- update to latest upstream release, SONAME bumped to 7

This commit is contained in:
Tomáš Mráz 2007-12-03 14:24:08 +00:00
parent 96585a061a
commit 3849a1678a
24 changed files with 161 additions and 4504 deletions

View File

@ -1 +1 @@
openssl-0.9.8b-usa.tar.bz2 openssl-0.9.8g-usa.tar.bz2

View File

@ -1,69 +0,0 @@
*) In the SSL/TLS server implementation, be strict about session ID
context matching (which matters if an application uses a single
external cache for different purposes). Previously,
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
set. This did ensure strict client verification, but meant that,
with applications using a single external cache for quite
different requirements, clients could circumvent ciphersuite
restrictions for a given session ID context by starting a session
in a different context.
diff -up openssl-0.9.7a/ssl/ssl_sess.c.strict-matching openssl-0.9.7a/ssl/ssl_sess.c
--- openssl-0.9.7a/ssl/ssl_sess.c.strict-matching 2002-11-28 09:09:03.000000000 +0100
+++ openssl-0.9.7a/ssl/ssl_sess.c 2007-08-02 16:17:29.000000000 +0200
@@ -322,33 +322,35 @@ int ssl_get_prev_session(SSL *s, unsigne
/* Now ret is non-NULL, and we own one of its reference counts. */
- if((s->verify_mode&SSL_VERIFY_PEER)
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
- {
+ if (ret->sid_ctx_length != s->sid_ctx_length
+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
+ {
/* We've found the session named by the client, but we don't
* want to use it in this context. */
-
- if (s->sid_ctx_length == 0)
- {
- /* application should have used SSL[_CTX]_set_session_id_context
- * -- we could tolerate this and just pretend we never heard
- * of this session, but then applications could effectively
- * disable the session cache by accident without anyone noticing */
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
- fatal = 1;
- goto err;
- }
- else
- {
#if 0 /* The client cannot always know when a session is not appropriate,
- * so we shouldn't generate an error message. */
+ * so we shouldn't generate an error message. */
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
#endif
- goto err; /* treat like cache miss */
- }
+ goto err; /* treat like cache miss */
+ }
+
+ if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
+ {
+ /* We can't be sure if this session is being used out of
+ * context, which is especially important for SSL_VERIFY_PEER.
+ * The application should have used SSL[_CTX]_set_session_id_context.
+ *
+ * For this error case, we generate an error instead of treating
+ * the event like a cache miss (otherwise it would be easy for
+ * applications to effectively disable the session cache by
+ * accident without anyone noticing).
+ */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+ fatal = 1;
+ goto err;
}
if (ret->cipher == NULL)

View File

@ -1,22 +0,0 @@
--- openssl-0.9.8b/crypto/engine/eng_all.c.padlock 2005-04-19 15:24:44.000000000 +0200
+++ openssl-0.9.8b/crypto/engine/eng_all.c 2006-06-21 19:57:29.000000000 +0200
@@ -69,6 +69,9 @@
ENGINE_load_openssl();
#endif
ENGINE_load_dynamic();
+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+ ENGINE_load_padlock();
+#endif
#ifndef OPENSSL_NO_STATIC_ENGINE
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_HW_4758_CCA
@@ -95,9 +98,6 @@
#ifndef OPENSSL_NO_HW_UBSEC
ENGINE_load_ubsec();
#endif
-#ifndef OPENSSL_NO_HW_PADLOCK
- ENGINE_load_padlock();
-#endif
#endif
#if defined(__OpenBSD__) || defined(__FreeBSD__)
ENGINE_load_cryptodev();

View File

@ -1,73 +0,0 @@
--- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll 2005-08-29 01:20:48.000000000 +0200
+++ openssl-0.9.8a/crypto/rand/rand_unix.c 2005-11-08 01:28:35.000000000 +0100
@@ -125,6 +125,7 @@
#include <fcntl.h>
#include <unistd.h>
#include <time.h>
+#include <sys/poll.h>
#ifdef __OpenBSD__
int RAND_poll(void)
@@ -157,6 +158,7 @@
struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
int fd;
size_t i;
+ struct pollfd pfd;
#endif
#ifdef DEVRANDOM_EGD
static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -184,11 +186,10 @@
#endif
)) >= 0)
{
- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
+ int t = 10; /* Spend 10ms on
each file. */
int r;
size_t j;
- fd_set fset;
struct stat *st=&randomstats[i];
/* Avoid using same input... Used to be O_NOFOLLOW
@@ -204,30 +205,25 @@
do
{
- FD_ZERO(&fset);
- FD_SET(fd, &fset);
- r = -1;
-
- if (select(fd+1,&fset,NULL,NULL,&t) < 0)
- t.tv_usec=0;
- else if (FD_ISSET(fd, &fset))
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+ pfd.revents = 0;
+
+ if ((r=poll(&pfd,1,t)) == 0)
+ t = 0;
+ else if (r > 0 && (pfd.revents & POLLIN))
{
r=read(fd,(unsigned char *)tmpbuf+n,
ENTROPY_NEEDED-n);
if (r > 0)
n += r;
}
-
- /* Some Unixen will update t, some
- won't. For those who won't, give
- up here, otherwise, we will do
- this once again for the remaining
- time. */
- if (t.tv_usec == 10*1000)
- t.tv_usec=0;
+ /* we don't know how big part of the timeout elapsed
+ wait half the original timeout next time */
+ t >>= 1;
}
while ((r > 0 || (errno == EINTR || errno == EAGAIN))
- && t.tv_usec != 0 && n < ENTROPY_NEEDED);
+ && t != 0 && n < ENTROPY_NEEDED);
close(fd);
}

View File

@ -1,777 +0,0 @@
openssl/crypto/aes/aes_core.c 1.7 -> 1.7.2.1
--- openssl/crypto/aes/aes_core.c 2005/01/24 14:22:05 1.7
+++ openssl/crypto/aes/aes_core.c 2006/06/28 08:58:15 1.7.2.1
@@ -44,22 +44,14 @@
Te1[x] = S [x].[03, 02, 01, 01];
Te2[x] = S [x].[01, 03, 02, 01];
Te3[x] = S [x].[01, 01, 03, 02];
-Te4[x] = S [x].[01, 01, 01, 01];
Td0[x] = Si[x].[0e, 09, 0d, 0b];
Td1[x] = Si[x].[0b, 0e, 09, 0d];
Td2[x] = Si[x].[0d, 0b, 0e, 09];
Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01, 01, 01, 01];
+Td4[x] = Si[x].[01];
*/
-#ifdef AES_ASM
-extern const u32 AES_Te[5][256];
-#define Te0 AES_Te[0]
-#define Te1 AES_Te[1]
-#define Te2 AES_Te[2]
-#define Te3 AES_Te[3]
-#else
static const u32 Te0[256] = {
0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -324,81 +316,7 @@
0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
};
-#endif
-static const u32 Te4[256] = {
- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
-};
-#ifdef AES_ASM
-extern const u32 AES_Td[5][256];
-#define Td0 AES_Td[0]
-#define Td1 AES_Td[1]
-#define Td2 AES_Td[2]
-#define Td3 AES_Td[3]
-#else
static const u32 Td0[256] = {
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -663,72 +581,39 @@
0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
};
-#endif
-static const u32 Td4[256] = {
- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+static const u8 Td4[256] = {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
};
static const u32 rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000,
@@ -768,10 +653,10 @@
while (1) {
temp = rk[3];
rk[4] = rk[0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
rcon[i];
rk[5] = rk[1] ^ rk[4];
rk[6] = rk[2] ^ rk[5];
@@ -788,10 +673,10 @@
while (1) {
temp = rk[ 5];
rk[ 6] = rk[ 0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
rcon[i];
rk[ 7] = rk[ 1] ^ rk[ 6];
rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -810,10 +695,10 @@
while (1) {
temp = rk[ 7];
rk[ 8] = rk[ 0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
rcon[i];
rk[ 9] = rk[ 1] ^ rk[ 8];
rk[10] = rk[ 2] ^ rk[ 9];
@@ -823,10 +708,10 @@
}
temp = rk[11];
rk[12] = rk[ 4] ^
- (Te4[(temp >> 24) ] & 0xff000000) ^
- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(temp ) & 0xff] & 0x000000ff);
+ (Te2[(temp >> 24) ] & 0xff000000) ^
+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp ) & 0xff] & 0x000000ff);
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
@@ -865,25 +750,25 @@
for (i = 1; i < (key->rounds); i++) {
rk += 4;
rk[0] =
- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[0] ) & 0xff] & 0xff];
+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[0] ) & 0xff] & 0xff];
rk[1] =
- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[1] ) & 0xff] & 0xff];
+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[1] ) & 0xff] & 0xff];
rk[2] =
- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[2] ) & 0xff] & 0xff];
+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[2] ) & 0xff] & 0xff];
rk[3] =
- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^
- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^
- Td3[Te4[(rk[3] ) & 0xff] & 0xff];
+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[3] ) & 0xff] & 0xff];
}
return 0;
}
@@ -1051,31 +936,31 @@
* map cipher state to byte array block:
*/
s0 =
- (Te4[(t0 >> 24) ] & 0xff000000) ^
- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t3 ) & 0xff] & 0x000000ff) ^
+ (Te2[(t0 >> 24) ] & 0xff000000) ^
+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^
rk[0];
PUTU32(out , s0);
s1 =
- (Te4[(t1 >> 24) ] & 0xff000000) ^
- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t0 ) & 0xff] & 0x000000ff) ^
+ (Te2[(t1 >> 24) ] & 0xff000000) ^
+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^
rk[1];
PUTU32(out + 4, s1);
s2 =
- (Te4[(t2 >> 24) ] & 0xff000000) ^
- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t1 ) & 0xff] & 0x000000ff) ^
+ (Te2[(t2 >> 24) ] & 0xff000000) ^
+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^
rk[2];
PUTU32(out + 8, s2);
s3 =
- (Te4[(t3 >> 24) ] & 0xff000000) ^
- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(t2 ) & 0xff] & 0x000000ff) ^
+ (Te2[(t3 >> 24) ] & 0xff000000) ^
+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^
rk[3];
PUTU32(out + 12, s3);
}
@@ -1242,31 +1127,31 @@
* map cipher state to byte array block:
*/
s0 =
- (Td4[(t0 >> 24) ] & 0xff000000) ^
- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t1 ) & 0xff] & 0x000000ff) ^
+ (Td4[(t0 >> 24) ] << 24) ^
+ (Td4[(t3 >> 16) & 0xff] << 16) ^
+ (Td4[(t2 >> 8) & 0xff] << 8) ^
+ (Td4[(t1 ) & 0xff]) ^
rk[0];
PUTU32(out , s0);
s1 =
- (Td4[(t1 >> 24) ] & 0xff000000) ^
- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t2 ) & 0xff] & 0x000000ff) ^
+ (Td4[(t1 >> 24) ] << 24) ^
+ (Td4[(t0 >> 16) & 0xff] << 16) ^
+ (Td4[(t3 >> 8) & 0xff] << 8) ^
+ (Td4[(t2 ) & 0xff]) ^
rk[1];
PUTU32(out + 4, s1);
s2 =
- (Td4[(t2 >> 24) ] & 0xff000000) ^
- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t3 ) & 0xff] & 0x000000ff) ^
+ (Td4[(t2 >> 24) ] << 24) ^
+ (Td4[(t1 >> 16) & 0xff] << 16) ^
+ (Td4[(t0 >> 8) & 0xff] << 8) ^
+ (Td4[(t3 ) & 0xff]) ^
rk[2];
PUTU32(out + 8, s2);
s3 =
- (Td4[(t3 >> 24) ] & 0xff000000) ^
- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
- (Td4[(t0 ) & 0xff] & 0x000000ff) ^
+ (Td4[(t3 >> 24) ] << 24) ^
+ (Td4[(t2 >> 16) & 0xff] << 16) ^
+ (Td4[(t1 >> 8) & 0xff] << 8) ^
+ (Td4[(t0 ) & 0xff]) ^
rk[3];
PUTU32(out + 12, s3);
}
openssl/crypto/aes/asm/aes-586.pl 1.11 -> 1.11.2.1
--- openssl/crypto/aes/asm/aes-586.pl 2005/05/09 21:48:00 1.11
+++ openssl/crypto/aes/asm/aes-586.pl 2006/06/28 09:01:40 1.11.2.1
@@ -6,7 +6,7 @@
# forms are granted according to the OpenSSL license.
# ====================================================================
#
-# Version 3.4.
+# Version 3.6.
#
# You might fail to appreciate this module performance from the first
# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
@@ -66,6 +66,13 @@
# stack. This unfortunately has rather strong impact on small block CBC
# performance, ~2x deterioration on 16-byte block if compared to 3.3.
#
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
# Current ECB performance numbers for 128-bit key in CPU cycles per
# processed byte [measure commonly used by AES benchmarkers] are:
#
@@ -505,28 +512,27 @@
if($i==3) { &mov ($key,&DWP(12,"esp")); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
- &mov ($out,&DWP(2048,$td,$out,4));
- &and ($out,0x000000ff);
+ &movz ($out,&DWP(2048,$td,$out,1));
if ($i==3) { $tmp=$s[1]; }
&movz ($tmp,&HB($s[1]));
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
- &and ($tmp,0x0000ff00);
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &shl ($tmp,8);
&xor ($out,$tmp);
if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
else { mov ($tmp,$s[2]); }
&shr ($tmp,16);
&and ($tmp,0xFF);
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
- &and ($tmp,0x00ff0000);
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &shl ($tmp,16);
&xor ($out,$tmp);
if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
- &mov ($tmp,&DWP(2048,$td,$tmp,4));
- &and ($tmp,0xff000000);
+ &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &shl ($tmp,24);
&xor ($out,$tmp);
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
@@ -687,70 +693,38 @@
&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
#Td4:
- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
&function_end_B("_x86_AES_decrypt");
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
@@ -770,6 +744,18 @@
&blindpop("ebp");
&lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+ # prefetch Td4
+ &lea ("ebp",&DWP(2048+128,"ebp"));
+ &mov ($s0,&DWP(0-128,"ebp"));
+ &mov ($s1,&DWP(32-128,"ebp"));
+ &mov ($s2,&DWP(64-128,"ebp"));
+ &mov ($s3,&DWP(96-128,"ebp"));
+ &mov ($s0,&DWP(128-128,"ebp"));
+ &mov ($s1,&DWP(160-128,"ebp"));
+ &mov ($s2,&DWP(192-128,"ebp"));
+ &mov ($s3,&DWP(224-128,"ebp"));
+ &lea ("ebp",&DWP(-2048-128,"ebp"));
+
&mov ($s0,&DWP(0,$acc)); # load input data
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
@@ -805,6 +791,7 @@
my $_tmp=&DWP(40,"esp"); #volatile variable
my $ivec=&DWP(44,"esp"); #ivec[16]
my $aes_key=&DWP(60,"esp"); #copy of aes_key
+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&public_label("AES_Te");
&public_label("AES_Td");
@@ -865,18 +852,27 @@
&mov ($_key,$s3); # save copy of key
&mov ($_ivp,$acc); # save copy of ivp
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
if ($compromise) {
&cmp ($s2,$compromise);
&jb (&label("skip_ecopy"));
}
- # copy key schedule to stack
- &mov ("ecx",244/4);
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,"ebp");
&mov ("esi",$s3);
+ &and ($s1,0xfff);
&lea ("edi",$aes_key);
- &mov ($_key,"edi");
+ &cmp ($s1,2048);
+ &jb (&label("do_ecopy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_ecopy"));
&align (4);
- &data_word(0xF689A5F3); # rep movsd
- &set_label("skip_ecopy") if ($compromise);
+ &set_label("do_ecopy");
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_ecopy");
&mov ($acc,$s0);
&mov ($key,16);
@@ -942,18 +938,16 @@
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
+ &cmp ($mark,0); # was the key schedule copied?
&mov ("edi",$_key);
&mov ("esp",$_esp);
- if ($compromise) {
- &cmp (&wparam(2),$compromise);
- &jb (&label("skip_ezero"));
- }
+ &je (&label("skip_ezero"));
# zero copy of key schedule
&mov ("ecx",240/4);
&xor ("eax","eax");
&align (4);
- &data_word(0xF689ABF3); # rep stosd
- &set_label("skip_ezero") if ($compromise);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_ezero")
&popf ();
&set_label("enc_out");
&function_end_A();
@@ -968,7 +962,7 @@
&cmp ($key,$acc); # compare with inp
&je (&label("enc_in_place"));
&align (4);
- &data_word(0xF689A4F3); # rep movsb # copy input
+ &data_word(0xA4F3F689); # rep movsb # copy input
&jmp (&label("enc_skip_in_place"));
&set_label("enc_in_place");
&lea ($key,&DWP(0,$key,$s2));
@@ -976,7 +970,7 @@
&mov ($s2,$s1);
&xor ($s0,$s0);
&align (4);
- &data_word(0xF689AAF3); # rep stosb # zero tail
+ &data_word(0xAAF3F689); # rep stosb # zero tail
&pop ($key); # pop ivp
&mov ($acc,$_out); # output as input
@@ -996,10 +990,10 @@
# ... and make sure it doesn't alias with AES_Td modulo 4096
&mov ($s0,"ebp");
- &lea ($s1,&DWP(3072,"ebp"));
+ &lea ($s1,&DWP(2048+256,"ebp"));
&mov ($s3,$key);
&and ($s0,0xfff); # s = %ebp&0xfff
- &and ($s1,0xfff); # e = (%ebp+3072)&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
&and ($s3,0xfff); # p = %esp&0xfff
&cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
@@ -1030,21 +1024,30 @@
&mov ($_key,$s3); # save copy of key
&mov ($_ivp,$acc); # save copy of ivp
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
if ($compromise) {
&cmp ($s2,$compromise);
&jb (&label("skip_dcopy"));
}
- # copy key schedule to stack
- &mov ("ecx",244/4);
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,"ebp");
&mov ("esi",$s3);
+ &and ($s1,0xfff);
&lea ("edi",$aes_key);
- &mov ($_key,"edi");
+ &cmp ($s1,2048+256);
+ &jb (&label("do_dcopy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_dcopy"));
&align (4);
- &data_word(0xF689A5F3); # rep movsd
- &set_label("skip_dcopy") if ($compromise);
+ &set_label("do_dcopy");
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_dcopy");
&mov ($acc,$s0);
- &mov ($key,24);
+ &mov ($key,18);
&align (4);
&set_label("prefetch_td");
&mov ($s0,&DWP(0,"ebp"));
@@ -1054,7 +1057,7 @@
&lea ("ebp",&DWP(128,"ebp"));
&dec ($key);
&jnz (&label("prefetch_td"));
- &sub ("ebp",3072);
+ &sub ("ebp",2048+256);
&cmp ($acc,$_out);
&je (&label("dec_in_place")); # in-place processing...
@@ -1121,7 +1124,7 @@
&lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
&mov ($acc eq "esi" ? $acc : "",$key);
&mov ($key eq "edi" ? $key : "",$_out); # load out
- &data_word(0xF689A4F3); # rep movsb # copy output
+ &data_word(0xA4F3F689); # rep movsb # copy output
&mov ($key,$_inp); # use inp as temp ivp
&jmp (&label("dec_end"));
@@ -1188,22 +1191,20 @@
&lea ($key,&DWP(0,$key,$s2));
&lea ($acc,&DWP(16,$acc,$s2));
&neg ($s2 eq "ecx" ? $s2 : "");
- &data_word(0xF689A4F3); # rep movsb # restore tail
+ &data_word(0xA4F3F689); # rep movsb # restore tail
&align (4);
&set_label("dec_out");
+ &cmp ($mark,0); # was the key schedule copied?
&mov ("edi",$_key);
&mov ("esp",$_esp);
- if ($compromise) {
- &cmp (&wparam(2),$compromise);
- &jb (&label("skip_dzero"));
- }
+ &je (&label("skip_dzero"));
# zero copy of key schedule
&mov ("ecx",240/4);
&xor ("eax","eax");
&align (4);
- &data_word(0xF689ABF3); # rep stosd
- &set_label("skip_dzero") if ($compromise);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_dzero")
&popf ();
&function_end("AES_cbc_encrypt");
}

View File

@ -1,22 +0,0 @@
openssl/ssl/t1_enc.c 1.35.2.1 -> 1.35.2.2
--- openssl/ssl/t1_enc.c 2005/09/30 23:38:20 1.35.2.1
+++ openssl/ssl/t1_enc.c 2006/05/07 12:27:48 1.35.2.2
@@ -628,7 +628,15 @@
{
ii=i=rec->data[l-1]; /* padding_length */
i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ /* NB: if compression is in operation the first packet
+ * may not be of even length so the padding bug check
+ * cannot be performed. This bug workaround has been
+ * around since SSLeay so hopefully it is either fixed
+ * now or no buggy implementation supports compression
+ * [steve]
+ */
+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ && !s->expand)
{
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence,

View File

@ -1,447 +0,0 @@
--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe 2005-09-23 01:32:49.000000000 +0200
+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2006-07-20 13:41:44.000000000 +0200
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -238,40 +238,63 @@
return(r);
}
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
BN_BLINDING *ret;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
if (rsa->blinding == NULL)
{
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+
if (rsa->blinding == NULL)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->blinding == NULL)
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->blinding;
if (ret == NULL)
- return NULL;
+ goto err;
- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
{
- *local = 0;
+ /* rsa->blinding is ours! */
+
+ *local = 1;
+ }
+ else
+ {
+ /* resort to rsa->mt_blinding instead */
+
+ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
+ * that the BN_BLINDING is shared, meaning that accesses
+ * require locks, and that the blinding factor must be
+ * stored outside the BN_BLINDING
+ */
+
if (rsa->mt_blinding == NULL)
{
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ if (!got_write_lock)
+ {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+ }
+
if (rsa->mt_blinding == NULL)
rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
ret = rsa->mt_blinding;
}
- else
- *local = 1;
+ err:
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
return ret;
}
@@ -358,7 +381,7 @@
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
@@ -479,7 +502,7 @@
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
--- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe 2005-11-11 13:59:39.000000000 +0100
+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2006-07-20 13:42:07.000000000 +0200
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
/*
* Details about Montgomery multiplication algorithms can be found at
@@ -353,18 +406,32 @@
BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
const BIGNUM *mod, BN_CTX *ctx)
{
- if (*pmont)
- return *pmont;
- CRYPTO_w_lock(lock);
+ int got_write_lock = 0;
+ BN_MONT_CTX *ret;
+
+ CRYPTO_r_lock(lock);
if (!*pmont)
{
- BN_MONT_CTX *mtmp;
- mtmp = BN_MONT_CTX_new();
- if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx))
- BN_MONT_CTX_free(mtmp);
- else
- *pmont = mtmp;
+ CRYPTO_r_unlock(lock);
+ CRYPTO_w_lock(lock);
+ got_write_lock = 1;
+
+ if (!*pmont)
+ {
+ ret = BN_MONT_CTX_new();
+ if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+ BN_MONT_CTX_free(ret);
+ else
+ *pmont = ret;
+ }
}
- CRYPTO_w_unlock(lock);
- return *pmont;
+
+ ret = *pmont;
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(lock);
+ else
+ CRYPTO_r_unlock(lock);
+
+ return ret;
}
--- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe 2006-02-08 20:16:16.000000000 +0100
+++ openssl-0.9.8b/crypto/err/err.c 2006-07-20 13:41:44.000000000 +0200
@@ -548,9 +548,20 @@
int i;
static int init = 1;
- if (!init) return;
-
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+ if (!init)
+ {
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+ return;
+ }
+
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (!init)
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ return;
+ }
for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
{
--- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe 2006-04-15 02:22:34.000000000 +0200
+++ openssl-0.9.8b/ssl/ssl_ciph.c 2006-07-20 13:41:44.000000000 +0200
@@ -56,6 +56,59 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
@@ -203,36 +256,46 @@
static void load_builtin_compressions(void)
{
- if (ssl_comp_methods != NULL)
- return;
+ int got_write_lock = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL);
if (ssl_comp_methods == NULL)
{
- SSL_COMP *comp = NULL;
-
- MemCheck_off();
- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL)
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ got_write_lock = 1;
+
+ if (ssl_comp_methods == NULL)
{
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- if (comp != NULL)
+ SSL_COMP *comp = NULL;
+
+ MemCheck_off();
+ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+ if (ssl_comp_methods != NULL)
{
- comp->method=COMP_zlib();
- if (comp->method
- && comp->method->type == NID_undef)
- OPENSSL_free(comp);
- else
+ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ if (comp != NULL)
{
- comp->id=SSL_COMP_ZLIB_IDX;
- comp->name=comp->method->name;
- sk_SSL_COMP_push(ssl_comp_methods,comp);
+ comp->method=COMP_zlib();
+ if (comp->method
+ && comp->method->type == NID_undef)
+ OPENSSL_free(comp);
+ else
+ {
+ comp->id=SSL_COMP_ZLIB_IDX;
+ comp->name=comp->method->name;
+ sk_SSL_COMP_push(ssl_comp_methods,comp);
+ }
}
}
+ MemCheck_on();
}
- MemCheck_on();
}
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
}
#endif
--- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe 2006-02-24 18:58:35.000000000 +0100
+++ openssl-0.9.8b/ssl/ssl_cert.c 2006-07-20 13:41:44.000000000 +0200
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -73,12 +73,12 @@
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
+ * openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
@@ -87,7 +87,7 @@
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -102,6 +102,11 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
@@ -130,21 +135,28 @@
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
{
static volatile int ssl_x509_store_ctx_idx= -1;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
if (ssl_x509_store_ctx_idx < 0)
{
- /* any write lock will do; usually this branch
- * will only be taken once anyway */
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ got_write_lock = 1;
if (ssl_x509_store_ctx_idx < 0)
{
ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
0,"SSL for verify callback",NULL,NULL,NULL);
}
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
}
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+
return ssl_x509_store_ctx_idx;
}

View File

@ -1,25 +0,0 @@
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.
During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. CVE-2006-2938
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
affected. This includes SSL servers which enable client authentication
and S/MIME applications.
This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
--- openssl-0.9.8b/crypto/asn1/tasn_dec.c.asn1-error 2006-02-19 14:45:22.000000000 +0100
+++ openssl-0.9.8b/crypto/asn1/tasn_dec.c 2006-09-25 12:01:14.000000000 +0200
@@ -832,6 +832,7 @@
}
else if (ret == -1)
return -1;
+ ret = 0;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if ((utype == V_ASN1_SEQUENCE)
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))

View File

@ -1,215 +0,0 @@
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.
Certain types of public key can take disproportionate amounts of time
to process. This could be used by an attacker in a denial of service attack.
CVE-2006-2940
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
affected. This includes SSL servers which enable client authentication,
and S/MIME applications.
diff -u -r1.37.2.2 dh.h
--- crypto/dh/dh.h 9 Jan 2006 16:05:22 -0000 1.37.2.2
+++ crypto/dh/dh.h 15 Sep 2006 13:59:47 -0000
@@ -73,6 +73,8 @@
#include <openssl/bn.h>
#endif
+#define OPENSSL_DH_MAX_MODULUS_BITS 10000
+
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
* implementation now uses constant time
@@ -221,6 +223,7 @@
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_INVALID_PUBKEY 102
+#define DH_R_MODULUS_TOO_LARGE 103
#define DH_R_NO_PRIVATE_VALUE 100
#ifdef __cplusplus
diff -u -r1.11.2.2 dh_err.c
--- crypto/dh/dh_err.c 9 Jan 2006 16:05:22 -0000 1.11.2.2
+++ crypto/dh/dh_err.c 15 Sep 2006 13:59:47 -0000
@@ -84,6 +84,7 @@
{
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
{0,NULL}
};
diff -u -r1.24.2.3 dh_key.c
--- crypto/dh/dh_key.c 13 Mar 2006 23:12:06 -0000 1.24.2.3
+++ crypto/dh/dh_key.c 15 Sep 2006 13:59:47 -0000
@@ -179,6 +179,12 @@
int ret= -1;
int check_result;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ {
+ DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
diff -u -r1.39 dsa.h
--- crypto/dsa/dsa.h 16 May 2005 01:43:30 -0000 1.39
+++ crypto/dsa/dsa.h 15 Sep 2006 13:59:47 -0000
@@ -84,6 +84,8 @@
#endif
#endif
+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+
#define DSA_FLAG_CACHE_MONT_P 0x01
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
* implementation now uses constant time
@@ -270,8 +272,10 @@
#define DSA_F_SIG_CB 114
/* Reason codes. */
+#define DSA_R_BAD_Q_VALUE 102
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
+#define DSA_R_MODULUS_TOO_LARGE 103
#ifdef __cplusplus
}
diff -u -r1.13 dsa_err.c
--- crypto/dsa/dsa_err.c 12 Apr 2005 16:15:12 -0000 1.13
+++ crypto/dsa/dsa_err.c 15 Sep 2006 13:59:47 -0000
@@ -89,8 +89,10 @@
static ERR_STRING_DATA DSA_str_reasons[]=
{
+{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{0,NULL}
};
diff -u -r1.24.2.1 dsa_ossl.c
--- crypto/dsa/dsa_ossl.c 26 May 2005 04:40:57 -0000 1.24.2.1
+++ crypto/dsa/dsa_ossl.c 15 Sep 2006 13:59:47 -0000
@@ -304,6 +304,18 @@
return -1;
}
+ if (BN_num_bits(dsa->q) != 160)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
diff -u -r1.55.2.6 rsa.h
--- crypto/rsa/rsa.h 6 Sep 2006 06:43:25 -0000 1.55.2.6
+++ crypto/rsa/rsa.h 15 Sep 2006 13:59:48 -0000
@@ -159,6 +159,11 @@
BN_BLINDING *mt_blinding;
};
+#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
+
+#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
+
#define RSA_3 0x3L
#define RSA_F4 0x10001L
@@ -407,6 +412,7 @@
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
+#define RSA_R_MODULUS_TOO_LARGE 105
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
diff -u -r1.46.2.6 rsa_eay.c
--- crypto/rsa/rsa_eay.c 6 Sep 2006 06:43:25 -0000 1.46.2.6
+++ crypto/rsa/rsa_eay.c 15 Sep 2006 13:59:48 -0000
@@ -168,6 +168,28 @@
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+ {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
@@ -597,6 +619,28 @@
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+ {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
if((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
diff -u -r1.17.2.5 rsa_err.c
--- crypto/rsa/rsa_err.c 6 Sep 2006 06:43:26 -0000 1.17.2.5
+++ crypto/rsa/rsa_err.c 15 Sep 2006 13:59:48 -0000
@@ -137,6 +137,7 @@
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
+{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},

View File

@ -1,27 +0,0 @@
Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer
overflow in SSL_get_shared_ciphers utility function, used by some
applications such as exim and mysql. An attacker could send a list of
ciphers that would overrun a buffer CVE-2006-3738
--- ssl/ssl_lib.c 2005-10-01 00:38:20.000000000 +0100
+++ ssl/ssl_lib.c 2006-08-28 19:08:37.401404000 +0100
@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *
c=sk_SSL_CIPHER_value(sk,i);
for (cp=c->name; *cp; )
{
- if (len-- == 0)
+ if (len-- <= 0)
{
*p='\0';
return(buf);
--- ssl/s3_srvr.c 2005-10-01 00:38:20.000000000 +0100
+++ ssl/s3_srvr.c 2006-08-28 19:16:39.313556000 +0100
@@ -2017,7 +2017,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (kssl_ctx->client_princ)
{
- int len = strlen(kssl_ctx->client_princ);
+ size_t len = strlen(kssl_ctx->client_princ);
if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
{
s->session->krb5_client_princ_len = len;

View File

@ -1,77 +0,0 @@
*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie; Google Security Team]
openssl/crypto/rsa/rsa.h 1.55.2.4 -> 1.55.2.5
--- openssl/crypto/rsa/rsa.h 2006/01/09 16:05:18 1.55.2.4
+++ openssl/crypto/rsa/rsa.h 2006/09/05 08:25:42 1.55.2.5
@@ -412,6 +412,7 @@
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
openssl/crypto/rsa/rsa_eay.c 1.46.2.4 -> 1.46.2.5
--- openssl/crypto/rsa/rsa_eay.c 2006/06/14 08:51:40 1.46.2.4
+++ openssl/crypto/rsa/rsa_eay.c 2006/09/05 08:25:42 1.46.2.5
@@ -640,6 +640,15 @@
{
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+ /* Generally signatures should be at least 2/3 padding, though
+ this isn't possible for really short keys and some standard
+ signature schemes, so don't check if the unpadded data is
+ small. */
+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT);
+ goto err;
+ }
break;
case RSA_X931_PADDING:
r=RSA_padding_check_X931(to,num,buf,i,num);
openssl/crypto/rsa/rsa_err.c 1.17.2.3 -> 1.17.2.4
--- openssl/crypto/rsa/rsa_err.c 2006/01/09 16:05:18 1.17.2.3
+++ openssl/crypto/rsa/rsa_err.c 2006/09/05 08:25:42 1.17.2.4
@@ -142,6 +142,7 @@
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
openssl/crypto/rsa/rsa_sign.c 1.21 -> 1.21.2.1
--- openssl/crypto/rsa/rsa_sign.c 2005/04/26 22:07:17 1.21
+++ openssl/crypto/rsa/rsa_sign.c 2006/09/05 08:25:42 1.21.2.1
@@ -185,6 +185,23 @@
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
+
+ /* Excess data can be used to create forgeries */
+ if(p != s+i)
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
+ /* Parameters to the signature algorithm can also be used to
+ create forgeries */
+ if(sig->algor->parameter
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
+ {
+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
sigtype=OBJ_obj2nid(sig->algor->algorithm);

View File

@ -1,17 +0,0 @@
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
possible DoS in the sslv2 client code. Where a client application uses
OpenSSL to make a SSLv2 connection to a malicious server that server
could cause the client to crash. CVE-2006-4343
--- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100
+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
}
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
+ if (s->session->sess_cert == NULL
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
/* can't happen */
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);

View File

@ -1,934 +0,0 @@
diff -up openssl-0.9.8b/crypto/rsa/rsa.h.no-branch openssl-0.9.8b/crypto/rsa/rsa.h
--- openssl-0.9.8b/crypto/rsa/rsa.h.no-branch 2007-08-03 13:58:54.000000000 +0200
+++ openssl-0.9.8b/crypto/rsa/rsa.h 2007-08-03 13:58:58.000000000 +0200
@@ -189,13 +189,17 @@ struct rsa_st
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
-#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
+#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
+ * implementation now uses constant time
+ * operations by default in private key operations,
+ * e.g., constant time modular exponentiation,
+ * modular inverse without leaking branches,
+ * division without leaking branches. This
+ * flag disables these constant time
+ * operations and results in faster RSA
+ * private key operations.
+ */
+#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
diff -up openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_lib.c
--- openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch 2005-11-25 15:26:12.000000000 +0100
+++ openssl-0.9.8b/crypto/rsa/rsa_lib.c 2007-08-03 13:58:58.000000000 +0200
@@ -361,7 +361,8 @@ err:
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
{
- BIGNUM *e;
+ BIGNUM local_n;
+ BIGNUM *e,*n;
BN_CTX *ctx;
BN_BLINDING *ret = NULL;
@@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa
RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
}
- ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ /* Set BN_FLG_CONSTTIME flag */
+ n = &local_n;
+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+ }
+ else
+ n = rsa->n;
+
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx,
rsa->meth->bn_mod_exp, rsa->_method_mod_n);
if (ret == NULL)
{
diff -up openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_gen.c
--- openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch 2006-03-14 00:12:08.000000000 +0100
+++ openssl-0.9.8b/crypto/rsa/rsa_gen.c 2007-08-03 13:58:58.000000000 +0200
@@ -85,6 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bi
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+ BIGNUM local_r0,local_d,local_p;
+ BIGNUM *pr0,*d,*p;
int bitsp,bitsq,ok= -1,n=0;
BN_CTX *ctx=NULL;
@@ -165,16 +167,39 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
- if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err; /* d */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ pr0 = &local_r0;
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+ }
+ else
+ pr0 = r0;
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
+
+ /* set up d for correct BN_FLG_CONSTTIME flag */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ }
+ else
+ d = rsa->d;
/* calculate d mod (p-1) */
- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
/* calculate d mod (q-1) */
- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
/* calculate inverse of q mod p */
- if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+ }
+ else
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
ok=1;
err:
diff -up openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_eay.c
--- openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch 2007-08-03 13:58:54.000000000 +0200
+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2007-08-03 13:58:58.000000000 +0200
@@ -429,11 +429,11 @@ static int RSA_eay_private_encrypt(int f
BIGNUM local_d;
BIGNUM *d = NULL;
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
BN_init(&local_d);
d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
d = rsa->d;
@@ -551,10 +551,10 @@ static int RSA_eay_private_decrypt(int f
BIGNUM local_d;
BIGNUM *d = NULL;
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
d = rsa->d;
@@ -724,8 +724,9 @@ err:
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
BIGNUM *r1,*m1,*vrfy;
- BIGNUM local_dmp1, local_dmq1;
- BIGNUM *dmp1, *dmq1;
+ BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
+ BIGNUM *dmp1,*dmq1,*c,*pr1;
+ int bn_flags;
int ret=0;
BN_CTX_start(ctx);
@@ -733,26 +734,72 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx);
+ /* Make sure mod_inverse in montgomerey intialization use correct
+ * BN_FLG_CONSTTIME flag.
+ */
+ bn_flags = rsa->p->flags;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ rsa->p->flags |= BN_FLG_CONSTTIME;
+ }
MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ /* We restore bn_flags back */
+ rsa->p->flags = bn_flags;
+
+ /* Make sure mod_inverse in montgomerey intialization use correct
+ * BN_FLG_CONSTTIME flag.
+ */
+ bn_flags = rsa->q->flags;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ rsa->q->flags |= BN_FLG_CONSTTIME;
+ }
MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ /* We restore bn_flags back */
+ rsa->q->flags = bn_flags;
+
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ /* compute I mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
+ }
+ else
+ {
+ if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
+ }
+
+ /* compute r1^dmq1 mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
dmq1 = &local_dmq1;
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
}
else
dmq1 = rsa->dmq1;
if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ /* compute I mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
+ }
+ else
+ {
+ if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
+ }
+
+ /* compute r1^dmp1 mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
dmp1 = &local_dmp1;
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
}
else
dmp1 = rsa->dmp1;
@@ -766,7 +813,17 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
if (!BN_add(r0,r0,rsa->p)) goto err;
if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
- if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
+
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ pr1 = &local_r1;
+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+ }
+ else
+ pr1 = r1;
+ if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
+
/* If p < q it is occasionally possible for the correction of
* adding 'p' if r0 is negative above to leave the result still
* negative. This can break the private key operations: the following
@@ -799,10 +856,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
BIGNUM local_d;
BIGNUM *d = NULL;
- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
d = rsa->d;
diff -up openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_test.c
--- openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch 2005-05-16 03:43:31.000000000 +0200
+++ openssl-0.9.8b/crypto/rsa/rsa_test.c 2007-08-03 13:58:58.000000000 +0200
@@ -242,7 +242,7 @@ int main(int argc, char *argv[])
clen = key3(key, ctext_ex);
break;
}
- if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
+ if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
diff -up openssl-0.9.8b/crypto/bn/bn.h.no-branch openssl-0.9.8b/crypto/bn/bn.h
--- openssl-0.9.8b/crypto/bn/bn.h.no-branch 2007-08-03 13:58:54.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn.h 2007-08-03 13:58:58.000000000 +0200
@@ -245,8 +245,15 @@ extern "C" {
#define BN_FLG_MALLOCED 0x01
#define BN_FLG_STATIC_DATA 0x02
-#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
+#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
+ /* avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
+
#ifndef OPENSSL_NO_DEPRECATED
#define BN_FLG_FREE 0x8000 /* used for debuging */
#endif
@@ -534,7 +541,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_M
#define BN_BLINDING_NO_UPDATE 0x00000001
#define BN_BLINDING_NO_RECREATE 0x00000002
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
@@ -546,7 +553,7 @@ void BN_BLINDING_set_thread_id(BN_BLINDI
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx);
diff -up openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch openssl-0.9.8b/crypto/bn/bn_mont.c
--- openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch 2007-08-03 13:58:54.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2007-08-03 13:58:58.000000000 +0200
@@ -159,6 +159,7 @@ int BN_from_montgomery(BIGNUM *ret, cons
BIGNUM *n,*r;
BN_ULONG *ap,*np,*rp,n0,v,*nrp;
int al,nl,max,i,x,ri;
+ size_t m1,m2;
BN_CTX_start(ctx);
if ((r = BN_CTX_get(ctx)) == NULL) goto err;
@@ -176,7 +177,6 @@ int BN_from_montgomery(BIGNUM *ret, cons
max=(nl+al+1); /* allow for overflow (no?) XXX */
if (bn_wexpand(r,max) == NULL) goto err;
- if (bn_wexpand(ret,max) == NULL) goto err;
r->neg=a->neg^n->neg;
np=n->d;
@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons
}
bn_correct_top(r);
- /* mont->ri will be a multiple of the word size */
-#if 0
- BN_rshift(ret,r,mont->ri);
-#else
+ /* mont->ri will be a multiple of the word size and below code
+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */
+ if (r->top <= ri)
+ {
+ ret->top=0;
+ retn=1;
+ goto err;
+ }
+ al=r->top-ri;
+ if (bn_wexpand(ret,ri) == NULL) goto err;
+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
ret->neg = r->neg;
- x=ri;
+
rp=ret->d;
- ap= &(r->d[x]);
- if (r->top < x)
- al=0;
- else
- al=r->top-x;
- ret->top=al;
- al-=4;
- for (i=0; i<al; i+=4)
+ ap=&(r->d[ri]);
+
+ v=bn_sub_words(rp,ap,np,ri);
+ /* this -----------------------^^ works even in al<ri case
+ * thanks to zealous zeroing of top of the vector in the
+ * beginning. */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /* in other words if subtraction result is real, then
+ * trick unconditional memcpy below to perform in-place
+ * "refresh" instead of actual copy. */
+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
+ m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
+ m1|=m2; /* (al!=ri) */
+ m1|=(0-(size_t)v); /* (al!=ri || v) */
+ m1&=~m2; /* (al!=ri || v) && !al>ri */
+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+
+ /* 'i<ri' is chosen to eliminate dependency on input data, even
+ * though it results in redundant copy in al<ri case. */
+ for (i=0,ri-=4; i<ri; i+=4)
{
BN_ULONG t1,t2,t3,t4;
- t1=ap[i+0];
- t2=ap[i+1];
- t3=ap[i+2];
- t4=ap[i+3];
- rp[i+0]=t1;
- rp[i+1]=t2;
+ t1=nrp[i+0];
+ t2=nrp[i+1];
+ t3=nrp[i+2]; ap[i+0]=0;
+ t4=nrp[i+3]; ap[i+1]=0;
+ rp[i+0]=t1; ap[i+2]=0;
+ rp[i+1]=t2; ap[i+3]=0;
rp[i+2]=t3;
rp[i+3]=t4;
}
- al+=4;
- for (; i<al; i++)
- rp[i]=ap[i];
-#endif
+ for (ri+=4; i<ri; i++)
+ rp[i]=nrp[i], ap[i]=0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
#else /* !MONT_WORD */
BIGNUM *t1,*t2;
@@ -276,12 +297,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
if (!BN_add(t2,a,t1)) goto err;
if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
if (BN_ucmp(ret, &(mont->N)) >= 0)
{
if (!BN_usub(ret,ret,&(mont->N))) goto err;
}
+#endif /* MONT_WORD */
retn=1;
bn_check_top(ret);
err:
diff -up openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch openssl-0.9.8b/crypto/bn/bn_lib.c
--- openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch 2005-05-03 22:27:00.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn_lib.c 2007-08-03 13:58:58.000000000 +0200
@@ -763,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n
i=n/BN_BITS2;
j=n%BN_BITS2;
if (a->top <= i) return 0;
- return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
+ return(((a->d[i])>>j)&((BN_ULONG)1));
}
int BN_mask_bits(BIGNUM *a, int n)
diff -up openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch openssl-0.9.8b/crypto/bn/bn_blind.c
--- openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch 2005-05-26 06:30:48.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn_blind.c 2007-08-03 13:58:58.000000000 +0200
@@ -131,7 +131,7 @@ struct bn_blinding_st
BN_MONT_CTX *m_ctx);
};
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
{
BN_BLINDING *ret=NULL;
@@ -151,7 +151,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNU
{
if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
}
- ret->mod = mod;
+
+ /* save a copy of mod in the BN_BLINDING structure */
+ if ((ret->mod = BN_dup(mod)) == NULL) goto err;
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
ret->counter = BN_BLINDING_COUNTER;
return(ret);
err:
@@ -167,6 +172,7 @@ void BN_BLINDING_free(BN_BLINDING *r)
if (r->A != NULL) BN_free(r->A );
if (r->Ai != NULL) BN_free(r->Ai);
if (r->e != NULL) BN_free(r->e );
+ if (r->mod != NULL) BN_free(r->mod);
OPENSSL_free(r);
}
@@ -278,7 +284,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *
}
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx)
diff -up openssl-0.9.8b/crypto/bn/bn_div.c.no-branch openssl-0.9.8b/crypto/bn/bn_div.c
--- openssl-0.9.8b/crypto/bn/bn_div.c.no-branch 2005-08-29 01:20:43.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn_div.c 2007-08-03 13:58:58.000000000 +0200
@@ -169,13 +169,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, cons
#endif /* OPENSSL_NO_ASM */
-/* BN_div computes dv := num / divisor, rounding towards zero, and sets up
- * rm such that dv*divisor + rm = num holds.
+/* BN_div[_no_branch] computes dv := num / divisor, rounding towards
+ * zero, and sets up rm such that dv*divisor + rm = num holds.
* Thus:
* dv->neg == num->neg ^ divisor->neg (unless the result is zero)
* rm->neg == num->neg (unless the remainder is zero)
* If 'dv' or 'rm' is NULL, the respective value is not returned.
*/
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx);
int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
BN_CTX *ctx)
{
@@ -185,6 +187,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const
BN_ULONG d0,d1;
int num_n,div_n;
+ if (BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
+ {
+ return BN_div_no_branch(dv, rm, num, divisor, ctx);
+ }
+
bn_check_top(dv);
bn_check_top(rm);
bn_check_top(num);
@@ -397,4 +404,229 @@ err:
return(0);
}
+
+/* BN_div_no_branch is a special version of BN_div. It does not contain
+ * branches that may leak sensitive information.
+ */
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx)
+ {
+ int norm_shift,i,loop;
+ BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+ BN_ULONG *resp,*wnump;
+ BN_ULONG d0,d1;
+ int num_n,div_n;
+
+ bn_check_top(dv);
+ bn_check_top(rm);
+ bn_check_top(num);
+ bn_check_top(divisor);
+
+ if (BN_is_zero(divisor))
+ {
+ BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+ return(0);
+ }
+
+ BN_CTX_start(ctx);
+ tmp=BN_CTX_get(ctx);
+ snum=BN_CTX_get(ctx);
+ sdiv=BN_CTX_get(ctx);
+ if (dv == NULL)
+ res=BN_CTX_get(ctx);
+ else res=dv;
+ if (sdiv == NULL || res == NULL) goto err;
+
+ /* First we normalise the numbers */
+ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+ if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+ sdiv->neg=0;
+ norm_shift+=BN_BITS2;
+ if (!(BN_lshift(snum,num,norm_shift))) goto err;
+ snum->neg=0;
+
+ /* Since we don't know whether snum is larger than sdiv,
+ * we pad snum with enough zeroes without changing its
+ * value.
+ */
+ if (snum->top <= sdiv->top+1)
+ {
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
+ for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
+ snum->top = sdiv->top + 2;
+ }
+ else
+ {
+ if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
+ snum->d[snum->top] = 0;
+ snum->top ++;
+ }
+
+ div_n=sdiv->top;
+ num_n=snum->top;
+ loop=num_n-div_n;
+ /* Lets setup a 'window' into snum
+ * This is the part that corresponds to the current
+ * 'area' being divided */
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
+ /* only needed when BN_ucmp messes up the values between top and max */
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+ /* Get the top 2 words of sdiv */
+ /* div_n=sdiv->top; */
+ d0=sdiv->d[div_n-1];
+ d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+ /* pointer to the 'top' of snum */
+ wnump= &(snum->d[num_n-1]);
+
+ /* Setup to 'res' */
+ res->neg= (num->neg^divisor->neg);
+ if (!bn_wexpand(res,(loop+1))) goto err;
+ res->top=loop-1;
+ resp= &(res->d[loop-1]);
+
+ /* space for temp */
+ if (!bn_wexpand(tmp,(div_n+1))) goto err;
+
+ /* if res->top == 0 then clear the neg value otherwise decrease
+ * the resp pointer */
+ if (res->top == 0)
+ res->neg = 0;
+ else
+ resp--;
+
+ for (i=0; i<loop-1; i++, wnump--, resp--)
+ {
+ BN_ULONG q,l0;
+ /* the first part of the loop uses the top two words of
+ * snum and sdiv to calculate a BN_ULONG q such that
+ * | wnum - sdiv * q | < sdiv */
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+ BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
+ q=bn_div_3_words(wnump,d1,d0);
+#else
+ BN_ULONG n0,n1,rem=0;
+
+ n0=wnump[0];
+ n1=wnump[-1];
+ if (n0 == d0)
+ q=BN_MASK2;
+ else /* n0 < d0 */
+ {
+#ifdef BN_LLONG
+ BN_ULLONG t2;
+
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+ q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+#else
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#endif
+
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+ t2=(BN_ULLONG)d1*q;
+
+ for (;;)
+ {
+ if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ t2 -= d1;
+ }
+#else /* !BN_LLONG */
+ BN_ULONG t2l,t2h,ql,qh;
+
+ q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+ n0, n1, d0, q);
+#endif
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+ rem=(n1-q*d0)&BN_MASK2;
+#endif
+
+#if defined(BN_UMULT_LOHI)
+ BN_UMULT_LOHI(t2l,t2h,d1,q);
+#elif defined(BN_UMULT_HIGH)
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH(d1,q);
+#else
+ t2l=LBITS(d1); t2h=HBITS(d1);
+ ql =LBITS(q); qh =HBITS(q);
+ mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+#endif
+
+ for (;;)
+ {
+ if ((t2h < rem) ||
+ ((t2h == rem) && (t2l <= wnump[-2])))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0) break; /* don't let rem overflow */
+ if (t2l < d1) t2h--; t2l -= d1;
+ }
+#endif /* !BN_LLONG */
+ }
+#endif /* !BN_DIV3W */
+
+ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+ tmp->d[div_n]=l0;
+ wnum.d--;
+ /* ingore top values of the bignums just sub the two
+ * BN_ULONG arrays with bn_sub_words */
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
+ {
+ /* Note: As we have considered only the leading
+ * two BN_ULONGs in the calculation of q, sdiv * q
+ * might be greater than wnum (but then (q-1) * sdiv
+ * is less or equal than wnum)
+ */
+ q--;
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+ /* we can't have an overflow here (assuming
+ * that q != 0, but if q == 0 then tmp is
+ * zero anyway) */
+ (*wnump)++;
+ }
+ /* store part of the result */
+ *resp = q;
+ }
+ bn_correct_top(snum);
+ if (rm != NULL)
+ {
+ /* Keep a copy of the neg flag in num because if rm==num
+ * BN_rshift() will overwrite it.
+ */
+ int neg = num->neg;
+ BN_rshift(rm,snum,norm_shift);
+ if (!BN_is_zero(rm))
+ rm->neg = neg;
+ bn_check_top(rm);
+ }
+ bn_correct_top(res);
+ BN_CTX_end(ctx);
+ return(1);
+err:
+ bn_check_top(rm);
+ BN_CTX_end(ctx);
+ return(0);
+ }
+
#endif
diff -up openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch openssl-0.9.8b/crypto/bn/bn_gcd.c
--- openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch 2005-08-29 01:20:43.000000000 +0200
+++ openssl-0.9.8b/crypto/bn/bn_gcd.c 2007-08-03 13:58:58.000000000 +0200
@@ -203,6 +203,8 @@ err:
/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
BIGNUM *BN_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
@@ -210,6 +212,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
BIGNUM *ret=NULL;
int sign;
+ if (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)
+ {
+ return BN_mod_inverse_no_branch(in, a, n, ctx);
+ }
+
bn_check_top(a);
bn_check_top(n);
@@ -491,3 +498,157 @@ err:
bn_check_top(ret);
return(ret);
}
+
+
+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
+ * It does not contain branches that may leak sensitive information.
+ */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+ {
+ BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+ BIGNUM local_A, local_B;
+ BIGNUM *pA, *pB;
+ BIGNUM *ret=NULL;
+ int sign;
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL) goto err;
+
+ if (in == NULL)
+ R=BN_new();
+ else
+ R=in;
+ if (R == NULL) goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B,a) == NULL) goto err;
+ if (BN_copy(A,n) == NULL) goto err;
+ A->neg = 0;
+
+ if (B->neg || (BN_ucmp(B, A) >= 0))
+ {
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pB = &local_B;
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+ if (!BN_nnmod(B, pB, A, ctx)) goto err;
+ }
+ sign = -1;
+ /* From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ while (!BN_is_zero(B))
+ {
+ BIGNUM *tmp;
+
+ /*
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pA = &local_A;
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (!BN_div(D,M,pA,B,ctx)) goto err;
+
+ /* Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp=A; /* keep the BIGNUM object, the value does not matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A=B;
+ B=M;
+ /* ... so we have 0 <= B < A again */
+
+ /* Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ if (!BN_mul(tmp,D,X,ctx)) goto err;
+ if (!BN_add(tmp,tmp,Y)) goto err;
+
+ M=Y; /* keep the BIGNUM object, the value does not matter */
+ Y=X;
+ X=tmp;
+ sign = -sign;
+ }
+
+ /*
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0)
+ {
+ if (!BN_sub(Y,n,Y)) goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+ if (BN_is_one(A))
+ {
+ /* Y*a == 1 (mod |n|) */
+ if (!Y->neg && BN_ucmp(Y,n) < 0)
+ {
+ if (!BN_copy(R,Y)) goto err;
+ }
+ else
+ {
+ if (!BN_nnmod(R,Y,n,ctx)) goto err;
+ }
+ }
+ else
+ {
+ BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ goto err;
+ }
+ ret=R;
+err:
+ if ((ret == NULL) && (in == NULL)) BN_free(R);
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return(ret);
+ }

File diff suppressed because it is too large Load Diff

View File

@ -1,45 +0,0 @@
Possible one byte buffer overflow in SSL_get_shared_ciphers.
CVE-2007-5135
diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c
--- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200
+++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200
@@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha
char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
{
char *p;
- const char *cp;
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int i;
@@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL *
sk=s->session->ciphers;
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- /* Decrement for either the ':' or a '\0' */
- len--;
+ int n;
+
c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
+ n=strlen(c->name);
+ if (n+1 > len)
{
- if (len-- <= 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
+ if (p != buf)
+ --p;
+ *p='\0';
+ return buf;
}
+ strcpy(p,c->name);
+ p+=n;
*(p++)=':';
+ len-=n+1;
}
p[-1]='\0';
return(buf);

View File

@ -1,32 +0,0 @@
--- openssl-0.9.8a/apps/enc.c.orig 2006-07-27 18:37:05.000000000 -0500
+++ openssl-0.9.8a/apps/enc.c 2006-07-27 18:38:30.000000000 -0500
@@ -340,7 +340,7 @@
}
/* It must be large enough for a base64 encoded line */
- if (n < 80) n=80;
+ if (base64 && n < 80) n=80;
bsize=(int)n;
if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
@@ -370,7 +370,11 @@
}
if (inf == NULL)
+ {
+ if (bufsize != NULL)
+ setvbuf(stdin, (char *)NULL, _IONBF, 0);
BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ }
else
{
if (BIO_read_filename(in,inf) <= 0)
@@ -421,6 +425,8 @@
if (outf == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ if (bufsize != NULL)
+ setvbuf(stdout, (char *)NULL, _IONBF, 0);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());

View File

@ -1,49 +0,0 @@
openssl/crypto/pkcs12/p12_mutl.c 1.23.2.1 -> 1.23.2.2
--- openssl/crypto/pkcs12/p12_mutl.c 2005/06/30 11:34:27 1.23.2.1
+++ openssl/crypto/pkcs12/p12_mutl.c 2006/05/17 18:20:27 1.23.2.2
@@ -69,7 +69,7 @@
{
const EVP_MD *md_type;
HMAC_CTX hmac;
- unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+ unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
if (!PKCS7_type_is_data(p12->authsafes))
@@ -88,12 +88,12 @@
return 0;
}
if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
- PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+ EVP_MD_size(md_type), key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
return 0;
}
HMAC_CTX_init(&hmac);
- HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
HMAC_Update(&hmac, p12->authsafes->d.data->data,
p12->authsafes->d.data->length);
HMAC_Final(&hmac, mac, maclen);
openssl/apps/pkcs12.c 1.79.2.1 -> 1.79.2.2
--- openssl/apps/pkcs12.c 2005/05/31 17:31:50 1.79.2.1
+++ openssl/apps/pkcs12.c 2006/05/17 18:25:59 1.79.2.2
@@ -825,12 +825,14 @@
PBEPARAM *pbe;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
- pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ if (!pbe)
+ return 1;
BIO_printf (bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free (pbe);
- return 0;
+ return 1;
}
/* Load all certificates from a given file */

View File

@ -1,20 +0,0 @@
--- openssl-0.9.8b/crypto/pkcs7/pk7_smime.c.pk7-leak 2005-08-05 00:10:05.000000000 +0200
+++ openssl-0.9.8b/crypto/pkcs7/pk7_smime.c 2006-07-20 13:53:16.000000000 +0200
@@ -127,6 +127,8 @@
}
}
+ if(flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1);
+
if (flags & PKCS7_STREAM)
return p7;
@@ -138,8 +140,6 @@
SMIME_crlf_copy(data, p7bio, flags);
- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-
if (!PKCS7_dataFinal(p7,p7bio)) {
PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
PKCS7_free(p7);

View File

@ -1,33 +0,0 @@
--- openssl-0.9.8b/crypto/x509/by_dir.c.add-dir 2005-07-03 15:15:53.000000000 +0200
+++ openssl-0.9.8b/crypto/x509/by_dir.c 2006-10-03 15:14:06.000000000 +0200
@@ -189,7 +189,7 @@
s=dir;
p=s;
- for (;;)
+ for (;;p++)
{
if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
{
@@ -198,8 +198,11 @@
len=(int)(p-ss);
if (len == 0) continue;
for (j=0; j<ctx->num_dirs; j++)
- if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
- continue;
+ if (strlen(ctx->dirs[j]) == len &&
+ strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+ break;
+ if (j<ctx->num_dirs)
+ continue;
if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
{
ctx->num_dirs_alloced+=10;
@@ -231,7 +234,6 @@
ctx->num_dirs++;
}
if (*p == '\0') break;
- p++;
}
return(1);
}

View File

@ -1,103 +1,7 @@
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_apps.h openssl-0.9.8b/apps/s_apps.h diff -up openssl-0.9.8g/apps/s_socket.c.ipv6-apps openssl-0.9.8g/apps/s_socket.c
--- openssl-0.9.8b.orig/apps/s_apps.h 2006-07-11 16:14:29.000000000 +0200 --- openssl-0.9.8g/apps/s_socket.c.ipv6-apps 2005-06-13 05:21:00.000000000 +0200
+++ openssl-0.9.8b/apps/s_apps.h 2006-07-13 08:44:29.000000000 +0200 +++ openssl-0.9.8g/apps/s_socket.c 2007-12-03 13:28:42.000000000 +0100
@@ -148,7 +148,7 @@ @@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,10 +156,9 @@
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_client.c openssl-0.9.8b/apps/s_client.c
--- openssl-0.9.8b.orig/apps/s_client.c 2005-11-25 14:46:41.000000000 +0100
+++ openssl-0.9.8b/apps/s_client.c 2006-07-13 08:44:29.000000000 +0200
@@ -246,7 +246,7 @@
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port_str = PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -330,13 +330,12 @@
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ if (!extract_host_port(*(++argv),&host,&port_str))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -619,7 +618,7 @@
re_start:
- if (init_client(&s,host,port,sock_type) == 0)
+ if (init_client(&s,host,port_str,sock_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_server.c openssl-0.9.8b/apps/s_server.c
--- openssl-0.9.8b.orig/apps/s_server.c 2005-09-02 14:27:02.000000000 +0200
+++ openssl-0.9.8b/apps/s_server.c 2006-07-13 08:44:29.000000000 +0200
@@ -532,7 +532,7 @@
{
X509_STORE *store = NULL;
int vflags = 0;
- short port=PORT;
+ char *port_str = PORT_STR;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -597,8 +597,7 @@
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1086,9 +1085,9 @@
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
- do_server(port,sock_type,&accept_socket,www_body, context);
+ do_server(port_str,sock_type,&accept_socket,www_body, context);
else
- do_server(port,sock_type,&accept_socket,sv_body, context);
+ do_server(port_str,sock_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_socket.c openssl-0.9.8b/apps/s_socket.c
--- openssl-0.9.8b.orig/apps/s_socket.c 2005-06-13 05:21:00.000000000 +0200
+++ openssl-0.9.8b/apps/s_socket.c 2006-07-13 08:44:29.000000000 +0200
@@ -96,9 +96,7 @@
static void ssl_sock_cleanup(void); static void ssl_sock_cleanup(void);
#endif #endif
static int ssl_sock_init(void); static int ssl_sock_init(void);
@ -108,7 +12,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
static int do_accept(int acc_sock, int *sock, char **host); static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]); static int host_ip(char *str, unsigned char ip[4]);
@@ -228,60 +226,69 @@ @@ -228,60 +226,69 @@ static int ssl_sock_init(void)
return(1); return(1);
} }
@ -208,17 +112,17 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
+ res = res->ai_next; + res = res->ai_next;
+ } + }
+ freeaddrinfo(res0); + freeaddrinfo(res0);
+
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ perror(failed_call); + perror(failed_call);
+ return(0); + return(0);
+ } + }
+
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) +int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{ {
int sock; int sock;
char *name = NULL; char *name = NULL;
@@ -319,33 +326,38 @@ @@ -319,33 +326,38 @@ int do_server(int port, int type, int *r
} }
} }
@ -248,15 +152,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
-#else -#else
- memcpy(&server.sin_addr,ip,4); - memcpy(&server.sin_addr,ip,4);
-#endif -#endif
- + memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
- if (type == SOCK_STREAM) - if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */ - else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); - s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+
+ e = getaddrinfo(NULL, port, &hints, &res); + e = getaddrinfo(NULL, port, &hints, &res);
+ if (e) + if (e)
+ { + {
@ -279,7 +182,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
#if defined SOL_SOCKET && defined SO_REUSEADDR #if defined SOL_SOCKET && defined SO_REUSEADDR
{ {
int j = 1; int j = 1;
@@ -353,36 +365,39 @@ @@ -353,36 +365,39 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j); (void *) &j, sizeof j);
} }
#endif #endif
@ -339,7 +242,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
int len; int len;
/* struct linger ling; */ /* struct linger ling; */
@@ -427,137 +442,62 @@ @@ -427,137 +442,62 @@ redoit:
if (i < 0) { perror("keepalive"); return(0); } if (i < 0) { perror("keepalive"); return(0); }
*/ */
@ -353,14 +256,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
- sizeof(struct in_addr),AF_INET); - sizeof(struct in_addr),AF_INET);
-#endif -#endif
- if (h1 == NULL) - if (h1 == NULL)
+ if (host == NULL) - {
{
- BIO_printf(bio_err,"bad gethostbyaddr\n"); - BIO_printf(bio_err,"bad gethostbyaddr\n");
- *host=NULL; - *host=NULL;
- /* return(0); */ - /* return(0); */
- } - }
- else - else
- { + if (host == NULL)
{
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) - if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
- { - {
- perror("OPENSSL_malloc"); - perror("OPENSSL_malloc");
@ -506,3 +409,99 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_
return(1); return(1);
} }
diff -up openssl-0.9.8g/apps/s_server.c.ipv6-apps openssl-0.9.8g/apps/s_server.c
--- openssl-0.9.8g/apps/s_server.c.ipv6-apps 2007-08-23 14:16:02.000000000 +0200
+++ openssl-0.9.8g/apps/s_server.c 2007-12-03 13:31:14.000000000 +0100
@@ -592,7 +592,7 @@ int MAIN(int argc, char *argv[])
{
X509_STORE *store = NULL;
int vflags = 0;
- short port=PORT;
+ char *port_str = PORT_STR;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -662,8 +662,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1332,9 +1331,9 @@ bad:
}
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-0.9.8g/apps/s_client.c.ipv6-apps openssl-0.9.8g/apps/s_client.c
--- openssl-0.9.8g/apps/s_client.c.ipv6-apps 2007-08-23 14:20:56.000000000 +0200
+++ openssl-0.9.8g/apps/s_client.c 2007-12-03 13:28:42.000000000 +0100
@@ -285,7 +285,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port_str = PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ if (!extract_host_port(*(++argv),&host,&port_str))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -739,7 +738,7 @@ bad:
re_start:
- if (init_client(&s,host,port,sock_type) == 0)
+ if (init_client(&s,host,port_str,sock_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-0.9.8g/apps/s_apps.h.ipv6-apps openssl-0.9.8g/apps/s_apps.h
--- openssl-0.9.8g/apps/s_apps.h.ipv6-apps 2007-12-03 13:28:42.000000000 +0100
+++ openssl-0.9.8g/apps/s_apps.h 2007-12-03 13:28:42.000000000 +0100
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);

View File

@ -1,6 +1,7 @@
--- openssl-0.9.8a/Configure.redhat 2005-11-08 01:50:41.000000000 +0100 diff -up openssl-0.9.8g/Configure.redhat openssl-0.9.8g/Configure
+++ openssl-0.9.8a/Configure 2005-11-08 10:23:38.000000000 +0100 --- openssl-0.9.8g/Configure.redhat 2007-09-16 14:24:17.000000000 +0200
@@ -313,29 +313,29 @@ +++ openssl-0.9.8g/Configure 2007-12-03 13:16:08.000000000 +0100
@@ -313,28 +313,28 @@ my %table=(
#### ####
# *-generic* is endian-neutral target, but ./config is free to # *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate... # throw in -D[BL]_ENDIAN, whichever appropriate...
@ -16,10 +17,9 @@
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
#### ####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -36,12 +36,12 @@
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### Alpha Linux with GNU C and Compaq C setups #### Alpha Linux with GNU C and Compaq C setups
# Special notes: # Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -349,8 +349,8 @@ @@ -348,8 +348,8 @@ my %table=(
# #
# <appro@fy.chalmers.se> # <appro@fy.chalmers.se>
# #

View File

@ -3,17 +3,30 @@ compatibility, we have to increment the soname in order to allow
this version to co-exist with another versions and have everything this version to co-exist with another versions and have everything
work right. work right.
--- openssl-0.9.8b/Makefile.org.soversion 2006-05-11 11:53:26.000000000 +0200 diff -up openssl-0.9.8g/Configure.soversion openssl-0.9.8g/Configure
+++ openssl-0.9.8b/Makefile.org 2006-05-11 12:14:05.000000000 +0200 --- openssl-0.9.8g/Configure.soversion 2007-12-03 14:41:19.000000000 +0100
@@ -10,6 +10,7 @@ +++ openssl-0.9.8g/Configure 2007-12-03 14:41:19.000000000 +0100
@@ -1371,7 +1371,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
diff -up openssl-0.9.8g/Makefile.org.soversion openssl-0.9.8g/Makefile.org
--- openssl-0.9.8g/Makefile.org.soversion 2007-12-03 14:41:19.000000000 +0100
+++ openssl-0.9.8g/Makefile.org 2007-12-03 14:41:19.000000000 +0100
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR= SHLIB_MAJOR=
SHLIB_MINOR= SHLIB_MINOR=
SHLIB_EXT= SHLIB_EXT=
+SHLIB_SONAMEVER=6 +SHLIB_SONAMEVER=7
PLATFORM=dist PLATFORM=dist
OPTIONS= OPTIONS=
CONFIGURE_ARGS= CONFIGURE_ARGS=
@@ -277,10 +278,9 @@ @@ -277,10 +278,9 @@ clean-shared:
link-shared: link-shared:
@ set -e; for i in ${SHLIBDIRS}; do \ @ set -e; for i in ${SHLIBDIRS}; do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
@ -25,7 +38,7 @@ work right.
done done
build-shared: do_$(SHLIB_TARGET) link-shared build-shared: do_$(SHLIB_TARGET) link-shared
@@ -291,7 +291,7 @@ @@ -291,7 +291,7 @@ do_$(SHLIB_TARGET):
libs="$(LIBKRB5) $$libs"; \ libs="$(LIBKRB5) $$libs"; \
fi; \ fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
@ -34,14 +47,3 @@ work right.
LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
LIBDEPS="$$libs $(EX_LIBS)" \ LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \ link_a.$(SHLIB_TARGET); \
--- openssl-0.9.8b/Configure.soversion 2006-05-11 11:53:26.000000000 +0200
+++ openssl-0.9.8b/Configure 2006-05-11 11:53:26.000000000 +0200
@@ -1327,7 +1327,7 @@
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{

View File

@ -6,7 +6,8 @@
# 0.9.7a soversion = 4 # 0.9.7a soversion = 4
# 0.9.7ef soversion = 5 # 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6 # 0.9.8ab soversion = 6
%define soversion 6 # 0.9.8g soversion = 7
%define soversion 7
# Number of threads to spawn when testing some threading fixes. # Number of threads to spawn when testing some threading fixes.
%define thread_test_threads %{?threads:%{threads}}%{!?threads:1} %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@ -20,8 +21,8 @@
Summary: The OpenSSL toolkit Summary: The OpenSSL toolkit
Name: openssl Name: openssl
Version: 0.9.8b Version: 0.9.8g
Release: 17%{?dist} Release: 1%{?dist}
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
@ -33,41 +34,25 @@ Source8: openssl-thread-test.c
Source9: opensslconf-new.h Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h Source10: opensslconf-new-warning.h
# Build changes # Build changes
Patch0: openssl-0.9.8a-redhat.patch Patch0: openssl-0.9.8g-redhat.patch
Patch1: openssl-0.9.8a-defaults.patch Patch1: openssl-0.9.8a-defaults.patch
Patch2: openssl-0.9.8a-link-krb5.patch Patch2: openssl-0.9.8a-link-krb5.patch
Patch3: openssl-0.9.8b-soversion.patch Patch3: openssl-0.9.8g-soversion.patch
Patch4: openssl-0.9.8a-enginesdir.patch Patch4: openssl-0.9.8a-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch Patch5: openssl-0.9.8a-no-rpath.patch
Patch24: openssl-0.9.8a-padlock.patch Patch6: openssl-0.9.8b-test-use-localhost.patch
# Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8b-x509-name-cmp.patch
# Functionality changes # Functionality changes
Patch32: openssl-0.9.7-beta6-ia64.patch Patch32: openssl-0.9.7-beta6-ia64.patch
Patch33: openssl-0.9.7f-ca-dir.patch Patch33: openssl-0.9.7f-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.7-beta5-version-add-engines.patch Patch35: openssl-0.9.7-beta5-version-add-engines.patch
Patch36: openssl-0.9.8a-use-poll.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch
Patch39: openssl-0.9.8b-ipv6-apps.patch Patch39: openssl-0.9.8g-ipv6-apps.patch
Patch40: openssl-0.9.8b-enc-bufsize.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch51: openssl-0.9.8b-block-padding.patch # None yet
Patch52: openssl-0.9.8b-pkcs12-fix.patch
Patch53: openssl-0.9.8b-bn-threadsafety.patch
Patch54: openssl-0.9.8b-aes-cachecol.patch
Patch55: openssl-0.9.8b-pkcs7-leak.patch
Patch56: openssl-0.9.8b-cve-2006-4339.patch
Patch57: openssl-0.9.8b-cve-2006-2937.patch
Patch58: openssl-0.9.8b-cve-2006-2940.patch
Patch59: openssl-0.9.8b-cve-2006-3738.patch
Patch60: openssl-0.9.8b-cve-2006-4343.patch
Patch61: openssl-0.9.8b-aliasing-bug.patch
Patch62: openssl-0.9.8b-x509-name-cmp.patch
Patch63: openssl-0.9.8b-x509-add-dir.patch
Patch64: openssl-0.9.8b-test-use-localhost.patch
Patch65: openssl-0.9.8b-cve-2007-3108.patch
Patch66: openssl-0.9.7a-ssl-strict-matching.patch
Patch67: openssl-0.9.8b-cve-2007-4995.patch
Patch68: openssl-0.9.8b-cve-2007-5135.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -116,36 +101,17 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch3 -p1 -b .soversion %patch3 -p1 -b .soversion
%patch4 -p1 -b .enginesdir %patch4 -p1 -b .enginesdir
%patch5 -p1 -b .no-rpath %patch5 -p1 -b .no-rpath
%patch6 -p1 -b .use-localhost
%patch24 -p1 -b .padlock %patch21 -p1 -b .aliasing-bug
%patch22 -p1 -b .name-cmp
%patch32 -p1 -b .ia64 %patch32 -p1 -b .ia64
#patch33 is applied after make test #patch33 is applied after make test
%patch34 -p1 -b .x509 %patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines %patch35 -p1 -b .version-add-engines
%patch36 -p1 -b .use-poll
%patch38 -p1 -b .cipher-change %patch38 -p1 -b .cipher-change
%patch39 -p1 -b .ipv6-apps %patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .enc-bufsize
%patch51 -p1 -b .block-padding
%patch52 -p1 -b .pkcs12-fix
%patch53 -p1 -b .bn-threadsafety
%patch54 -p1 -b .cachecol
%patch55 -p1 -b .pkcs7-leak
%patch56 -p1 -b .short-padding
%patch57 -p1 -b .asn1-error
%patch58 -p0 -b .parasitic
%patch59 -p0 -b .shared-ciphers
%patch60 -p0 -b .client-dos
%patch61 -p1 -b .aliasing-bug
%patch62 -p1 -b .name-cmp
%patch63 -p1 -b .add-dir
%patch64 -p1 -b .use-localhost
%patch65 -p1 -b .no-branch
%patch66 -p1 -b .strict-matching
%patch67 -p1 -b .dtls-fixes
%patch68 -p1 -b .shciphers
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -386,6 +352,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Mon Nov 3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
- update to latest upstream release, SONAME bumped to 7
* Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17 * Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
- update to new CA bundle from mozilla.org - update to new CA bundle from mozilla.org

View File

@ -1 +1 @@
c99f8df9f19fdd38ee784b0ac06c2221 openssl-0.9.8b-usa.tar.bz2 3208630e1965e9b801a21831995ad537 openssl-0.9.8g-usa.tar.bz2