff);
|
||||
+ (Te2[(temp >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(temp ) & 0xff] & 0x000000ff);
|
||||
rk[13] = rk[ 5] ^ rk[12];
|
||||
rk[14] = rk[ 6] ^ rk[13];
|
||||
rk[15] = rk[ 7] ^ rk[14];
|
||||
@@ -865,25 +750,25 @@
|
||||
for (i = 1; i < (key->rounds); i++) {
|
||||
rk += 4;
|
||||
rk[0] =
|
||||
- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[0] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[0] ) & 0xff] & 0xff];
|
||||
rk[1] =
|
||||
- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[1] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[1] ) & 0xff] & 0xff];
|
||||
rk[2] =
|
||||
- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[2] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[2] ) & 0xff] & 0xff];
|
||||
rk[3] =
|
||||
- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
|
||||
- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
|
||||
- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
|
||||
- Td3[Te4[(rk[3] ) & 0xff] & 0xff];
|
||||
+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
|
||||
+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
|
||||
+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
|
||||
+ Td3[Te1[(rk[3] ) & 0xff] & 0xff];
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -1051,31 +936,31 @@
|
||||
* map cipher state to byte array block:
|
||||
*/
|
||||
s0 =
|
||||
- (Te4[(t0 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t0 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
rk[0];
|
||||
PUTU32(out , s0);
|
||||
s1 =
|
||||
- (Te4[(t1 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t1 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
rk[1];
|
||||
PUTU32(out + 4, s1);
|
||||
s2 =
|
||||
- (Te4[(t2 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t2 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
rk[2];
|
||||
PUTU32(out + 8, s2);
|
||||
s3 =
|
||||
- (Te4[(t3 >> 24) ] & 0xff000000) ^
|
||||
- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Te4[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Te2[(t3 >> 24) ] & 0xff000000) ^
|
||||
+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
rk[3];
|
||||
PUTU32(out + 12, s3);
|
||||
}
|
||||
@@ -1242,31 +1127,31 @@
|
||||
* map cipher state to byte array block:
|
||||
*/
|
||||
s0 =
|
||||
- (Td4[(t0 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t1 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t0 >> 24) ] << 24) ^
|
||||
+ (Td4[(t3 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t2 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t1 ) & 0xff]) ^
|
||||
rk[0];
|
||||
PUTU32(out , s0);
|
||||
s1 =
|
||||
- (Td4[(t1 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t2 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t1 >> 24) ] << 24) ^
|
||||
+ (Td4[(t0 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t3 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t2 ) & 0xff]) ^
|
||||
rk[1];
|
||||
PUTU32(out + 4, s1);
|
||||
s2 =
|
||||
- (Td4[(t2 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t3 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t2 >> 24) ] << 24) ^
|
||||
+ (Td4[(t1 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t0 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t3 ) & 0xff]) ^
|
||||
rk[2];
|
||||
PUTU32(out + 8, s2);
|
||||
s3 =
|
||||
- (Td4[(t3 >> 24) ] & 0xff000000) ^
|
||||
- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
|
||||
- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
|
||||
- (Td4[(t0 ) & 0xff] & 0x000000ff) ^
|
||||
+ (Td4[(t3 >> 24) ] << 24) ^
|
||||
+ (Td4[(t2 >> 16) & 0xff] << 16) ^
|
||||
+ (Td4[(t1 >> 8) & 0xff] << 8) ^
|
||||
+ (Td4[(t0 ) & 0xff]) ^
|
||||
rk[3];
|
||||
PUTU32(out + 12, s3);
|
||||
}
|
||||
openssl/crypto/aes/asm/aes-586.pl 1.11 -> 1.11.2.1
|
||||
|
||||
--- openssl/crypto/aes/asm/aes-586.pl 2005/05/09 21:48:00 1.11
|
||||
+++ openssl/crypto/aes/asm/aes-586.pl 2006/06/28 09:01:40 1.11.2.1
|
||||
@@ -6,7 +6,7 @@
|
||||
# forms are granted according to the OpenSSL license.
|
||||
# ====================================================================
|
||||
#
|
||||
-# Version 3.4.
|
||||
+# Version 3.6.
|
||||
#
|
||||
# You might fail to appreciate this module performance from the first
|
||||
# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
|
||||
@@ -66,6 +66,13 @@
|
||||
# stack. This unfortunately has rather strong impact on small block CBC
|
||||
# performance, ~2x deterioration on 16-byte block if compared to 3.3.
|
||||
#
|
||||
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
|
||||
+# key schedule and S-boxes and abstains from copying the former if
|
||||
+# there is no. This allows end-user to consciously retain small block
|
||||
+# performance by aligning key schedule in specific manner.
|
||||
+#
|
||||
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
|
||||
+#
|
||||
# Current ECB performance numbers for 128-bit key in CPU cycles per
|
||||
# processed byte [measure commonly used by AES benchmarkers] are:
|
||||
#
|
||||
@@ -505,28 +512,27 @@
|
||||
if($i==3) { &mov ($key,&DWP(12,"esp")); }
|
||||
else { &mov ($out,$s[0]); }
|
||||
&and ($out,0xFF);
|
||||
- &mov ($out,&DWP(2048,$td,$out,4));
|
||||
- &and ($out,0x000000ff);
|
||||
+ &movz ($out,&DWP(2048,$td,$out,1));
|
||||
|
||||
if ($i==3) { $tmp=$s[1]; }
|
||||
&movz ($tmp,&HB($s[1]));
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0x0000ff00);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,8);
|
||||
&xor ($out,$tmp);
|
||||
|
||||
if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
|
||||
else { mov ($tmp,$s[2]); }
|
||||
&shr ($tmp,16);
|
||||
&and ($tmp,0xFF);
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0x00ff0000);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,16);
|
||||
&xor ($out,$tmp);
|
||||
|
||||
if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
|
||||
else { &mov ($tmp,$s[3]); }
|
||||
&shr ($tmp,24);
|
||||
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
|
||||
- &and ($tmp,0xff000000);
|
||||
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
|
||||
+ &shl ($tmp,24);
|
||||
&xor ($out,$tmp);
|
||||
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
|
||||
if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
|
||||
@@ -687,70 +693,38 @@
|
||||
&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
|
||||
&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
|
||||
#Td4:
|
||||
- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
|
||||
- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
|
||||
- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
|
||||
- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
|
||||
- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
|
||||
- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
|
||||
- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
|
||||
- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
|
||||
- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
|
||||
- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
|
||||
- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
|
||||
- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
|
||||
- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
|
||||
- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
|
||||
- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
|
||||
- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
|
||||
- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
|
||||
- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
|
||||
- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
|
||||
- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
|
||||
- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
|
||||
- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
|
||||
- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
|
||||
- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
|
||||
- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
|
||||
- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
|
||||
- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
|
||||
- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
|
||||
- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
|
||||
- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
|
||||
- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
|
||||
- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
|
||||
- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
|
||||
- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
|
||||
- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
|
||||
- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
|
||||
- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
|
||||
- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
|
||||
- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
|
||||
- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
|
||||
- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
|
||||
- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
|
||||
- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
|
||||
- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
|
||||
- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
|
||||
- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
|
||||
- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
|
||||
- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
|
||||
- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
|
||||
- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
|
||||
- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
|
||||
- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
|
||||
- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
|
||||
- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
|
||||
- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
|
||||
- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
|
||||
- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
|
||||
- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
|
||||
- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
|
||||
- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
|
||||
- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
|
||||
- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
|
||||
- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
|
||||
- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
|
||||
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
|
||||
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
|
||||
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
|
||||
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
|
||||
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
|
||||
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
|
||||
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
|
||||
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
|
||||
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
|
||||
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
|
||||
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
|
||||
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
|
||||
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
|
||||
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
|
||||
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
|
||||
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
|
||||
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
|
||||
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
|
||||
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
|
||||
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
|
||||
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
|
||||
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
|
||||
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
|
||||
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
|
||||
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
|
||||
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
|
||||
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
|
||||
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
|
||||
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
|
||||
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
|
||||
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
|
||||
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
|
||||
&function_end_B("_x86_AES_decrypt");
|
||||
|
||||
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
|
||||
@@ -770,6 +744,18 @@
|
||||
&blindpop("ebp");
|
||||
&lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
|
||||
|
||||
+ # prefetch Td4
|
||||
+ &lea ("ebp",&DWP(2048+128,"ebp"));
|
||||
+ &mov ($s0,&DWP(0-128,"ebp"));
|
||||
+ &mov ($s1,&DWP(32-128,"ebp"));
|
||||
+ &mov ($s2,&DWP(64-128,"ebp"));
|
||||
+ &mov ($s3,&DWP(96-128,"ebp"));
|
||||
+ &mov ($s0,&DWP(128-128,"ebp"));
|
||||
+ &mov ($s1,&DWP(160-128,"ebp"));
|
||||
+ &mov ($s2,&DWP(192-128,"ebp"));
|
||||
+ &mov ($s3,&DWP(224-128,"ebp"));
|
||||
+ &lea ("ebp",&DWP(-2048-128,"ebp"));
|
||||
+
|
||||
&mov ($s0,&DWP(0,$acc)); # load input data
|
||||
&mov ($s1,&DWP(4,$acc));
|
||||
&mov ($s2,&DWP(8,$acc));
|
||||
@@ -805,6 +791,7 @@
|
||||
my $_tmp=&DWP(40,"esp"); #volatile variable
|
||||
my $ivec=&DWP(44,"esp"); #ivec[16]
|
||||
my $aes_key=&DWP(60,"esp"); #copy of aes_key
|
||||
+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
|
||||
|
||||
&public_label("AES_Te");
|
||||
&public_label("AES_Td");
|
||||
@@ -865,18 +852,27 @@
|
||||
&mov ($_key,$s3); # save copy of key
|
||||
&mov ($_ivp,$acc); # save copy of ivp
|
||||
|
||||
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
|
||||
if ($compromise) {
|
||||
&cmp ($s2,$compromise);
|
||||
&jb (&label("skip_ecopy"));
|
||||
}
|
||||
- # copy key schedule to stack
|
||||
- &mov ("ecx",244/4);
|
||||
+ # do we copy key schedule to stack?
|
||||
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
|
||||
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
|
||||
+ &sub ($s1,"ebp");
|
||||
&mov ("esi",$s3);
|
||||
+ &and ($s1,0xfff);
|
||||
&lea ("edi",$aes_key);
|
||||
- &mov ($_key,"edi");
|
||||
+ &cmp ($s1,2048);
|
||||
+ &jb (&label("do_ecopy"));
|
||||
+ &cmp ($s1,4096-244);
|
||||
+ &jb (&label("skip_ecopy"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A5F3); # rep movsd
|
||||
- &set_label("skip_ecopy") if ($compromise);
|
||||
+ &set_label("do_ecopy");
|
||||
+ &mov ($_key,"edi");
|
||||
+ &data_word(0xA5F3F689); # rep movsd
|
||||
+ &set_label("skip_ecopy");
|
||||
|
||||
&mov ($acc,$s0);
|
||||
&mov ($key,16);
|
||||
@@ -942,18 +938,16 @@
|
||||
&mov (&DWP(8,$acc),$s2);
|
||||
&mov (&DWP(12,$acc),$s3);
|
||||
|
||||
+ &cmp ($mark,0); # was the key schedule copied?
|
||||
&mov ("edi",$_key);
|
||||
&mov ("esp",$_esp);
|
||||
- if ($compromise) {
|
||||
- &cmp (&wparam(2),$compromise);
|
||||
- &jb (&label("skip_ezero"));
|
||||
- }
|
||||
+ &je (&label("skip_ezero"));
|
||||
# zero copy of key schedule
|
||||
&mov ("ecx",240/4);
|
||||
&xor ("eax","eax");
|
||||
&align (4);
|
||||
- &data_word(0xF689ABF3); # rep stosd
|
||||
- &set_label("skip_ezero") if ($compromise);
|
||||
+ &data_word(0xABF3F689); # rep stosd
|
||||
+ &set_label("skip_ezero")
|
||||
&popf ();
|
||||
&set_label("enc_out");
|
||||
&function_end_A();
|
||||
@@ -968,7 +962,7 @@
|
||||
&cmp ($key,$acc); # compare with inp
|
||||
&je (&label("enc_in_place"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A4F3); # rep movsb # copy input
|
||||
+ &data_word(0xA4F3F689); # rep movsb # copy input
|
||||
&jmp (&label("enc_skip_in_place"));
|
||||
&set_label("enc_in_place");
|
||||
&lea ($key,&DWP(0,$key,$s2));
|
||||
@@ -976,7 +970,7 @@
|
||||
&mov ($s2,$s1);
|
||||
&xor ($s0,$s0);
|
||||
&align (4);
|
||||
- &data_word(0xF689AAF3); # rep stosb # zero tail
|
||||
+ &data_word(0xAAF3F689); # rep stosb # zero tail
|
||||
&pop ($key); # pop ivp
|
||||
|
||||
&mov ($acc,$_out); # output as input
|
||||
@@ -996,10 +990,10 @@
|
||||
|
||||
# ... and make sure it doesn't alias with AES_Td modulo 4096
|
||||
&mov ($s0,"ebp");
|
||||
- &lea ($s1,&DWP(3072,"ebp"));
|
||||
+ &lea ($s1,&DWP(2048+256,"ebp"));
|
||||
&mov ($s3,$key);
|
||||
&and ($s0,0xfff); # s = %ebp&0xfff
|
||||
- &and ($s1,0xfff); # e = (%ebp+3072)&0xfff
|
||||
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
|
||||
&and ($s3,0xfff); # p = %esp&0xfff
|
||||
|
||||
&cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
|
||||
@@ -1030,21 +1024,30 @@
|
||||
&mov ($_key,$s3); # save copy of key
|
||||
&mov ($_ivp,$acc); # save copy of ivp
|
||||
|
||||
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
|
||||
if ($compromise) {
|
||||
&cmp ($s2,$compromise);
|
||||
&jb (&label("skip_dcopy"));
|
||||
}
|
||||
- # copy key schedule to stack
|
||||
- &mov ("ecx",244/4);
|
||||
+ # do we copy key schedule to stack?
|
||||
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
|
||||
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
|
||||
+ &sub ($s1,"ebp");
|
||||
&mov ("esi",$s3);
|
||||
+ &and ($s1,0xfff);
|
||||
&lea ("edi",$aes_key);
|
||||
- &mov ($_key,"edi");
|
||||
+ &cmp ($s1,2048+256);
|
||||
+ &jb (&label("do_dcopy"));
|
||||
+ &cmp ($s1,4096-244);
|
||||
+ &jb (&label("skip_dcopy"));
|
||||
&align (4);
|
||||
- &data_word(0xF689A5F3); # rep movsd
|
||||
- &set_label("skip_dcopy") if ($compromise);
|
||||
+ &set_label("do_dcopy");
|
||||
+ &mov ($_key,"edi");
|
||||
+ &data_word(0xA5F3F689); # rep movsd
|
||||
+ &set_label("skip_dcopy");
|
||||
|
||||
&mov ($acc,$s0);
|
||||
- &mov ($key,24);
|
||||
+ &mov ($key,18);
|
||||
&align (4);
|
||||
&set_label("prefetch_td");
|
||||
&mov ($s0,&DWP(0,"ebp"));
|
||||
@@ -1054,7 +1057,7 @@
|
||||
&lea ("ebp",&DWP(128,"ebp"));
|
||||
&dec ($key);
|
||||
&jnz (&label("prefetch_td"));
|
||||
- &sub ("ebp",3072);
|
||||
+ &sub ("ebp",2048+256);
|
||||
|
||||
&cmp ($acc,$_out);
|
||||
&je (&label("dec_in_place")); # in-place processing...
|
||||
@@ -1121,7 +1124,7 @@
|
||||
&lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
|
||||
&mov ($acc eq "esi" ? $acc : "",$key);
|
||||
&mov ($key eq "edi" ? $key : "",$_out); # load out
|
||||
- &data_word(0xF689A4F3); # rep movsb # copy output
|
||||
+ &data_word(0xA4F3F689); # rep movsb # copy output
|
||||
&mov ($key,$_inp); # use inp as temp ivp
|
||||
&jmp (&label("dec_end"));
|
||||
|
||||
@@ -1188,22 +1191,20 @@
|
||||
&lea ($key,&DWP(0,$key,$s2));
|
||||
&lea ($acc,&DWP(16,$acc,$s2));
|
||||
&neg ($s2 eq "ecx" ? $s2 : "");
|
||||
- &data_word(0xF689A4F3); # rep movsb # restore tail
|
||||
+ &data_word(0xA4F3F689); # rep movsb # restore tail
|
||||
|
||||
&align (4);
|
||||
&set_label("dec_out");
|
||||
+ &cmp ($mark,0); # was the key schedule copied?
|
||||
&mov ("edi",$_key);
|
||||
&mov ("esp",$_esp);
|
||||
- if ($compromise) {
|
||||
- &cmp (&wparam(2),$compromise);
|
||||
- &jb (&label("skip_dzero"));
|
||||
- }
|
||||
+ &je (&label("skip_dzero"));
|
||||
# zero copy of key schedule
|
||||
&mov ("ecx",240/4);
|
||||
&xor ("eax","eax");
|
||||
&align (4);
|
||||
- &data_word(0xF689ABF3); # rep stosd
|
||||
- &set_label("skip_dzero") if ($compromise);
|
||||
+ &data_word(0xABF3F689); # rep stosd
|
||||
+ &set_label("skip_dzero")
|
||||
&popf ();
|
||||
&function_end("AES_cbc_encrypt");
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
openssl/ssl/t1_enc.c 1.35.2.1 -> 1.35.2.2
|
||||
|
||||
--- openssl/ssl/t1_enc.c 2005/09/30 23:38:20 1.35.2.1
|
||||
+++ openssl/ssl/t1_enc.c 2006/05/07 12:27:48 1.35.2.2
|
||||
@@ -628,7 +628,15 @@
|
||||
{
|
||||
ii=i=rec->data[l-1]; /* padding_length */
|
||||
i++;
|
||||
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
+ /* NB: if compression is in operation the first packet
|
||||
+ * may not be of even length so the padding bug check
|
||||
+ * cannot be performed. This bug workaround has been
|
||||
+ * around since SSLeay so hopefully it is either fixed
|
||||
+ * now or no buggy implementation supports compression
|
||||
+ * [steve]
|
||||
+ */
|
||||
+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
|
||||
+ && !s->expand)
|
||||
{
|
||||
/* First packet is even in size, so check */
|
||||
if ((memcmp(s->s3->read_sequence,
|
||||
|
@ -1,447 +0,0 @@
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe 2005-09-23 01:32:49.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -238,40 +238,63 @@
|
||||
return(r);
|
||||
}
|
||||
|
||||
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)
|
||||
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
|
||||
{
|
||||
BN_BLINDING *ret;
|
||||
+ int got_write_lock = 0;
|
||||
+
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
|
||||
|
||||
if (rsa->blinding == NULL)
|
||||
{
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
if (rsa->blinding == NULL)
|
||||
- {
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
- if (rsa->blinding == NULL)
|
||||
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
- }
|
||||
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
|
||||
}
|
||||
|
||||
ret = rsa->blinding;
|
||||
if (ret == NULL)
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
|
||||
- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())
|
||||
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
|
||||
{
|
||||
- *local = 0;
|
||||
+ /* rsa->blinding is ours! */
|
||||
+
|
||||
+ *local = 1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /* resort to rsa->mt_blinding instead */
|
||||
+
|
||||
+ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
|
||||
+ * that the BN_BLINDING is shared, meaning that accesses
|
||||
+ * require locks, and that the blinding factor must be
|
||||
+ * stored outside the BN_BLINDING
|
||||
+ */
|
||||
+
|
||||
if (rsa->mt_blinding == NULL)
|
||||
{
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ if (!got_write_lock)
|
||||
+ {
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
|
||||
+ got_write_lock = 1;
|
||||
+ }
|
||||
+
|
||||
if (rsa->mt_blinding == NULL)
|
||||
rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
}
|
||||
ret = rsa->mt_blinding;
|
||||
}
|
||||
- else
|
||||
- *local = 1;
|
||||
|
||||
+ err:
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -358,7 +381,7 @@
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
|
||||
@@ -479,7 +502,7 @@
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
|
||||
{
|
||||
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
|
||||
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL)
|
||||
{
|
||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
|
||||
--- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe 2005-11-11 13:59:39.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2006-07-20 13:42:07.000000000 +0200
|
||||
@@ -55,6 +55,59 @@
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
+/* ====================================================================
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in
|
||||
+ * the documentation and/or other materials provided with the
|
||||
+ * distribution.
|
||||
+ *
|
||||
+ * 3. All advertising materials mentioning features or use of this
|
||||
+ * software must display the following acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
+ * endorse or promote products derived from this software without
|
||||
+ * prior written permission. For written permission, please contact
|
||||
+ * openssl-core@openssl.org.
|
||||
+ *
|
||||
+ * 5. Products derived from this software may not be called "OpenSSL"
|
||||
+ * nor may "OpenSSL" appear in their names without prior written
|
||||
+ * permission of the OpenSSL Project.
|
||||
+ *
|
||||
+ * 6. Redistributions of any form whatsoever must retain the following
|
||||
+ * acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ * ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
+ */
|
||||
|
||||
/*
|
||||
* Details about Montgomery multiplication algorithms can be found at
|
||||
@@ -353,18 +406,32 @@
|
||||
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
|
||||
const BIGNUM *mod, BN_CTX *ctx)
|
||||
{
|
||||
- if (*pmont)
|
||||
- return *pmont;
|
||||
- CRYPTO_w_lock(lock);
|
||||
+ int got_write_lock = 0;
|
||||
+ BN_MONT_CTX *ret;
|
||||
+
|
||||
+ CRYPTO_r_lock(lock);
|
||||
if (!*pmont)
|
||||
{
|
||||
- BN_MONT_CTX *mtmp;
|
||||
- mtmp = BN_MONT_CTX_new();
|
||||
- if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx))
|
||||
- BN_MONT_CTX_free(mtmp);
|
||||
- else
|
||||
- *pmont = mtmp;
|
||||
+ CRYPTO_r_unlock(lock);
|
||||
+ CRYPTO_w_lock(lock);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
+ if (!*pmont)
|
||||
+ {
|
||||
+ ret = BN_MONT_CTX_new();
|
||||
+ if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
|
||||
+ BN_MONT_CTX_free(ret);
|
||||
+ else
|
||||
+ *pmont = ret;
|
||||
+ }
|
||||
}
|
||||
- CRYPTO_w_unlock(lock);
|
||||
- return *pmont;
|
||||
+
|
||||
+ ret = *pmont;
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(lock);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(lock);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
--- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe 2006-02-08 20:16:16.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/err/err.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -548,9 +548,20 @@
|
||||
int i;
|
||||
static int init = 1;
|
||||
|
||||
- if (!init) return;
|
||||
-
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
|
||||
+ if (!init)
|
||||
+ {
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
|
||||
+ if (!init)
|
||||
+ {
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
|
||||
{
|
||||
--- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe 2006-04-15 02:22:34.000000000 +0200
|
||||
+++ openssl-0.9.8b/ssl/ssl_ciph.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,6 +56,59 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in
|
||||
+ * the documentation and/or other materials provided with the
|
||||
+ * distribution.
|
||||
+ *
|
||||
+ * 3. All advertising materials mentioning features or use of this
|
||||
+ * software must display the following acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
+ * endorse or promote products derived from this software without
|
||||
+ * prior written permission. For written permission, please contact
|
||||
+ * openssl-core@openssl.org.
|
||||
+ *
|
||||
+ * 5. Products derived from this software may not be called "OpenSSL"
|
||||
+ * nor may "OpenSSL" appear in their names without prior written
|
||||
+ * permission of the OpenSSL Project.
|
||||
+ *
|
||||
+ * 6. Redistributions of any form whatsoever must retain the following
|
||||
+ * acknowledgment:
|
||||
+ * "This product includes software developed by the OpenSSL Project
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ * ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
+ */
|
||||
+/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
* ECC cipher suite support in OpenSSL originally developed by
|
||||
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
|
||||
@@ -203,36 +256,46 @@
|
||||
|
||||
static void load_builtin_compressions(void)
|
||||
{
|
||||
- if (ssl_comp_methods != NULL)
|
||||
- return;
|
||||
+ int got_write_lock = 0;
|
||||
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL);
|
||||
if (ssl_comp_methods == NULL)
|
||||
{
|
||||
- SSL_COMP *comp = NULL;
|
||||
-
|
||||
- MemCheck_off();
|
||||
- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
- if (ssl_comp_methods != NULL)
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
|
||||
+ got_write_lock = 1;
|
||||
+
|
||||
+ if (ssl_comp_methods == NULL)
|
||||
{
|
||||
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
- if (comp != NULL)
|
||||
+ SSL_COMP *comp = NULL;
|
||||
+
|
||||
+ MemCheck_off();
|
||||
+ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
|
||||
+ if (ssl_comp_methods != NULL)
|
||||
{
|
||||
- comp->method=COMP_zlib();
|
||||
- if (comp->method
|
||||
- && comp->method->type == NID_undef)
|
||||
- OPENSSL_free(comp);
|
||||
- else
|
||||
+ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
+ if (comp != NULL)
|
||||
{
|
||||
- comp->id=SSL_COMP_ZLIB_IDX;
|
||||
- comp->name=comp->method->name;
|
||||
- sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
+ comp->method=COMP_zlib();
|
||||
+ if (comp->method
|
||||
+ && comp->method->type == NID_undef)
|
||||
+ OPENSSL_free(comp);
|
||||
+ else
|
||||
+ {
|
||||
+ comp->id=SSL_COMP_ZLIB_IDX;
|
||||
+ comp->name=comp->method->name;
|
||||
+ sk_SSL_COMP_push(ssl_comp_methods,comp);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+ MemCheck_on();
|
||||
}
|
||||
- MemCheck_on();
|
||||
}
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
|
||||
}
|
||||
#endif
|
||||
|
||||
--- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe 2006-02-24 18:58:35.000000000 +0100
|
||||
+++ openssl-0.9.8b/ssl/ssl_cert.c 2006-07-20 13:41:44.000000000 +0200
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -73,12 +73,12 @@
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
- * openssl-core@OpenSSL.org.
|
||||
+ * openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
@@ -87,7 +87,7 @@
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
@@ -102,6 +102,11 @@
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
+ *
|
||||
+ * This product includes cryptographic software written by Eric Young
|
||||
+ * (eay@cryptsoft.com). This product includes software written by Tim
|
||||
+ * Hudson (tjh@cryptsoft.com).
|
||||
+ *
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
@@ -130,21 +135,28 @@
|
||||
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
|
||||
{
|
||||
static volatile int ssl_x509_store_ctx_idx= -1;
|
||||
+ int got_write_lock = 0;
|
||||
+
|
||||
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
- /* any write lock will do; usually this branch
|
||||
- * will only be taken once anyway */
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
+ got_write_lock = 1;
|
||||
|
||||
if (ssl_x509_store_ctx_idx < 0)
|
||||
{
|
||||
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
|
||||
0,"SSL for verify callback",NULL,NULL,NULL);
|
||||
}
|
||||
-
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
}
|
||||
+
|
||||
+ if (got_write_lock)
|
||||
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
+ else
|
||||
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
|
||||
+
|
||||
return ssl_x509_store_ctx_idx;
|
||||
}
|
||||
|
@ -1,25 +0,0 @@
|
||||
Dr S N Henson of the OpenSSL core team and Open Network Security
|
||||
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
|
||||
the test suite was run against OpenSSL two denial of service
|
||||
vulnerabilities were discovered.
|
||||
|
||||
During the parsing of certain invalid ASN1 structures an error
|
||||
condition is mishandled. This can result in an infinite loop which
|
||||
consumes system memory. CVE-2006-2938
|
||||
|
||||
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
|
||||
affected. This includes SSL servers which enable client authentication
|
||||
and S/MIME applications.
|
||||
|
||||
This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
|
||||
|
||||
--- openssl-0.9.8b/crypto/asn1/tasn_dec.c.asn1-error 2006-02-19 14:45:22.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/asn1/tasn_dec.c 2006-09-25 12:01:14.000000000 +0200
|
||||
@@ -832,6 +832,7 @@
|
||||
}
|
||||
else if (ret == -1)
|
||||
return -1;
|
||||
+ ret = 0;
|
||||
/* SEQUENCE, SET and "OTHER" are left in encoded form */
|
||||
if ((utype == V_ASN1_SEQUENCE)
|
||||
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
|
@ -1,215 +0,0 @@
|
||||
Dr S N Henson of the OpenSSL core team and Open Network Security
|
||||
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
|
||||
the test suite was run against OpenSSL two denial of service
|
||||
vulnerabilities were discovered.
|
||||
|
||||
Certain types of public key can take disproportionate amounts of time
|
||||
to process. This could be used by an attacker in a denial of service attack.
|
||||
CVE-2006-2940
|
||||
|
||||
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
|
||||
affected. This includes SSL servers which enable client authentication,
|
||||
and S/MIME applications.
|
||||
|
||||
|
||||
diff -u -r1.37.2.2 dh.h
|
||||
--- crypto/dh/dh.h 9 Jan 2006 16:05:22 -0000 1.37.2.2
|
||||
+++ crypto/dh/dh.h 15 Sep 2006 13:59:47 -0000
|
||||
@@ -73,6 +73,8 @@
|
||||
#include <openssl/bn.h>
|
||||
#endif
|
||||
|
||||
+#define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
+
|
||||
#define DH_FLAG_CACHE_MONT_P 0x01
|
||||
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
|
||||
* implementation now uses constant time
|
||||
@@ -221,6 +223,7 @@
|
||||
/* Reason codes. */
|
||||
#define DH_R_BAD_GENERATOR 101
|
||||
#define DH_R_INVALID_PUBKEY 102
|
||||
+#define DH_R_MODULUS_TOO_LARGE 103
|
||||
#define DH_R_NO_PRIVATE_VALUE 100
|
||||
|
||||
#ifdef __cplusplus
|
||||
diff -u -r1.11.2.2 dh_err.c
|
||||
--- crypto/dh/dh_err.c 9 Jan 2006 16:05:22 -0000 1.11.2.2
|
||||
+++ crypto/dh/dh_err.c 15 Sep 2006 13:59:47 -0000
|
||||
@@ -84,6 +84,7 @@
|
||||
{
|
||||
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
|
||||
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
|
||||
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
|
||||
{0,NULL}
|
||||
};
|
||||
diff -u -r1.24.2.3 dh_key.c
|
||||
--- crypto/dh/dh_key.c 13 Mar 2006 23:12:06 -0000 1.24.2.3
|
||||
+++ crypto/dh/dh_key.c 15 Sep 2006 13:59:47 -0000
|
||||
@@ -179,6 +179,12 @@
|
||||
int ret= -1;
|
||||
int check_result;
|
||||
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
|
||||
+ {
|
||||
+ DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL) goto err;
|
||||
BN_CTX_start(ctx);
|
||||
diff -u -r1.39 dsa.h
|
||||
--- crypto/dsa/dsa.h 16 May 2005 01:43:30 -0000 1.39
|
||||
+++ crypto/dsa/dsa.h 15 Sep 2006 13:59:47 -0000
|
||||
@@ -84,6 +84,8 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
|
||||
+
|
||||
#define DSA_FLAG_CACHE_MONT_P 0x01
|
||||
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
|
||||
* implementation now uses constant time
|
||||
@@ -270,8 +272,10 @@
|
||||
#define DSA_F_SIG_CB 114
|
||||
|
||||
/* Reason codes. */
|
||||
+#define DSA_R_BAD_Q_VALUE 102
|
||||
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
|
||||
#define DSA_R_MISSING_PARAMETERS 101
|
||||
+#define DSA_R_MODULUS_TOO_LARGE 103
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff -u -r1.13 dsa_err.c
|
||||
--- crypto/dsa/dsa_err.c 12 Apr 2005 16:15:12 -0000 1.13
|
||||
+++ crypto/dsa/dsa_err.c 15 Sep 2006 13:59:47 -0000
|
||||
@@ -89,8 +89,10 @@
|
||||
|
||||
static ERR_STRING_DATA DSA_str_reasons[]=
|
||||
{
|
||||
+{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
|
||||
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
|
||||
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
|
||||
+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{0,NULL}
|
||||
};
|
||||
|
||||
diff -u -r1.24.2.1 dsa_ossl.c
|
||||
--- crypto/dsa/dsa_ossl.c 26 May 2005 04:40:57 -0000 1.24.2.1
|
||||
+++ crypto/dsa/dsa_ossl.c 15 Sep 2006 13:59:47 -0000
|
||||
@@ -304,6 +304,18 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (BN_num_bits(dsa->q) != 160)
|
||||
+ {
|
||||
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
|
||||
+ {
|
||||
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
BN_init(&u1);
|
||||
BN_init(&u2);
|
||||
BN_init(&t1);
|
||||
diff -u -r1.55.2.6 rsa.h
|
||||
--- crypto/rsa/rsa.h 6 Sep 2006 06:43:25 -0000 1.55.2.6
|
||||
+++ crypto/rsa/rsa.h 15 Sep 2006 13:59:48 -0000
|
||||
@@ -159,6 +159,11 @@
|
||||
BN_BLINDING *mt_blinding;
|
||||
};
|
||||
|
||||
+#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
|
||||
+
|
||||
+#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
|
||||
+#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
|
||||
+
|
||||
#define RSA_3 0x3L
|
||||
#define RSA_F4 0x10001L
|
||||
|
||||
@@ -407,6 +412,7 @@
|
||||
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
|
||||
#define RSA_R_KEY_SIZE_TOO_SMALL 120
|
||||
#define RSA_R_LAST_OCTET_INVALID 134
|
||||
+#define RSA_R_MODULUS_TOO_LARGE 105
|
||||
#define RSA_R_NO_PUBLIC_EXPONENT 140
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
||||
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||
diff -u -r1.46.2.6 rsa_eay.c
|
||||
--- crypto/rsa/rsa_eay.c 6 Sep 2006 06:43:25 -0000 1.46.2.6
|
||||
+++ crypto/rsa/rsa_eay.c 15 Sep 2006 13:59:48 -0000
|
||||
@@ -168,6 +168,28 @@
|
||||
unsigned char *buf=NULL;
|
||||
BN_CTX *ctx=NULL;
|
||||
|
||||
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* for large moduli, enforce exponent limit */
|
||||
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
|
||||
+ {
|
||||
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||
BN_CTX_start(ctx);
|
||||
f = BN_CTX_get(ctx);
|
||||
@@ -597,6 +619,28 @@
|
||||
unsigned char *buf=NULL;
|
||||
BN_CTX *ctx=NULL;
|
||||
|
||||
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* for large moduli, enforce exponent limit */
|
||||
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
|
||||
+ {
|
||||
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if((ctx = BN_CTX_new()) == NULL) goto err;
|
||||
BN_CTX_start(ctx);
|
||||
f = BN_CTX_get(ctx);
|
||||
diff -u -r1.17.2.5 rsa_err.c
|
||||
--- crypto/rsa/rsa_err.c 6 Sep 2006 06:43:26 -0000 1.17.2.5
|
||||
+++ crypto/rsa/rsa_err.c 15 Sep 2006 13:59:48 -0000
|
||||
@@ -137,6 +137,7 @@
|
||||
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
|
||||
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
|
||||
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
|
||||
+{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
|
||||
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
|
||||
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
|
||||
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
@ -1,27 +0,0 @@
|
||||
Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer
|
||||
overflow in SSL_get_shared_ciphers utility function, used by some
|
||||
applications such as exim and mysql. An attacker could send a list of
|
||||
ciphers that would overrun a buffer CVE-2006-3738
|
||||
|
||||
--- ssl/ssl_lib.c 2005-10-01 00:38:20.000000000 +0100
|
||||
+++ ssl/ssl_lib.c 2006-08-28 19:08:37.401404000 +0100
|
||||
@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *
|
||||
c=sk_SSL_CIPHER_value(sk,i);
|
||||
for (cp=c->name; *cp; )
|
||||
{
|
||||
- if (len-- == 0)
|
||||
+ if (len-- <= 0)
|
||||
{
|
||||
*p='\0';
|
||||
return(buf);
|
||||
--- ssl/s3_srvr.c 2005-10-01 00:38:20.000000000 +0100
|
||||
+++ ssl/s3_srvr.c 2006-08-28 19:16:39.313556000 +0100
|
||||
@@ -2017,7 +2017,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
|
||||
if (kssl_ctx->client_princ)
|
||||
{
|
||||
- int len = strlen(kssl_ctx->client_princ);
|
||||
+ size_t len = strlen(kssl_ctx->client_princ);
|
||||
if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
|
||||
{
|
||||
s->session->krb5_client_princ_len = len;
|
@ -1,77 +0,0 @@
|
||||
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
|
||||
(CVE-2006-4339) [Ben Laurie; Google Security Team]
|
||||
openssl/crypto/rsa/rsa.h 1.55.2.4 -> 1.55.2.5
|
||||
|
||||
--- openssl/crypto/rsa/rsa.h 2006/01/09 16:05:18 1.55.2.4
|
||||
+++ openssl/crypto/rsa/rsa.h 2006/09/05 08:25:42 1.55.2.5
|
||||
@@ -412,6 +412,7 @@
|
||||
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
||||
#define RSA_R_OAEP_DECODING_ERROR 121
|
||||
#define RSA_R_PADDING_CHECK_FAILED 114
|
||||
+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
|
||||
#define RSA_R_P_NOT_PRIME 128
|
||||
#define RSA_R_Q_NOT_PRIME 129
|
||||
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
|
||||
|
||||
openssl/crypto/rsa/rsa_eay.c 1.46.2.4 -> 1.46.2.5
|
||||
|
||||
--- openssl/crypto/rsa/rsa_eay.c 2006/06/14 08:51:40 1.46.2.4
|
||||
+++ openssl/crypto/rsa/rsa_eay.c 2006/09/05 08:25:42 1.46.2.5
|
||||
@@ -640,6 +640,15 @@
|
||||
{
|
||||
case RSA_PKCS1_PADDING:
|
||||
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
|
||||
+ /* Generally signatures should be at least 2/3 padding, though
|
||||
+ this isn't possible for really short keys and some standard
|
||||
+ signature schemes, so don't check if the unpadded data is
|
||||
+ small. */
|
||||
+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
|
||||
+ goto err;
|
||||
+ }
|
||||
break;
|
||||
case RSA_X931_PADDING:
|
||||
r=RSA_padding_check_X931(to,num,buf,i,num);
|
||||
|
||||
openssl/crypto/rsa/rsa_err.c 1.17.2.3 -> 1.17.2.4
|
||||
|
||||
--- openssl/crypto/rsa/rsa_err.c 2006/01/09 16:05:18 1.17.2.3
|
||||
+++ openssl/crypto/rsa/rsa_err.c 2006/09/05 08:25:42 1.17.2.4
|
||||
@@ -142,6 +142,7 @@
|
||||
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
|
||||
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
|
||||
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
|
||||
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
|
||||
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
|
||||
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
|
||||
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
|
||||
|
||||
openssl/crypto/rsa/rsa_sign.c 1.21 -> 1.21.2.1
|
||||
|
||||
--- openssl/crypto/rsa/rsa_sign.c 2005/04/26 22:07:17 1.21
|
||||
+++ openssl/crypto/rsa/rsa_sign.c 2006/09/05 08:25:42 1.21.2.1
|
||||
@@ -185,6 +185,23 @@
|
||||
sig=d2i_X509_SIG(NULL,&p,(long)i);
|
||||
|
||||
if (sig == NULL) goto err;
|
||||
+
|
||||
+ /* Excess data can be used to create forgeries */
|
||||
+ if(p != s+i)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* Parameters to the signature algorithm can also be used to
|
||||
+ create forgeries */
|
||||
+ if(sig->algor->parameter
|
||||
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
|
||||
+ {
|
||||
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
sigtype=OBJ_obj2nid(sig->algor->algorithm);
|
||||
|
||||
|
@ -1,17 +0,0 @@
|
||||
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
|
||||
possible DoS in the sslv2 client code. Where a client application uses
|
||||
OpenSSL to make a SSLv2 connection to a malicious server that server
|
||||
could cause the client to crash. CVE-2006-4343
|
||||
|
||||
--- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100
|
||||
+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100
|
||||
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
|
||||
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
|
||||
}
|
||||
|
||||
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
|
||||
+ if (s->session->sess_cert == NULL
|
||||
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
|
||||
/* can't happen */
|
||||
{
|
||||
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
@ -1,934 +0,0 @@
|
||||
diff -up openssl-0.9.8b/crypto/rsa/rsa.h.no-branch openssl-0.9.8b/crypto/rsa/rsa.h
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa.h.no-branch 2007-08-03 13:58:54.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa.h 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -189,13 +189,17 @@ struct rsa_st
|
||||
* default (ignoring RSA_FLAG_BLINDING),
|
||||
* but other engines might not need it
|
||||
*/
|
||||
-#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
|
||||
- * implementation now uses constant time
|
||||
- * modular exponentiation for secret exponents
|
||||
- * by default. This flag causes the
|
||||
- * faster variable sliding window method to
|
||||
- * be used for all exponents.
|
||||
- */
|
||||
+#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
|
||||
+ * implementation now uses constant time
|
||||
+ * operations by default in private key operations,
|
||||
+ * e.g., constant time modular exponentiation,
|
||||
+ * modular inverse without leaking branches,
|
||||
+ * division without leaking branches. This
|
||||
+ * flag disables these constant time
|
||||
+ * operations and results in faster RSA
|
||||
+ * private key operations.
|
||||
+ */
|
||||
+#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
|
||||
|
||||
#define RSA_PKCS1_PADDING 1
|
||||
#define RSA_SSLV23_PADDING 2
|
||||
diff -up openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_lib.c
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch 2005-11-25 15:26:12.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_lib.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -361,7 +361,8 @@ err:
|
||||
|
||||
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
|
||||
{
|
||||
- BIGNUM *e;
|
||||
+ BIGNUM local_n;
|
||||
+ BIGNUM *e,*n;
|
||||
BN_CTX *ctx;
|
||||
BN_BLINDING *ret = NULL;
|
||||
|
||||
@@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa
|
||||
RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
|
||||
}
|
||||
|
||||
- ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx,
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ /* Set BN_FLG_CONSTTIME flag */
|
||||
+ n = &local_n;
|
||||
+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
|
||||
+ }
|
||||
+ else
|
||||
+ n = rsa->n;
|
||||
+
|
||||
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx,
|
||||
rsa->meth->bn_mod_exp, rsa->_method_mod_n);
|
||||
if (ret == NULL)
|
||||
{
|
||||
diff -up openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_gen.c
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch 2006-03-14 00:12:08.000000000 +0100
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_gen.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -85,6 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bi
|
||||
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
||||
{
|
||||
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
||||
+ BIGNUM local_r0,local_d,local_p;
|
||||
+ BIGNUM *pr0,*d,*p;
|
||||
int bitsp,bitsq,ok= -1,n=0;
|
||||
BN_CTX *ctx=NULL;
|
||||
|
||||
@@ -165,16 +167,39 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
|
||||
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
|
||||
if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
|
||||
- if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err; /* d */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ pr0 = &local_r0;
|
||||
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
|
||||
+ }
|
||||
+ else
|
||||
+ pr0 = r0;
|
||||
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
|
||||
+
|
||||
+ /* set up d for correct BN_FLG_CONSTTIME flag */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ d = &local_d;
|
||||
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||
+ }
|
||||
+ else
|
||||
+ d = rsa->d;
|
||||
|
||||
/* calculate d mod (p-1) */
|
||||
- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
|
||||
+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
|
||||
|
||||
/* calculate d mod (q-1) */
|
||||
- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
|
||||
+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
|
||||
|
||||
/* calculate inverse of q mod p */
|
||||
- if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err;
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ p = &local_p;
|
||||
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
|
||||
+ }
|
||||
+ else
|
||||
+ p = rsa->p;
|
||||
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
||||
|
||||
ok=1;
|
||||
err:
|
||||
diff -up openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_eay.c
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch 2007-08-03 13:58:54.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -429,11 +429,11 @@ static int RSA_eay_private_encrypt(int f
|
||||
BIGNUM local_d;
|
||||
BIGNUM *d = NULL;
|
||||
|
||||
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
{
|
||||
BN_init(&local_d);
|
||||
d = &local_d;
|
||||
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
||||
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||
}
|
||||
else
|
||||
d = rsa->d;
|
||||
@@ -551,10 +551,10 @@ static int RSA_eay_private_decrypt(int f
|
||||
BIGNUM local_d;
|
||||
BIGNUM *d = NULL;
|
||||
|
||||
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
{
|
||||
d = &local_d;
|
||||
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
||||
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||
}
|
||||
else
|
||||
d = rsa->d;
|
||||
@@ -724,8 +724,9 @@ err:
|
||||
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *r1,*m1,*vrfy;
|
||||
- BIGNUM local_dmp1, local_dmq1;
|
||||
- BIGNUM *dmp1, *dmq1;
|
||||
+ BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
|
||||
+ BIGNUM *dmp1,*dmq1,*c,*pr1;
|
||||
+ int bn_flags;
|
||||
int ret=0;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
@@ -733,26 +734,72 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
|
||||
m1 = BN_CTX_get(ctx);
|
||||
vrfy = BN_CTX_get(ctx);
|
||||
|
||||
+ /* Make sure mod_inverse in montgomerey intialization use correct
|
||||
+ * BN_FLG_CONSTTIME flag.
|
||||
+ */
|
||||
+ bn_flags = rsa->p->flags;
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ rsa->p->flags |= BN_FLG_CONSTTIME;
|
||||
+ }
|
||||
MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
|
||||
+ /* We restore bn_flags back */
|
||||
+ rsa->p->flags = bn_flags;
|
||||
+
|
||||
+ /* Make sure mod_inverse in montgomerey intialization use correct
|
||||
+ * BN_FLG_CONSTTIME flag.
|
||||
+ */
|
||||
+ bn_flags = rsa->q->flags;
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ rsa->q->flags |= BN_FLG_CONSTTIME;
|
||||
+ }
|
||||
MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
|
||||
+ /* We restore bn_flags back */
|
||||
+ rsa->q->flags = bn_flags;
|
||||
+
|
||||
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
|
||||
|
||||
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
|
||||
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||
+ /* compute I mod q */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ c = &local_c;
|
||||
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
|
||||
+ if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* compute r1^dmq1 mod q */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
{
|
||||
dmq1 = &local_dmq1;
|
||||
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
|
||||
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
|
||||
}
|
||||
else
|
||||
dmq1 = rsa->dmq1;
|
||||
if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
|
||||
rsa->_method_mod_q)) goto err;
|
||||
|
||||
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
|
||||
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||
+ /* compute I mod p */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ c = &local_c;
|
||||
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
|
||||
+ if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* compute r1^dmp1 mod p */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
{
|
||||
dmp1 = &local_dmp1;
|
||||
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
|
||||
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
|
||||
}
|
||||
else
|
||||
dmp1 = rsa->dmp1;
|
||||
@@ -766,7 +813,17 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
|
||||
if (!BN_add(r0,r0,rsa->p)) goto err;
|
||||
|
||||
if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
|
||||
- if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
|
||||
+
|
||||
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
+ {
|
||||
+ pr1 = &local_r1;
|
||||
+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
|
||||
+ }
|
||||
+ else
|
||||
+ pr1 = r1;
|
||||
+ if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
|
||||
+
|
||||
/* If p < q it is occasionally possible for the correction of
|
||||
* adding 'p' if r0 is negative above to leave the result still
|
||||
* negative. This can break the private key operations: the following
|
||||
@@ -799,10 +856,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
|
||||
BIGNUM local_d;
|
||||
BIGNUM *d = NULL;
|
||||
|
||||
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
||||
{
|
||||
d = &local_d;
|
||||
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
||||
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||
}
|
||||
else
|
||||
d = rsa->d;
|
||||
diff -up openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_test.c
|
||||
--- openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch 2005-05-16 03:43:31.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/rsa/rsa_test.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -242,7 +242,7 @@ int main(int argc, char *argv[])
|
||||
clen = key3(key, ctext_ex);
|
||||
break;
|
||||
}
|
||||
- if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
|
||||
+ if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;
|
||||
|
||||
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
|
||||
RSA_PKCS1_PADDING);
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn.h.no-branch openssl-0.9.8b/crypto/bn/bn.h
|
||||
--- openssl-0.9.8b/crypto/bn/bn.h.no-branch 2007-08-03 13:58:54.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn.h 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -245,8 +245,15 @@ extern "C" {
|
||||
|
||||
#define BN_FLG_MALLOCED 0x01
|
||||
#define BN_FLG_STATIC_DATA 0x02
|
||||
-#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
|
||||
- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
|
||||
+#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
|
||||
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
|
||||
+ * BN_div() will call BN_div_no_branch,
|
||||
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
|
||||
+ */
|
||||
+#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
|
||||
+ /* avoid leaking exponent information through timings
|
||||
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
|
||||
+
|
||||
#ifndef OPENSSL_NO_DEPRECATED
|
||||
#define BN_FLG_FREE 0x8000 /* used for debuging */
|
||||
#endif
|
||||
@@ -534,7 +541,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_M
|
||||
#define BN_BLINDING_NO_UPDATE 0x00000001
|
||||
#define BN_BLINDING_NO_RECREATE 0x00000002
|
||||
|
||||
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
|
||||
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
|
||||
void BN_BLINDING_free(BN_BLINDING *b);
|
||||
int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
|
||||
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
|
||||
@@ -546,7 +553,7 @@ void BN_BLINDING_set_thread_id(BN_BLINDI
|
||||
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
|
||||
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
|
||||
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
|
||||
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
|
||||
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
|
||||
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
|
||||
BN_MONT_CTX *m_ctx);
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch openssl-0.9.8b/crypto/bn/bn_mont.c
|
||||
--- openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch 2007-08-03 13:58:54.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -159,6 +159,7 @@ int BN_from_montgomery(BIGNUM *ret, cons
|
||||
BIGNUM *n,*r;
|
||||
BN_ULONG *ap,*np,*rp,n0,v,*nrp;
|
||||
int al,nl,max,i,x,ri;
|
||||
+ size_t m1,m2;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
if ((r = BN_CTX_get(ctx)) == NULL) goto err;
|
||||
@@ -176,7 +177,6 @@ int BN_from_montgomery(BIGNUM *ret, cons
|
||||
|
||||
max=(nl+al+1); /* allow for overflow (no?) XXX */
|
||||
if (bn_wexpand(r,max) == NULL) goto err;
|
||||
- if (bn_wexpand(ret,max) == NULL) goto err;
|
||||
|
||||
r->neg=a->neg^n->neg;
|
||||
np=n->d;
|
||||
@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons
|
||||
}
|
||||
bn_correct_top(r);
|
||||
|
||||
- /* mont->ri will be a multiple of the word size */
|
||||
-#if 0
|
||||
- BN_rshift(ret,r,mont->ri);
|
||||
-#else
|
||||
+ /* mont->ri will be a multiple of the word size and below code
|
||||
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
|
||||
+ if (r->top <= ri)
|
||||
+ {
|
||||
+ ret->top=0;
|
||||
+ retn=1;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ al=r->top-ri;
|
||||
+ if (bn_wexpand(ret,ri) == NULL) goto err;
|
||||
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
|
||||
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
|
||||
ret->neg = r->neg;
|
||||
- x=ri;
|
||||
+
|
||||
rp=ret->d;
|
||||
- ap= &(r->d[x]);
|
||||
- if (r->top < x)
|
||||
- al=0;
|
||||
- else
|
||||
- al=r->top-x;
|
||||
- ret->top=al;
|
||||
- al-=4;
|
||||
- for (i=0; i<al; i+=4)
|
||||
+ ap=&(r->d[ri]);
|
||||
+
|
||||
+ v=bn_sub_words(rp,ap,np,ri);
|
||||
+ /* this -----------------------^^ works even in al<ri case
|
||||
+ * thanks to zealous zeroing of top of the vector in the
|
||||
+ * beginning. */
|
||||
+
|
||||
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
|
||||
+ /* in other words if subtraction result is real, then
|
||||
+ * trick unconditional memcpy below to perform in-place
|
||||
+ * "refresh" instead of actual copy. */
|
||||
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
|
||||
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
|
||||
+ m1|=m2; /* (al!=ri) */
|
||||
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
|
||||
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
|
||||
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
|
||||
+
|
||||
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
|
||||
+ * though it results in redundant copy in al<ri case. */
|
||||
+ for (i=0,ri-=4; i<ri; i+=4)
|
||||
{
|
||||
BN_ULONG t1,t2,t3,t4;
|
||||
|
||||
- t1=ap[i+0];
|
||||
- t2=ap[i+1];
|
||||
- t3=ap[i+2];
|
||||
- t4=ap[i+3];
|
||||
- rp[i+0]=t1;
|
||||
- rp[i+1]=t2;
|
||||
+ t1=nrp[i+0];
|
||||
+ t2=nrp[i+1];
|
||||
+ t3=nrp[i+2]; ap[i+0]=0;
|
||||
+ t4=nrp[i+3]; ap[i+1]=0;
|
||||
+ rp[i+0]=t1; ap[i+2]=0;
|
||||
+ rp[i+1]=t2; ap[i+3]=0;
|
||||
rp[i+2]=t3;
|
||||
rp[i+3]=t4;
|
||||
}
|
||||
- al+=4;
|
||||
- for (; i<al; i++)
|
||||
- rp[i]=ap[i];
|
||||
-#endif
|
||||
+ for (ri+=4; i<ri; i++)
|
||||
+ rp[i]=nrp[i], ap[i]=0;
|
||||
+ bn_correct_top(r);
|
||||
+ bn_correct_top(ret);
|
||||
#else /* !MONT_WORD */
|
||||
BIGNUM *t1,*t2;
|
||||
|
||||
@@ -276,12 +297,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
|
||||
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
|
||||
if (!BN_add(t2,a,t1)) goto err;
|
||||
if (!BN_rshift(ret,t2,mont->ri)) goto err;
|
||||
-#endif /* MONT_WORD */
|
||||
|
||||
if (BN_ucmp(ret, &(mont->N)) >= 0)
|
||||
{
|
||||
if (!BN_usub(ret,ret,&(mont->N))) goto err;
|
||||
}
|
||||
+#endif /* MONT_WORD */
|
||||
retn=1;
|
||||
bn_check_top(ret);
|
||||
err:
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch openssl-0.9.8b/crypto/bn/bn_lib.c
|
||||
--- openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch 2005-05-03 22:27:00.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_lib.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -763,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n
|
||||
i=n/BN_BITS2;
|
||||
j=n%BN_BITS2;
|
||||
if (a->top <= i) return 0;
|
||||
- return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
|
||||
+ return(((a->d[i])>>j)&((BN_ULONG)1));
|
||||
}
|
||||
|
||||
int BN_mask_bits(BIGNUM *a, int n)
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch openssl-0.9.8b/crypto/bn/bn_blind.c
|
||||
--- openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch 2005-05-26 06:30:48.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_blind.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -131,7 +131,7 @@ struct bn_blinding_st
|
||||
BN_MONT_CTX *m_ctx);
|
||||
};
|
||||
|
||||
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
|
||||
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
|
||||
{
|
||||
BN_BLINDING *ret=NULL;
|
||||
|
||||
@@ -151,7 +151,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNU
|
||||
{
|
||||
if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
|
||||
}
|
||||
- ret->mod = mod;
|
||||
+
|
||||
+ /* save a copy of mod in the BN_BLINDING structure */
|
||||
+ if ((ret->mod = BN_dup(mod)) == NULL) goto err;
|
||||
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
|
||||
+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
|
||||
+
|
||||
ret->counter = BN_BLINDING_COUNTER;
|
||||
return(ret);
|
||||
err:
|
||||
@@ -167,6 +172,7 @@ void BN_BLINDING_free(BN_BLINDING *r)
|
||||
if (r->A != NULL) BN_free(r->A );
|
||||
if (r->Ai != NULL) BN_free(r->Ai);
|
||||
if (r->e != NULL) BN_free(r->e );
|
||||
+ if (r->mod != NULL) BN_free(r->mod);
|
||||
OPENSSL_free(r);
|
||||
}
|
||||
|
||||
@@ -278,7 +284,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *
|
||||
}
|
||||
|
||||
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
|
||||
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
|
||||
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
|
||||
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
|
||||
BN_MONT_CTX *m_ctx)
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn_div.c.no-branch openssl-0.9.8b/crypto/bn/bn_div.c
|
||||
--- openssl-0.9.8b/crypto/bn/bn_div.c.no-branch 2005-08-29 01:20:43.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_div.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -169,13 +169,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, cons
|
||||
#endif /* OPENSSL_NO_ASM */
|
||||
|
||||
|
||||
-/* BN_div computes dv := num / divisor, rounding towards zero, and sets up
|
||||
- * rm such that dv*divisor + rm = num holds.
|
||||
+/* BN_div[_no_branch] computes dv := num / divisor, rounding towards
|
||||
+ * zero, and sets up rm such that dv*divisor + rm = num holds.
|
||||
* Thus:
|
||||
* dv->neg == num->neg ^ divisor->neg (unless the result is zero)
|
||||
* rm->neg == num->neg (unless the remainder is zero)
|
||||
* If 'dv' or 'rm' is NULL, the respective value is not returned.
|
||||
*/
|
||||
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
||||
+ const BIGNUM *divisor, BN_CTX *ctx);
|
||||
int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
@@ -185,6 +187,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
|
||||
BN_ULONG d0,d1;
|
||||
int num_n,div_n;
|
||||
|
||||
+ if (BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
|
||||
+ {
|
||||
+ return BN_div_no_branch(dv, rm, num, divisor, ctx);
|
||||
+ }
|
||||
+
|
||||
bn_check_top(dv);
|
||||
bn_check_top(rm);
|
||||
bn_check_top(num);
|
||||
@@ -397,4 +404,229 @@ err:
|
||||
return(0);
|
||||
}
|
||||
|
||||
+
|
||||
+/* BN_div_no_branch is a special version of BN_div. It does not contain
|
||||
+ * branches that may leak sensitive information.
|
||||
+ */
|
||||
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
|
||||
+ const BIGNUM *divisor, BN_CTX *ctx)
|
||||
+ {
|
||||
+ int norm_shift,i,loop;
|
||||
+ BIGNUM *tmp,wnum,*snum,*sdiv,*res;
|
||||
+ BN_ULONG *resp,*wnump;
|
||||
+ BN_ULONG d0,d1;
|
||||
+ int num_n,div_n;
|
||||
+
|
||||
+ bn_check_top(dv);
|
||||
+ bn_check_top(rm);
|
||||
+ bn_check_top(num);
|
||||
+ bn_check_top(divisor);
|
||||
+
|
||||
+ if (BN_is_zero(divisor))
|
||||
+ {
|
||||
+ BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+ tmp=BN_CTX_get(ctx);
|
||||
+ snum=BN_CTX_get(ctx);
|
||||
+ sdiv=BN_CTX_get(ctx);
|
||||
+ if (dv == NULL)
|
||||
+ res=BN_CTX_get(ctx);
|
||||
+ else res=dv;
|
||||
+ if (sdiv == NULL || res == NULL) goto err;
|
||||
+
|
||||
+ /* First we normalise the numbers */
|
||||
+ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
|
||||
+ if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
|
||||
+ sdiv->neg=0;
|
||||
+ norm_shift+=BN_BITS2;
|
||||
+ if (!(BN_lshift(snum,num,norm_shift))) goto err;
|
||||
+ snum->neg=0;
|
||||
+
|
||||
+ /* Since we don't know whether snum is larger than sdiv,
|
||||
+ * we pad snum with enough zeroes without changing its
|
||||
+ * value.
|
||||
+ */
|
||||
+ if (snum->top <= sdiv->top+1)
|
||||
+ {
|
||||
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
|
||||
+ for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
|
||||
+ snum->top = sdiv->top + 2;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
|
||||
+ snum->d[snum->top] = 0;
|
||||
+ snum->top ++;
|
||||
+ }
|
||||
+
|
||||
+ div_n=sdiv->top;
|
||||
+ num_n=snum->top;
|
||||
+ loop=num_n-div_n;
|
||||
+ /* Lets setup a 'window' into snum
|
||||
+ * This is the part that corresponds to the current
|
||||
+ * 'area' being divided */
|
||||
+ wnum.neg = 0;
|
||||
+ wnum.d = &(snum->d[loop]);
|
||||
+ wnum.top = div_n;
|
||||
+ /* only needed when BN_ucmp messes up the values between top and max */
|
||||
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
|
||||
+
|
||||
+ /* Get the top 2 words of sdiv */
|
||||
+ /* div_n=sdiv->top; */
|
||||
+ d0=sdiv->d[div_n-1];
|
||||
+ d1=(div_n == 1)?0:sdiv->d[div_n-2];
|
||||
+
|
||||
+ /* pointer to the 'top' of snum */
|
||||
+ wnump= &(snum->d[num_n-1]);
|
||||
+
|
||||
+ /* Setup to 'res' */
|
||||
+ res->neg= (num->neg^divisor->neg);
|
||||
+ if (!bn_wexpand(res,(loop+1))) goto err;
|
||||
+ res->top=loop-1;
|
||||
+ resp= &(res->d[loop-1]);
|
||||
+
|
||||
+ /* space for temp */
|
||||
+ if (!bn_wexpand(tmp,(div_n+1))) goto err;
|
||||
+
|
||||
+ /* if res->top == 0 then clear the neg value otherwise decrease
|
||||
+ * the resp pointer */
|
||||
+ if (res->top == 0)
|
||||
+ res->neg = 0;
|
||||
+ else
|
||||
+ resp--;
|
||||
+
|
||||
+ for (i=0; i<loop-1; i++, wnump--, resp--)
|
||||
+ {
|
||||
+ BN_ULONG q,l0;
|
||||
+ /* the first part of the loop uses the top two words of
|
||||
+ * snum and sdiv to calculate a BN_ULONG q such that
|
||||
+ * | wnum - sdiv * q | < sdiv */
|
||||
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
|
||||
+ BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
|
||||
+ q=bn_div_3_words(wnump,d1,d0);
|
||||
+#else
|
||||
+ BN_ULONG n0,n1,rem=0;
|
||||
+
|
||||
+ n0=wnump[0];
|
||||
+ n1=wnump[-1];
|
||||
+ if (n0 == d0)
|
||||
+ q=BN_MASK2;
|
||||
+ else /* n0 < d0 */
|
||||
+ {
|
||||
+#ifdef BN_LLONG
|
||||
+ BN_ULLONG t2;
|
||||
+
|
||||
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
|
||||
+ q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
|
||||
+#else
|
||||
+ q=bn_div_words(n0,n1,d0);
|
||||
+#ifdef BN_DEBUG_LEVITTE
|
||||
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
|
||||
+X) -> 0x%08X\n",
|
||||
+ n0, n1, d0, q);
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
|
||||
+ /*
|
||||
+ * rem doesn't have to be BN_ULLONG. The least we
|
||||
+ * know it's less that d0, isn't it?
|
||||
+ */
|
||||
+ rem=(n1-q*d0)&BN_MASK2;
|
||||
+#endif
|
||||
+ t2=(BN_ULLONG)d1*q;
|
||||
+
|
||||
+ for (;;)
|
||||
+ {
|
||||
+ if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
|
||||
+ break;
|
||||
+ q--;
|
||||
+ rem += d0;
|
||||
+ if (rem < d0) break; /* don't let rem overflow */
|
||||
+ t2 -= d1;
|
||||
+ }
|
||||
+#else /* !BN_LLONG */
|
||||
+ BN_ULONG t2l,t2h,ql,qh;
|
||||
+
|
||||
+ q=bn_div_words(n0,n1,d0);
|
||||
+#ifdef BN_DEBUG_LEVITTE
|
||||
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
|
||||
+X) -> 0x%08X\n",
|
||||
+ n0, n1, d0, q);
|
||||
+#endif
|
||||
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
|
||||
+ rem=(n1-q*d0)&BN_MASK2;
|
||||
+#endif
|
||||
+
|
||||
+#if defined(BN_UMULT_LOHI)
|
||||
+ BN_UMULT_LOHI(t2l,t2h,d1,q);
|
||||
+#elif defined(BN_UMULT_HIGH)
|
||||
+ t2l = d1 * q;
|
||||
+ t2h = BN_UMULT_HIGH(d1,q);
|
||||
+#else
|
||||
+ t2l=LBITS(d1); t2h=HBITS(d1);
|
||||
+ ql =LBITS(q); qh =HBITS(q);
|
||||
+ mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
|
||||
+#endif
|
||||
+
|
||||
+ for (;;)
|
||||
+ {
|
||||
+ if ((t2h < rem) ||
|
||||
+ ((t2h == rem) && (t2l <= wnump[-2])))
|
||||
+ break;
|
||||
+ q--;
|
||||
+ rem += d0;
|
||||
+ if (rem < d0) break; /* don't let rem overflow */
|
||||
+ if (t2l < d1) t2h--; t2l -= d1;
|
||||
+ }
|
||||
+#endif /* !BN_LLONG */
|
||||
+ }
|
||||
+#endif /* !BN_DIV3W */
|
||||
+
|
||||
+ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
|
||||
+ tmp->d[div_n]=l0;
|
||||
+ wnum.d--;
|
||||
+ /* ingore top values of the bignums just sub the two
|
||||
+ * BN_ULONG arrays with bn_sub_words */
|
||||
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
|
||||
+ {
|
||||
+ /* Note: As we have considered only the leading
|
||||
+ * two BN_ULONGs in the calculation of q, sdiv * q
|
||||
+ * might be greater than wnum (but then (q-1) * sdiv
|
||||
+ * is less or equal than wnum)
|
||||
+ */
|
||||
+ q--;
|
||||
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
|
||||
+ /* we can't have an overflow here (assuming
|
||||
+ * that q != 0, but if q == 0 then tmp is
|
||||
+ * zero anyway) */
|
||||
+ (*wnump)++;
|
||||
+ }
|
||||
+ /* store part of the result */
|
||||
+ *resp = q;
|
||||
+ }
|
||||
+ bn_correct_top(snum);
|
||||
+ if (rm != NULL)
|
||||
+ {
|
||||
+ /* Keep a copy of the neg flag in num because if rm==num
|
||||
+ * BN_rshift() will overwrite it.
|
||||
+ */
|
||||
+ int neg = num->neg;
|
||||
+ BN_rshift(rm,snum,norm_shift);
|
||||
+ if (!BN_is_zero(rm))
|
||||
+ rm->neg = neg;
|
||||
+ bn_check_top(rm);
|
||||
+ }
|
||||
+ bn_correct_top(res);
|
||||
+ BN_CTX_end(ctx);
|
||||
+ return(1);
|
||||
+err:
|
||||
+ bn_check_top(rm);
|
||||
+ BN_CTX_end(ctx);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch openssl-0.9.8b/crypto/bn/bn_gcd.c
|
||||
--- openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch 2005-08-29 01:20:43.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/bn/bn_gcd.c 2007-08-03 13:58:58.000000000 +0200
|
||||
@@ -203,6 +203,8 @@ err:
|
||||
|
||||
|
||||
/* solves ax == 1 (mod n) */
|
||||
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
|
||||
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
|
||||
BIGNUM *BN_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
{
|
||||
@@ -210,6 +212,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
|
||||
BIGNUM *ret=NULL;
|
||||
int sign;
|
||||
|
||||
+ if (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)
|
||||
+ {
|
||||
+ return BN_mod_inverse_no_branch(in, a, n, ctx);
|
||||
+ }
|
||||
+
|
||||
bn_check_top(a);
|
||||
bn_check_top(n);
|
||||
|
||||
@@ -491,3 +498,157 @@ err:
|
||||
bn_check_top(ret);
|
||||
return(ret);
|
||||
}
|
||||
+
|
||||
+
|
||||
+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
|
||||
+ * It does not contain branches that may leak sensitive information.
|
||||
+ */
|
||||
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
|
||||
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
|
||||
+ {
|
||||
+ BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
|
||||
+ BIGNUM local_A, local_B;
|
||||
+ BIGNUM *pA, *pB;
|
||||
+ BIGNUM *ret=NULL;
|
||||
+ int sign;
|
||||
+
|
||||
+ bn_check_top(a);
|
||||
+ bn_check_top(n);
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+ A = BN_CTX_get(ctx);
|
||||
+ B = BN_CTX_get(ctx);
|
||||
+ X = BN_CTX_get(ctx);
|
||||
+ D = BN_CTX_get(ctx);
|
||||
+ M = BN_CTX_get(ctx);
|
||||
+ Y = BN_CTX_get(ctx);
|
||||
+ T = BN_CTX_get(ctx);
|
||||
+ if (T == NULL) goto err;
|
||||
+
|
||||
+ if (in == NULL)
|
||||
+ R=BN_new();
|
||||
+ else
|
||||
+ R=in;
|
||||
+ if (R == NULL) goto err;
|
||||
+
|
||||
+ BN_one(X);
|
||||
+ BN_zero(Y);
|
||||
+ if (BN_copy(B,a) == NULL) goto err;
|
||||
+ if (BN_copy(A,n) == NULL) goto err;
|
||||
+ A->neg = 0;
|
||||
+
|
||||
+ if (B->neg || (BN_ucmp(B, A) >= 0))
|
||||
+ {
|
||||
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
+ * BN_div_no_branch will be called eventually.
|
||||
+ */
|
||||
+ pB = &local_B;
|
||||
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
|
||||
+ if (!BN_nnmod(B, pB, A, ctx)) goto err;
|
||||
+ }
|
||||
+ sign = -1;
|
||||
+ /* From B = a mod |n|, A = |n| it follows that
|
||||
+ *
|
||||
+ * 0 <= B < A,
|
||||
+ * -sign*X*a == B (mod |n|),
|
||||
+ * sign*Y*a == A (mod |n|).
|
||||
+ */
|
||||
+
|
||||
+ while (!BN_is_zero(B))
|
||||
+ {
|
||||
+ BIGNUM *tmp;
|
||||
+
|
||||
+ /*
|
||||
+ * 0 < B < A,
|
||||
+ * (*) -sign*X*a == B (mod |n|),
|
||||
+ * sign*Y*a == A (mod |n|)
|
||||
+ */
|
||||
+
|
||||
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
|
||||
+ * BN_div_no_branch will be called eventually.
|
||||
+ */
|
||||
+ pA = &local_A;
|
||||
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
|
||||
+
|
||||
+ /* (D, M) := (A/B, A%B) ... */
|
||||
+ if (!BN_div(D,M,pA,B,ctx)) goto err;
|
||||
+
|
||||
+ /* Now
|
||||
+ * A = D*B + M;
|
||||
+ * thus we have
|
||||
+ * (**) sign*Y*a == D*B + M (mod |n|).
|
||||
+ */
|
||||
+
|
||||
+ tmp=A; /* keep the BIGNUM object, the value does not matter */
|
||||
+
|
||||
+ /* (A, B) := (B, A mod B) ... */
|
||||
+ A=B;
|
||||
+ B=M;
|
||||
+ /* ... so we have 0 <= B < A again */
|
||||
+
|
||||
+ /* Since the former M is now B and the former B is now A,
|
||||
+ * (**) translates into
|
||||
+ * sign*Y*a == D*A + B (mod |n|),
|
||||
+ * i.e.
|
||||
+ * sign*Y*a - D*A == B (mod |n|).
|
||||
+ * Similarly, (*) translates into
|
||||
+ * -sign*X*a == A (mod |n|).
|
||||
+ *
|
||||
+ * Thus,
|
||||
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
|
||||
+ * i.e.
|
||||
+ * sign*(Y + D*X)*a == B (mod |n|).
|
||||
+ *
|
||||
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
|
||||
+ * -sign*X*a == B (mod |n|),
|
||||
+ * sign*Y*a == A (mod |n|).
|
||||
+ * Note that X and Y stay non-negative all the time.
|
||||
+ */
|
||||
+
|
||||
+ if (!BN_mul(tmp,D,X,ctx)) goto err;
|
||||
+ if (!BN_add(tmp,tmp,Y)) goto err;
|
||||
+
|
||||
+ M=Y; /* keep the BIGNUM object, the value does not matter */
|
||||
+ Y=X;
|
||||
+ X=tmp;
|
||||
+ sign = -sign;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * The while loop (Euclid's algorithm) ends when
|
||||
+ * A == gcd(a,n);
|
||||
+ * we have
|
||||
+ * sign*Y*a == A (mod |n|),
|
||||
+ * where Y is non-negative.
|
||||
+ */
|
||||
+
|
||||
+ if (sign < 0)
|
||||
+ {
|
||||
+ if (!BN_sub(Y,n,Y)) goto err;
|
||||
+ }
|
||||
+ /* Now Y*a == A (mod |n|). */
|
||||
+
|
||||
+ if (BN_is_one(A))
|
||||
+ {
|
||||
+ /* Y*a == 1 (mod |n|) */
|
||||
+ if (!Y->neg && BN_ucmp(Y,n) < 0)
|
||||
+ {
|
||||
+ if (!BN_copy(R,Y)) goto err;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (!BN_nnmod(R,Y,n,ctx)) goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ ret=R;
|
||||
+err:
|
||||
+ if ((ret == NULL) && (in == NULL)) BN_free(R);
|
||||
+ BN_CTX_end(ctx);
|
||||
+ bn_check_top(ret);
|
||||
+ return(ret);
|
||||
+ }
|
File diff suppressed because it is too large
Load Diff
@ -1,45 +0,0 @@
|
||||
Possible one byte buffer overflow in SSL_get_shared_ciphers.
|
||||
CVE-2007-5135
|
||||
diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c
|
||||
--- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200
|
||||
+++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200
|
||||
@@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha
|
||||
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
|
||||
{
|
||||
char *p;
|
||||
- const char *cp;
|
||||
STACK_OF(SSL_CIPHER) *sk;
|
||||
SSL_CIPHER *c;
|
||||
int i;
|
||||
@@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL *
|
||||
sk=s->session->ciphers;
|
||||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
||||
{
|
||||
- /* Decrement for either the ':' or a '\0' */
|
||||
- len--;
|
||||
+ int n;
|
||||
+
|
||||
c=sk_SSL_CIPHER_value(sk,i);
|
||||
- for (cp=c->name; *cp; )
|
||||
+ n=strlen(c->name);
|
||||
+ if (n+1 > len)
|
||||
{
|
||||
- if (len-- <= 0)
|
||||
- {
|
||||
- *p='\0';
|
||||
- return(buf);
|
||||
- }
|
||||
- else
|
||||
- *(p++)= *(cp++);
|
||||
+ if (p != buf)
|
||||
+ --p;
|
||||
+ *p='\0';
|
||||
+ return buf;
|
||||
}
|
||||
+ strcpy(p,c->name);
|
||||
+ p+=n;
|
||||
*(p++)=':';
|
||||
+ len-=n+1;
|
||||
}
|
||||
p[-1]='\0';
|
||||
return(buf);
|
@ -1,32 +0,0 @@
|
||||
--- openssl-0.9.8a/apps/enc.c.orig 2006-07-27 18:37:05.000000000 -0500
|
||||
+++ openssl-0.9.8a/apps/enc.c 2006-07-27 18:38:30.000000000 -0500
|
||||
@@ -340,7 +340,7 @@
|
||||
}
|
||||
|
||||
/* It must be large enough for a base64 encoded line */
|
||||
- if (n < 80) n=80;
|
||||
+ if (base64 && n < 80) n=80;
|
||||
|
||||
bsize=(int)n;
|
||||
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
|
||||
@@ -370,7 +370,11 @@
|
||||
}
|
||||
|
||||
if (inf == NULL)
|
||||
+ {
|
||||
+ if (bufsize != NULL)
|
||||
+ setvbuf(stdin, (char *)NULL, _IONBF, 0);
|
||||
BIO_set_fp(in,stdin,BIO_NOCLOSE);
|
||||
+ }
|
||||
else
|
||||
{
|
||||
if (BIO_read_filename(in,inf) <= 0)
|
||||
@@ -421,6 +425,8 @@
|
||||
if (outf == NULL)
|
||||
{
|
||||
BIO_set_fp(out,stdout,BIO_NOCLOSE);
|
||||
+ if (bufsize != NULL)
|
||||
+ setvbuf(stdout, (char *)NULL, _IONBF, 0);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
@ -1,49 +0,0 @@
|
||||
openssl/crypto/pkcs12/p12_mutl.c 1.23.2.1 -> 1.23.2.2
|
||||
|
||||
--- openssl/crypto/pkcs12/p12_mutl.c 2005/06/30 11:34:27 1.23.2.1
|
||||
+++ openssl/crypto/pkcs12/p12_mutl.c 2006/05/17 18:20:27 1.23.2.2
|
||||
@@ -69,7 +69,7 @@
|
||||
{
|
||||
const EVP_MD *md_type;
|
||||
HMAC_CTX hmac;
|
||||
- unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
|
||||
+ unsigned char key[EVP_MAX_MD_SIZE], *salt;
|
||||
int saltlen, iter;
|
||||
|
||||
if (!PKCS7_type_is_data(p12->authsafes))
|
||||
@@ -88,12 +88,12 @@
|
||||
return 0;
|
||||
}
|
||||
if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
|
||||
- PKCS12_MAC_KEY_LENGTH, key, md_type)) {
|
||||
+ EVP_MD_size(md_type), key, md_type)) {
|
||||
PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
|
||||
return 0;
|
||||
}
|
||||
HMAC_CTX_init(&hmac);
|
||||
- HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
|
||||
+ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
|
||||
HMAC_Update(&hmac, p12->authsafes->d.data->data,
|
||||
p12->authsafes->d.data->length);
|
||||
HMAC_Final(&hmac, mac, maclen);
|
||||
openssl/apps/pkcs12.c 1.79.2.1 -> 1.79.2.2
|
||||
|
||||
--- openssl/apps/pkcs12.c 2005/05/31 17:31:50 1.79.2.1
|
||||
+++ openssl/apps/pkcs12.c 2006/05/17 18:25:59 1.79.2.2
|
||||
@@ -825,12 +825,14 @@
|
||||
PBEPARAM *pbe;
|
||||
const unsigned char *p;
|
||||
p = alg->parameter->value.sequence->data;
|
||||
- pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
|
||||
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
|
||||
+ if (!pbe)
|
||||
+ return 1;
|
||||
BIO_printf (bio_err, "%s, Iteration %ld\n",
|
||||
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
|
||||
ASN1_INTEGER_get(pbe->iter));
|
||||
PBEPARAM_free (pbe);
|
||||
- return 0;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/* Load all certificates from a given file */
|
@ -1,20 +0,0 @@
|
||||
--- openssl-0.9.8b/crypto/pkcs7/pk7_smime.c.pk7-leak 2005-08-05 00:10:05.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/pkcs7/pk7_smime.c 2006-07-20 13:53:16.000000000 +0200
|
||||
@@ -127,6 +127,8 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ if(flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1);
|
||||
+
|
||||
if (flags & PKCS7_STREAM)
|
||||
return p7;
|
||||
|
||||
@@ -138,8 +140,6 @@
|
||||
|
||||
SMIME_crlf_copy(data, p7bio, flags);
|
||||
|
||||
- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
|
||||
-
|
||||
if (!PKCS7_dataFinal(p7,p7bio)) {
|
||||
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
|
||||
PKCS7_free(p7);
|
@ -1,33 +0,0 @@
|
||||
--- openssl-0.9.8b/crypto/x509/by_dir.c.add-dir 2005-07-03 15:15:53.000000000 +0200
|
||||
+++ openssl-0.9.8b/crypto/x509/by_dir.c 2006-10-03 15:14:06.000000000 +0200
|
||||
@@ -189,7 +189,7 @@
|
||||
|
||||
s=dir;
|
||||
p=s;
|
||||
- for (;;)
|
||||
+ for (;;p++)
|
||||
{
|
||||
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
|
||||
{
|
||||
@@ -198,8 +198,11 @@
|
||||
len=(int)(p-ss);
|
||||
if (len == 0) continue;
|
||||
for (j=0; j<ctx->num_dirs; j++)
|
||||
- if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
|
||||
- continue;
|
||||
+ if (strlen(ctx->dirs[j]) == len &&
|
||||
+ strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
|
||||
+ break;
|
||||
+ if (j<ctx->num_dirs)
|
||||
+ continue;
|
||||
if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
|
||||
{
|
||||
ctx->num_dirs_alloced+=10;
|
||||
@@ -231,7 +234,6 @@
|
||||
ctx->num_dirs++;
|
||||
}
|
||||
if (*p == '\0') break;
|
||||
- p++;
|
||||
}
|
||||
return(1);
|
||||
}
|
@ -1,103 +1,7 @@
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_apps.h openssl-0.9.8b/apps/s_apps.h
|
||||
--- openssl-0.9.8b.orig/apps/s_apps.h 2006-07-11 16:14:29.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_apps.h 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -148,7 +148,7 @@
|
||||
#define PORT_STR "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#endif
|
||||
@@ -156,10 +156,9 @@
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||
#endif
|
||||
-int init_client(int *sock, char *server, int port, int type);
|
||||
+int init_client(int *sock, char *server, char *port, int type);
|
||||
int should_retry(int i);
|
||||
-int extract_port(char *str, short *port_ptr);
|
||||
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
|
||||
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||
|
||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_client.c openssl-0.9.8b/apps/s_client.c
|
||||
--- openssl-0.9.8b.orig/apps/s_client.c 2005-11-25 14:46:41.000000000 +0100
|
||||
+++ openssl-0.9.8b/apps/s_client.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -246,7 +246,7 @@
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
int full_log=1;
|
||||
char *host=SSL_HOST_NAME;
|
||||
char *cert_file=NULL,*key_file=NULL;
|
||||
@@ -330,13 +330,12 @@
|
||||
else if (strcmp(*argv,"-port") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- port=atoi(*(++argv));
|
||||
- if (port == 0) goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-connect") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_host_port(*(++argv),&host,NULL,&port))
|
||||
+ if (!extract_host_port(*(++argv),&host,&port_str))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
@@ -619,7 +618,7 @@
|
||||
|
||||
re_start:
|
||||
|
||||
- if (init_client(&s,host,port,sock_type) == 0)
|
||||
+ if (init_client(&s,host,port_str,sock_type) == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||
SHUTDOWN(s);
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_server.c openssl-0.9.8b/apps/s_server.c
|
||||
--- openssl-0.9.8b.orig/apps/s_server.c 2005-09-02 14:27:02.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_server.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -532,7 +532,7 @@
|
||||
{
|
||||
X509_STORE *store = NULL;
|
||||
int vflags = 0;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
unsigned char *context = NULL;
|
||||
char *dhfile = NULL;
|
||||
@@ -597,8 +597,7 @@
|
||||
(strcmp(*argv,"-accept") == 0))
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_port(*(++argv),&port))
|
||||
- goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
{
|
||||
@@ -1086,9 +1085,9 @@
|
||||
|
||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||
if (www)
|
||||
- do_server(port,sock_type,&accept_socket,www_body, context);
|
||||
+ do_server(port_str,sock_type,&accept_socket,www_body, context);
|
||||
else
|
||||
- do_server(port,sock_type,&accept_socket,sv_body, context);
|
||||
+ do_server(port_str,sock_type,&accept_socket,sv_body, context);
|
||||
print_stats(bio_s_out,ctx);
|
||||
ret=0;
|
||||
end:
|
||||
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_socket.c openssl-0.9.8b/apps/s_socket.c
|
||||
--- openssl-0.9.8b.orig/apps/s_socket.c 2005-06-13 05:21:00.000000000 +0200
|
||||
+++ openssl-0.9.8b/apps/s_socket.c 2006-07-13 08:44:29.000000000 +0200
|
||||
@@ -96,9 +96,7 @@
|
||||
diff -up openssl-0.9.8g/apps/s_socket.c.ipv6-apps openssl-0.9.8g/apps/s_socket.c
|
||||
--- openssl-0.9.8g/apps/s_socket.c.ipv6-apps 2005-06-13 05:21:00.000000000 +0200
|
||||
+++ openssl-0.9.8g/apps/s_socket.c 2007-12-03 13:28:42.000000000 +0100
|
||||
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
|
||||
static void ssl_sock_cleanup(void);
|
||||
#endif
|
||||
static int ssl_sock_init(void);
|
||||
@ -108,7 +12,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
static int do_accept(int acc_sock, int *sock, char **host);
|
||||
static int host_ip(char *str, unsigned char ip[4]);
|
||||
|
||||
@@ -228,60 +226,69 @@
|
||||
@@ -228,60 +226,69 @@ static int ssl_sock_init(void)
|
||||
return(1);
|
||||
}
|
||||
|
||||
@ -208,17 +112,17 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
+ res = res->ai_next;
|
||||
+ }
|
||||
+ freeaddrinfo(res0);
|
||||
+
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
+ perror(failed_call);
|
||||
+ return(0);
|
||||
+ }
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
+
|
||||
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
|
||||
{
|
||||
int sock;
|
||||
char *name = NULL;
|
||||
@@ -319,33 +326,38 @@
|
||||
@@ -319,33 +326,38 @@ int do_server(int port, int type, int *r
|
||||
}
|
||||
}
|
||||
|
||||
@ -248,15 +152,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
-#else
|
||||
- memcpy(&server.sin_addr,ip,4);
|
||||
-#endif
|
||||
-
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
||||
|
||||
- if (type == SOCK_STREAM)
|
||||
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
|
||||
- else /* type == SOCK_DGRAM */
|
||||
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
|
||||
+ memset(&hints, '\0', sizeof(hints));
|
||||
+ hints.ai_socktype = type;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
||||
+
|
||||
+ e = getaddrinfo(NULL, port, &hints, &res);
|
||||
+ if (e)
|
||||
+ {
|
||||
@ -279,7 +182,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||
{
|
||||
int j = 1;
|
||||
@@ -353,36 +365,39 @@
|
||||
@@ -353,36 +365,39 @@ static int init_server_long(int *sock, i
|
||||
(void *) &j, sizeof j);
|
||||
}
|
||||
#endif
|
||||
@ -339,7 +242,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
int len;
|
||||
/* struct linger ling; */
|
||||
|
||||
@@ -427,137 +442,62 @@
|
||||
@@ -427,137 +442,62 @@ redoit:
|
||||
if (i < 0) { perror("keepalive"); return(0); }
|
||||
*/
|
||||
|
||||
@ -353,14 +256,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
- sizeof(struct in_addr),AF_INET);
|
||||
-#endif
|
||||
- if (h1 == NULL)
|
||||
+ if (host == NULL)
|
||||
{
|
||||
- {
|
||||
- BIO_printf(bio_err,"bad gethostbyaddr\n");
|
||||
- *host=NULL;
|
||||
- /* return(0); */
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
+ if (host == NULL)
|
||||
{
|
||||
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
|
||||
- {
|
||||
- perror("OPENSSL_malloc");
|
||||
@ -506,3 +409,99 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
|
||||
return(1);
|
||||
}
|
||||
|
||||
diff -up openssl-0.9.8g/apps/s_server.c.ipv6-apps openssl-0.9.8g/apps/s_server.c
|
||||
--- openssl-0.9.8g/apps/s_server.c.ipv6-apps 2007-08-23 14:16:02.000000000 +0200
|
||||
+++ openssl-0.9.8g/apps/s_server.c 2007-12-03 13:31:14.000000000 +0100
|
||||
@@ -592,7 +592,7 @@ int MAIN(int argc, char *argv[])
|
||||
{
|
||||
X509_STORE *store = NULL;
|
||||
int vflags = 0;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
char *CApath=NULL,*CAfile=NULL;
|
||||
unsigned char *context = NULL;
|
||||
char *dhfile = NULL;
|
||||
@@ -662,8 +662,7 @@ int MAIN(int argc, char *argv[])
|
||||
(strcmp(*argv,"-accept") == 0))
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_port(*(++argv),&port))
|
||||
- goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
{
|
||||
@@ -1332,9 +1331,9 @@ bad:
|
||||
}
|
||||
BIO_printf(bio_s_out,"ACCEPT\n");
|
||||
if (www)
|
||||
- do_server(port,socket_type,&accept_socket,www_body, context);
|
||||
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
|
||||
else
|
||||
- do_server(port,socket_type,&accept_socket,sv_body, context);
|
||||
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
|
||||
print_stats(bio_s_out,ctx);
|
||||
ret=0;
|
||||
end:
|
||||
diff -up openssl-0.9.8g/apps/s_client.c.ipv6-apps openssl-0.9.8g/apps/s_client.c
|
||||
--- openssl-0.9.8g/apps/s_client.c.ipv6-apps 2007-08-23 14:20:56.000000000 +0200
|
||||
+++ openssl-0.9.8g/apps/s_client.c 2007-12-03 13:28:42.000000000 +0100
|
||||
@@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
|
||||
int cbuf_len,cbuf_off;
|
||||
int sbuf_len,sbuf_off;
|
||||
fd_set readfds,writefds;
|
||||
- short port=PORT;
|
||||
+ char *port_str = PORT_STR;
|
||||
int full_log=1;
|
||||
char *host=SSL_HOST_NAME;
|
||||
char *cert_file=NULL,*key_file=NULL;
|
||||
@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-port") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- port=atoi(*(++argv));
|
||||
- if (port == 0) goto bad;
|
||||
+ port_str= *(++argv);
|
||||
}
|
||||
else if (strcmp(*argv,"-connect") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
- if (!extract_host_port(*(++argv),&host,NULL,&port))
|
||||
+ if (!extract_host_port(*(++argv),&host,&port_str))
|
||||
goto bad;
|
||||
}
|
||||
else if (strcmp(*argv,"-verify") == 0)
|
||||
@@ -739,7 +738,7 @@ bad:
|
||||
|
||||
re_start:
|
||||
|
||||
- if (init_client(&s,host,port,sock_type) == 0)
|
||||
+ if (init_client(&s,host,port_str,sock_type) == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||
SHUTDOWN(s);
|
||||
diff -up openssl-0.9.8g/apps/s_apps.h.ipv6-apps openssl-0.9.8g/apps/s_apps.h
|
||||
--- openssl-0.9.8g/apps/s_apps.h.ipv6-apps 2007-12-03 13:28:42.000000000 +0100
|
||||
+++ openssl-0.9.8g/apps/s_apps.h 2007-12-03 13:28:42.000000000 +0100
|
||||
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
||||
#define PORT_STR "4433"
|
||||
#define PROTOCOL "tcp"
|
||||
|
||||
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
|
||||
#ifdef HEADER_X509_H
|
||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||
#endif
|
||||
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
|
||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||
#endif
|
||||
-int init_client(int *sock, char *server, int port, int type);
|
||||
+int init_client(int *sock, char *server, char *port, int type);
|
||||
int should_retry(int i);
|
||||
-int extract_port(char *str, short *port_ptr);
|
||||
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
|
||||
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||
|
||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||
int argi, long argl, long ret);
|
@ -1,6 +1,7 @@
|
||||
--- openssl-0.9.8a/Configure.redhat 2005-11-08 01:50:41.000000000 +0100
|
||||
+++ openssl-0.9.8a/Configure 2005-11-08 10:23:38.000000000 +0100
|
||||
@@ -313,29 +313,29 @@
|
||||
diff -up openssl-0.9.8g/Configure.redhat openssl-0.9.8g/Configure
|
||||
--- openssl-0.9.8g/Configure.redhat 2007-09-16 14:24:17.000000000 +0200
|
||||
+++ openssl-0.9.8g/Configure 2007-12-03 13:16:08.000000000 +0100
|
||||
@@ -313,28 +313,28 @@ my %table=(
|
||||
####
|
||||
# *-generic* is endian-neutral target, but ./config is free to
|
||||
# throw in -D[BL]_ENDIAN, whichever appropriate...
|
||||
@ -16,10 +17,9 @@
|
||||
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
|
||||
####
|
||||
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# -bpowerpc64-linux is transient option, -m64 should be the one to use...
|
||||
-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
@ -36,12 +36,12 @@
|
||||
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# GCC 3.1 is a requirement
|
||||
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
#### Alpha Linux with GNU C and Compaq C setups
|
||||
# Special notes:
|
||||
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
|
||||
@@ -349,8 +349,8 @@
|
||||
@@ -348,8 +348,8 @@ my %table=(
|
||||
#
|
||||
# <appro@fy.chalmers.se>
|
||||
#
|
@ -3,17 +3,30 @@ compatibility, we have to increment the soname in order to allow
|
||||
this version to co-exist with another versions and have everything
|
||||
work right.
|
||||
|
||||
--- openssl-0.9.8b/Makefile.org.soversion 2006-05-11 11:53:26.000000000 +0200
|
||||
+++ openssl-0.9.8b/Makefile.org 2006-05-11 12:14:05.000000000 +0200
|
||||
@@ -10,6 +10,7 @@
|
||||
diff -up openssl-0.9.8g/Configure.soversion openssl-0.9.8g/Configure
|
||||
--- openssl-0.9.8g/Configure.soversion 2007-12-03 14:41:19.000000000 +0100
|
||||
+++ openssl-0.9.8g/Configure 2007-12-03 14:41:19.000000000 +0100
|
||||
@@ -1371,7 +1371,7 @@ while (<IN>)
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
|
||||
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||
{
|
||||
diff -up openssl-0.9.8g/Makefile.org.soversion openssl-0.9.8g/Makefile.org
|
||||
--- openssl-0.9.8g/Makefile.org.soversion 2007-12-03 14:41:19.000000000 +0100
|
||||
+++ openssl-0.9.8g/Makefile.org 2007-12-03 14:41:19.000000000 +0100
|
||||
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
|
||||
SHLIB_MAJOR=
|
||||
SHLIB_MINOR=
|
||||
SHLIB_EXT=
|
||||
+SHLIB_SONAMEVER=6
|
||||
+SHLIB_SONAMEVER=7
|
||||
PLATFORM=dist
|
||||
OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
@@ -277,10 +278,9 @@
|
||||
@@ -277,10 +278,9 @@ clean-shared:
|
||||
link-shared:
|
||||
@ set -e; for i in ${SHLIBDIRS}; do \
|
||||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
||||
@ -25,7 +38,7 @@ work right.
|
||||
done
|
||||
|
||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||
@@ -291,7 +291,7 @@
|
||||
@@ -291,7 +291,7 @@ do_$(SHLIB_TARGET):
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
||||
@ -34,14 +47,3 @@ work right.
|
||||
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
|
||||
LIBDEPS="$$libs $(EX_LIBS)" \
|
||||
link_a.$(SHLIB_TARGET); \
|
||||
--- openssl-0.9.8b/Configure.soversion 2006-05-11 11:53:26.000000000 +0200
|
||||
+++ openssl-0.9.8b/Configure 2006-05-11 11:53:26.000000000 +0200
|
||||
@@ -1327,7 +1327,7 @@
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
|
||||
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||
{
|
67
openssl.spec
67
openssl.spec
@ -6,7 +6,8 @@
|
||||
# 0.9.7a soversion = 4
|
||||
# 0.9.7ef soversion = 5
|
||||
# 0.9.8ab soversion = 6
|
||||
%define soversion 6
|
||||
# 0.9.8g soversion = 7
|
||||
%define soversion 7
|
||||
|
||||
# Number of threads to spawn when testing some threading fixes.
|
||||
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
||||
@ -20,8 +21,8 @@
|
||||
|
||||
Summary: The OpenSSL toolkit
|
||||
Name: openssl
|
||||
Version: 0.9.8b
|
||||
Release: 17%{?dist}
|
||||
Version: 0.9.8g
|
||||
Release: 1%{?dist}
|
||||
Source: openssl-%{version}-usa.tar.bz2
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
@ -33,41 +34,25 @@ Source8: openssl-thread-test.c
|
||||
Source9: opensslconf-new.h
|
||||
Source10: opensslconf-new-warning.h
|
||||
# Build changes
|
||||
Patch0: openssl-0.9.8a-redhat.patch
|
||||
Patch0: openssl-0.9.8g-redhat.patch
|
||||
Patch1: openssl-0.9.8a-defaults.patch
|
||||
Patch2: openssl-0.9.8a-link-krb5.patch
|
||||
Patch3: openssl-0.9.8b-soversion.patch
|
||||
Patch3: openssl-0.9.8g-soversion.patch
|
||||
Patch4: openssl-0.9.8a-enginesdir.patch
|
||||
Patch5: openssl-0.9.8a-no-rpath.patch
|
||||
Patch24: openssl-0.9.8a-padlock.patch
|
||||
Patch6: openssl-0.9.8b-test-use-localhost.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-0.9.8b-aliasing-bug.patch
|
||||
Patch22: openssl-0.9.8b-x509-name-cmp.patch
|
||||
# Functionality changes
|
||||
Patch32: openssl-0.9.7-beta6-ia64.patch
|
||||
Patch33: openssl-0.9.7f-ca-dir.patch
|
||||
Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.7-beta5-version-add-engines.patch
|
||||
Patch36: openssl-0.9.8a-use-poll.patch
|
||||
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
|
||||
Patch39: openssl-0.9.8b-ipv6-apps.patch
|
||||
Patch40: openssl-0.9.8b-enc-bufsize.patch
|
||||
Patch39: openssl-0.9.8g-ipv6-apps.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch51: openssl-0.9.8b-block-padding.patch
|
||||
Patch52: openssl-0.9.8b-pkcs12-fix.patch
|
||||
Patch53: openssl-0.9.8b-bn-threadsafety.patch
|
||||
Patch54: openssl-0.9.8b-aes-cachecol.patch
|
||||
Patch55: openssl-0.9.8b-pkcs7-leak.patch
|
||||
Patch56: openssl-0.9.8b-cve-2006-4339.patch
|
||||
Patch57: openssl-0.9.8b-cve-2006-2937.patch
|
||||
Patch58: openssl-0.9.8b-cve-2006-2940.patch
|
||||
Patch59: openssl-0.9.8b-cve-2006-3738.patch
|
||||
Patch60: openssl-0.9.8b-cve-2006-4343.patch
|
||||
Patch61: openssl-0.9.8b-aliasing-bug.patch
|
||||
Patch62: openssl-0.9.8b-x509-name-cmp.patch
|
||||
Patch63: openssl-0.9.8b-x509-add-dir.patch
|
||||
Patch64: openssl-0.9.8b-test-use-localhost.patch
|
||||
Patch65: openssl-0.9.8b-cve-2007-3108.patch
|
||||
Patch66: openssl-0.9.7a-ssl-strict-matching.patch
|
||||
Patch67: openssl-0.9.8b-cve-2007-4995.patch
|
||||
Patch68: openssl-0.9.8b-cve-2007-5135.patch
|
||||
# None yet
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -116,36 +101,17 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
%patch3 -p1 -b .soversion
|
||||
%patch4 -p1 -b .enginesdir
|
||||
%patch5 -p1 -b .no-rpath
|
||||
%patch6 -p1 -b .use-localhost
|
||||
|
||||
%patch24 -p1 -b .padlock
|
||||
%patch21 -p1 -b .aliasing-bug
|
||||
%patch22 -p1 -b .name-cmp
|
||||
|
||||
%patch32 -p1 -b .ia64
|
||||
#patch33 is applied after make test
|
||||
%patch34 -p1 -b .x509
|
||||
%patch35 -p1 -b .version-add-engines
|
||||
%patch36 -p1 -b .use-poll
|
||||
%patch38 -p1 -b .cipher-change
|
||||
%patch39 -p1 -b .ipv6-apps
|
||||
%patch40 -p1 -b .enc-bufsize
|
||||
|
||||
%patch51 -p1 -b .block-padding
|
||||
%patch52 -p1 -b .pkcs12-fix
|
||||
%patch53 -p1 -b .bn-threadsafety
|
||||
%patch54 -p1 -b .cachecol
|
||||
%patch55 -p1 -b .pkcs7-leak
|
||||
%patch56 -p1 -b .short-padding
|
||||
%patch57 -p1 -b .asn1-error
|
||||
%patch58 -p0 -b .parasitic
|
||||
%patch59 -p0 -b .shared-ciphers
|
||||
%patch60 -p0 -b .client-dos
|
||||
%patch61 -p1 -b .aliasing-bug
|
||||
%patch62 -p1 -b .name-cmp
|
||||
%patch63 -p1 -b .add-dir
|
||||
%patch64 -p1 -b .use-localhost
|
||||
%patch65 -p1 -b .no-branch
|
||||
%patch66 -p1 -b .strict-matching
|
||||
%patch67 -p1 -b .dtls-fixes
|
||||
%patch68 -p1 -b .shciphers
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -386,6 +352,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Nov 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
|
||||
- update to latest upstream release, SONAME bumped to 7
|
||||
|
||||
* Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
|
||||
- update to new CA bundle from mozilla.org
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user