From 3849a1678a370efe9b96f0361b0005a5ef5251d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Mon, 3 Dec 2007 14:24:08 +0000 Subject: [PATCH] - update to latest upstream release, SONAME bumped to 7 --- .cvsignore | 2 +- openssl-0.9.7a-ssl-strict-matching.patch | 69 - openssl-0.9.8a-padlock.patch | 22 - openssl-0.9.8a-use-poll.patch | 73 - openssl-0.9.8b-aes-cachecol.patch | 777 --------- openssl-0.9.8b-block-padding.patch | 22 - openssl-0.9.8b-bn-threadsafety.patch | 447 ------ openssl-0.9.8b-cve-2006-2937.patch | 25 - openssl-0.9.8b-cve-2006-2940.patch | 215 --- openssl-0.9.8b-cve-2006-3738.patch | 27 - openssl-0.9.8b-cve-2006-4339.patch | 77 - openssl-0.9.8b-cve-2006-4343.patch | 17 - openssl-0.9.8b-cve-2007-3108.patch | 934 ----------- openssl-0.9.8b-cve-2007-4995.patch | 1429 ----------------- openssl-0.9.8b-cve-2007-5135.patch | 45 - openssl-0.9.8b-enc-bufsize.patch | 32 - openssl-0.9.8b-pkcs12-fix.patch | 49 - openssl-0.9.8b-pkcs7-leak.patch | 20 - openssl-0.9.8b-x509-add-dir.patch | 33 - ...ps.patch => openssl-0.9.8g-ipv6-apps.patch | 229 ++- ...edhat.patch => openssl-0.9.8g-redhat.patch | 16 +- ...on.patch => openssl-0.9.8g-soversion.patch | 36 +- openssl.spec | 67 +- sources | 2 +- 24 files changed, 161 insertions(+), 4504 deletions(-) delete mode 100644 openssl-0.9.7a-ssl-strict-matching.patch delete mode 100644 openssl-0.9.8a-padlock.patch delete mode 100644 openssl-0.9.8a-use-poll.patch delete mode 100644 openssl-0.9.8b-aes-cachecol.patch delete mode 100644 openssl-0.9.8b-block-padding.patch delete mode 100644 openssl-0.9.8b-bn-threadsafety.patch delete mode 100644 openssl-0.9.8b-cve-2006-2937.patch delete mode 100644 openssl-0.9.8b-cve-2006-2940.patch delete mode 100644 openssl-0.9.8b-cve-2006-3738.patch delete mode 100644 openssl-0.9.8b-cve-2006-4339.patch delete mode 100644 openssl-0.9.8b-cve-2006-4343.patch delete mode 100644 openssl-0.9.8b-cve-2007-3108.patch delete mode 100644 openssl-0.9.8b-cve-2007-4995.patch delete mode 100644 openssl-0.9.8b-cve-2007-5135.patch delete mode 100644 openssl-0.9.8b-enc-bufsize.patch delete mode 100644 openssl-0.9.8b-pkcs12-fix.patch delete mode 100644 openssl-0.9.8b-pkcs7-leak.patch delete mode 100644 openssl-0.9.8b-x509-add-dir.patch rename openssl-0.9.8b-ipv6-apps.patch => openssl-0.9.8g-ipv6-apps.patch (86%) rename openssl-0.9.8a-redhat.patch => openssl-0.9.8g-redhat.patch (91%) rename openssl-0.9.8b-soversion.patch => openssl-0.9.8g-soversion.patch (69%) diff --git a/.cvsignore b/.cvsignore index 664ec60..d37598a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openssl-0.9.8b-usa.tar.bz2 +openssl-0.9.8g-usa.tar.bz2 diff --git a/openssl-0.9.7a-ssl-strict-matching.patch b/openssl-0.9.7a-ssl-strict-matching.patch deleted file mode 100644 index d0da06a..0000000 --- a/openssl-0.9.7a-ssl-strict-matching.patch +++ /dev/null @@ -1,69 +0,0 @@ -*) In the SSL/TLS server implementation, be strict about session ID - context matching (which matters if an application uses a single - external cache for different purposes). Previously, - out-of-context reuse was forbidden only if SSL_VERIFY_PEER was - set. This did ensure strict client verification, but meant that, - with applications using a single external cache for quite - different requirements, clients could circumvent ciphersuite - restrictions for a given session ID context by starting a session - in a different context. -diff -up openssl-0.9.7a/ssl/ssl_sess.c.strict-matching openssl-0.9.7a/ssl/ssl_sess.c ---- openssl-0.9.7a/ssl/ssl_sess.c.strict-matching 2002-11-28 09:09:03.000000000 +0100 -+++ openssl-0.9.7a/ssl/ssl_sess.c 2007-08-02 16:17:29.000000000 +0200 -@@ -322,33 +322,35 @@ int ssl_get_prev_session(SSL *s, unsigne - - /* Now ret is non-NULL, and we own one of its reference counts. */ - -- if((s->verify_mode&SSL_VERIFY_PEER) -- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length -- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) -- { -+ if (ret->sid_ctx_length != s->sid_ctx_length -+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) -+ { - /* We've found the session named by the client, but we don't - * want to use it in this context. */ -- -- if (s->sid_ctx_length == 0) -- { -- /* application should have used SSL[_CTX]_set_session_id_context -- * -- we could tolerate this and just pretend we never heard -- * of this session, but then applications could effectively -- * disable the session cache by accident without anyone noticing */ - -- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); -- fatal = 1; -- goto err; -- } -- else -- { - #if 0 /* The client cannot always know when a session is not appropriate, -- * so we shouldn't generate an error message. */ -+ * so we shouldn't generate an error message. */ - -- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); -+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - #endif -- goto err; /* treat like cache miss */ -- } -+ goto err; /* treat like cache miss */ -+ } -+ -+ if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) -+ { -+ /* We can't be sure if this session is being used out of -+ * context, which is especially important for SSL_VERIFY_PEER. -+ * The application should have used SSL[_CTX]_set_session_id_context. -+ * -+ * For this error case, we generate an error instead of treating -+ * the event like a cache miss (otherwise it would be easy for -+ * applications to effectively disable the session cache by -+ * accident without anyone noticing). -+ */ -+ -+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); -+ fatal = 1; -+ goto err; - } - - if (ret->cipher == NULL) diff --git a/openssl-0.9.8a-padlock.patch b/openssl-0.9.8a-padlock.patch deleted file mode 100644 index def4e80..0000000 --- a/openssl-0.9.8a-padlock.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- openssl-0.9.8b/crypto/engine/eng_all.c.padlock 2005-04-19 15:24:44.000000000 +0200 -+++ openssl-0.9.8b/crypto/engine/eng_all.c 2006-06-21 19:57:29.000000000 +0200 -@@ -69,6 +69,9 @@ - ENGINE_load_openssl(); - #endif - ENGINE_load_dynamic(); -+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) -+ ENGINE_load_padlock(); -+#endif - #ifndef OPENSSL_NO_STATIC_ENGINE - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_4758_CCA -@@ -95,9 +98,6 @@ - #ifndef OPENSSL_NO_HW_UBSEC - ENGINE_load_ubsec(); - #endif --#ifndef OPENSSL_NO_HW_PADLOCK -- ENGINE_load_padlock(); --#endif - #endif - #if defined(__OpenBSD__) || defined(__FreeBSD__) - ENGINE_load_cryptodev(); diff --git a/openssl-0.9.8a-use-poll.patch b/openssl-0.9.8a-use-poll.patch deleted file mode 100644 index 8a544a3..0000000 --- a/openssl-0.9.8a-use-poll.patch +++ /dev/null @@ -1,73 +0,0 @@ ---- openssl-0.9.8a/crypto/rand/rand_unix.c.use-poll 2005-08-29 01:20:48.000000000 +0200 -+++ openssl-0.9.8a/crypto/rand/rand_unix.c 2005-11-08 01:28:35.000000000 +0100 -@@ -125,6 +125,7 @@ - #include - #include - #include -+#include - - #ifdef __OpenBSD__ - int RAND_poll(void) -@@ -157,6 +158,7 @@ - struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; - int fd; - size_t i; -+ struct pollfd pfd; - #endif - #ifdef DEVRANDOM_EGD - static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; -@@ -184,11 +186,10 @@ - #endif - )) >= 0) - { -- struct timeval t = { 0, 10*1000 }; /* Spend 10ms on -+ int t = 10; /* Spend 10ms on - each file. */ - int r; - size_t j; -- fd_set fset; - struct stat *st=&randomstats[i]; - - /* Avoid using same input... Used to be O_NOFOLLOW -@@ -204,30 +205,25 @@ - - do - { -- FD_ZERO(&fset); -- FD_SET(fd, &fset); -- r = -1; -- -- if (select(fd+1,&fset,NULL,NULL,&t) < 0) -- t.tv_usec=0; -- else if (FD_ISSET(fd, &fset)) -+ pfd.fd = fd; -+ pfd.events = POLLIN; -+ pfd.revents = 0; -+ -+ if ((r=poll(&pfd,1,t)) == 0) -+ t = 0; -+ else if (r > 0 && (pfd.revents & POLLIN)) - { - r=read(fd,(unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); - if (r > 0) - n += r; - } -- -- /* Some Unixen will update t, some -- won't. For those who won't, give -- up here, otherwise, we will do -- this once again for the remaining -- time. */ -- if (t.tv_usec == 10*1000) -- t.tv_usec=0; -+ /* we don't know how big part of the timeout elapsed -+ wait half the original timeout next time */ -+ t >>= 1; - } - while ((r > 0 || (errno == EINTR || errno == EAGAIN)) -- && t.tv_usec != 0 && n < ENTROPY_NEEDED); -+ && t != 0 && n < ENTROPY_NEEDED); - - close(fd); - } diff --git a/openssl-0.9.8b-aes-cachecol.patch b/openssl-0.9.8b-aes-cachecol.patch deleted file mode 100644 index b798e87..0000000 --- a/openssl-0.9.8b-aes-cachecol.patch +++ /dev/null @@ -1,777 +0,0 @@ -openssl/crypto/aes/aes_core.c 1.7 -> 1.7.2.1 - ---- openssl/crypto/aes/aes_core.c 2005/01/24 14:22:05 1.7 -+++ openssl/crypto/aes/aes_core.c 2006/06/28 08:58:15 1.7.2.1 -@@ -44,22 +44,14 @@ - Te1[x] = S [x].[03, 02, 01, 01]; - Te2[x] = S [x].[01, 03, 02, 01]; - Te3[x] = S [x].[01, 01, 03, 02]; --Te4[x] = S [x].[01, 01, 01, 01]; - - Td0[x] = Si[x].[0e, 09, 0d, 0b]; - Td1[x] = Si[x].[0b, 0e, 09, 0d]; - Td2[x] = Si[x].[0d, 0b, 0e, 09]; - Td3[x] = Si[x].[09, 0d, 0b, 0e]; --Td4[x] = Si[x].[01, 01, 01, 01]; -+Td4[x] = Si[x].[01]; - */ - --#ifdef AES_ASM --extern const u32 AES_Te[5][256]; --#define Te0 AES_Te[0] --#define Te1 AES_Te[1] --#define Te2 AES_Te[2] --#define Te3 AES_Te[3] --#else - static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, -@@ -324,81 +316,7 @@ - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, - }; --#endif --static const u32 Te4[256] = { -- 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, -- 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, -- 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, -- 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, -- 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, -- 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, -- 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, -- 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, -- 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, -- 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, -- 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, -- 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, -- 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, -- 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, -- 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, -- 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, -- 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, -- 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, -- 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, -- 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, -- 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, -- 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, -- 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, -- 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, -- 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, -- 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, -- 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, -- 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, -- 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, -- 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, -- 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, -- 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, -- 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, -- 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, -- 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, -- 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, -- 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, -- 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, -- 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, -- 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, -- 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, -- 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, -- 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, -- 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, -- 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, -- 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, -- 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, -- 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, -- 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, -- 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, -- 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, -- 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, -- 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, -- 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, -- 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, -- 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, -- 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, -- 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, -- 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, -- 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, -- 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, -- 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, -- 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, -- 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, --}; - --#ifdef AES_ASM --extern const u32 AES_Td[5][256]; --#define Td0 AES_Td[0] --#define Td1 AES_Td[1] --#define Td2 AES_Td[2] --#define Td3 AES_Td[3] --#else - static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, -@@ -663,72 +581,39 @@ - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, - }; --#endif --static const u32 Td4[256] = { -- 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, -- 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, -- 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, -- 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, -- 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, -- 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, -- 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, -- 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, -- 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, -- 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, -- 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, -- 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, -- 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, -- 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, -- 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, -- 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, -- 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, -- 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, -- 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, -- 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, -- 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, -- 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, -- 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, -- 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, -- 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, -- 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, -- 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, -- 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, -- 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, -- 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, -- 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, -- 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, -- 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, -- 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, -- 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, -- 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, -- 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, -- 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, -- 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, -- 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, -- 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, -- 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, -- 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, -- 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, -- 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, -- 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, -- 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, -- 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, -- 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, -- 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, -- 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, -- 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, -- 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, -- 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, -- 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, -- 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, -- 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, -- 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, -- 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, -- 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, -- 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, -- 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, -- 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, -- 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, -+static const u8 Td4[256] = { -+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, -+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, -+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, -+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, -+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, -+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, -+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, -+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, -+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, -+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, -+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, -+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, -+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, -+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, -+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, -+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, -+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, -+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, -+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, -+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, -+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, -+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, -+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, -+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, -+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, -+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, -+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, -+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, -+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, -+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, -+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, -+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, - }; - static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, -@@ -768,10 +653,10 @@ - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ -- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te4[(temp >> 24) ] & 0x000000ff) ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; -@@ -788,10 +673,10 @@ - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ -- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te4[(temp >> 24) ] & 0x000000ff) ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; -@@ -810,10 +695,10 @@ - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ -- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ -- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ -- (Te4[(temp ) & 0xff] & 0x0000ff00) ^ -- (Te4[(temp >> 24) ] & 0x000000ff) ^ -+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ -+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; -@@ -823,10 +708,10 @@ - } - temp = rk[11]; - rk[12] = rk[ 4] ^ -- (Te4[(temp >> 24) ] & 0xff000000) ^ -- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ -- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ -- (Te4[(temp ) & 0xff] & 0x000000ff); -+ (Te2[(temp >> 24) ] & 0xff000000) ^ -+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; -@@ -865,25 +750,25 @@ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - rk[0] = -- Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ -- Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ -- Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ -- Td3[Te4[(rk[0] ) & 0xff] & 0xff]; -+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[0] ) & 0xff] & 0xff]; - rk[1] = -- Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ -- Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ -- Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ -- Td3[Te4[(rk[1] ) & 0xff] & 0xff]; -+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[1] ) & 0xff] & 0xff]; - rk[2] = -- Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ -- Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ -- Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ -- Td3[Te4[(rk[2] ) & 0xff] & 0xff]; -+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[2] ) & 0xff] & 0xff]; - rk[3] = -- Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ -- Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ -- Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ -- Td3[Te4[(rk[3] ) & 0xff] & 0xff]; -+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ -+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ -+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ -+ Td3[Te1[(rk[3] ) & 0xff] & 0xff]; - } - return 0; - } -@@ -1051,31 +936,31 @@ - * map cipher state to byte array block: - */ - s0 = -- (Te4[(t0 >> 24) ] & 0xff000000) ^ -- (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te4[(t3 ) & 0xff] & 0x000000ff) ^ -+ (Te2[(t0 >> 24) ] & 0xff000000) ^ -+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); - s1 = -- (Te4[(t1 >> 24) ] & 0xff000000) ^ -- (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te4[(t0 ) & 0xff] & 0x000000ff) ^ -+ (Te2[(t1 >> 24) ] & 0xff000000) ^ -+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = -- (Te4[(t2 >> 24) ] & 0xff000000) ^ -- (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te4[(t1 ) & 0xff] & 0x000000ff) ^ -+ (Te2[(t2 >> 24) ] & 0xff000000) ^ -+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = -- (Te4[(t3 >> 24) ] & 0xff000000) ^ -- (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ -- (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ -- (Te4[(t2 ) & 0xff] & 0x000000ff) ^ -+ (Te2[(t3 >> 24) ] & 0xff000000) ^ -+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ -+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ -+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(out + 12, s3); - } -@@ -1242,31 +1127,31 @@ - * map cipher state to byte array block: - */ - s0 = -- (Td4[(t0 >> 24) ] & 0xff000000) ^ -- (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ -- (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ -- (Td4[(t1 ) & 0xff] & 0x000000ff) ^ -+ (Td4[(t0 >> 24) ] << 24) ^ -+ (Td4[(t3 >> 16) & 0xff] << 16) ^ -+ (Td4[(t2 >> 8) & 0xff] << 8) ^ -+ (Td4[(t1 ) & 0xff]) ^ - rk[0]; - PUTU32(out , s0); - s1 = -- (Td4[(t1 >> 24) ] & 0xff000000) ^ -- (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ -- (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ -- (Td4[(t2 ) & 0xff] & 0x000000ff) ^ -+ (Td4[(t1 >> 24) ] << 24) ^ -+ (Td4[(t0 >> 16) & 0xff] << 16) ^ -+ (Td4[(t3 >> 8) & 0xff] << 8) ^ -+ (Td4[(t2 ) & 0xff]) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = -- (Td4[(t2 >> 24) ] & 0xff000000) ^ -- (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ -- (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ -- (Td4[(t3 ) & 0xff] & 0x000000ff) ^ -+ (Td4[(t2 >> 24) ] << 24) ^ -+ (Td4[(t1 >> 16) & 0xff] << 16) ^ -+ (Td4[(t0 >> 8) & 0xff] << 8) ^ -+ (Td4[(t3 ) & 0xff]) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = -- (Td4[(t3 >> 24) ] & 0xff000000) ^ -- (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ -- (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ -- (Td4[(t0 ) & 0xff] & 0x000000ff) ^ -+ (Td4[(t3 >> 24) ] << 24) ^ -+ (Td4[(t2 >> 16) & 0xff] << 16) ^ -+ (Td4[(t1 >> 8) & 0xff] << 8) ^ -+ (Td4[(t0 ) & 0xff]) ^ - rk[3]; - PUTU32(out + 12, s3); - } -openssl/crypto/aes/asm/aes-586.pl 1.11 -> 1.11.2.1 - ---- openssl/crypto/aes/asm/aes-586.pl 2005/05/09 21:48:00 1.11 -+++ openssl/crypto/aes/asm/aes-586.pl 2006/06/28 09:01:40 1.11.2.1 -@@ -6,7 +6,7 @@ - # forms are granted according to the OpenSSL license. - # ==================================================================== - # --# Version 3.4. -+# Version 3.6. - # - # You might fail to appreciate this module performance from the first - # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered -@@ -66,6 +66,13 @@ - # stack. This unfortunately has rather strong impact on small block CBC - # performance, ~2x deterioration on 16-byte block if compared to 3.3. - # -+# Version 3.5 checks if there is L1 cache aliasing between user-supplied -+# key schedule and S-boxes and abstains from copying the former if -+# there is no. This allows end-user to consciously retain small block -+# performance by aligning key schedule in specific manner. -+# -+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. -+# - # Current ECB performance numbers for 128-bit key in CPU cycles per - # processed byte [measure commonly used by AES benchmarkers] are: - # -@@ -505,28 +512,27 @@ - if($i==3) { &mov ($key,&DWP(12,"esp")); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); -- &mov ($out,&DWP(2048,$td,$out,4)); -- &and ($out,0x000000ff); -+ &movz ($out,&DWP(2048,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); -- &mov ($tmp,&DWP(2048,$td,$tmp,4)); -- &and ($tmp,0x0000ff00); -+ &movz ($tmp,&DWP(2048,$td,$tmp,1)); -+ &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); -- &mov ($tmp,&DWP(2048,$td,$tmp,4)); -- &and ($tmp,0x00ff0000); -+ &movz ($tmp,&DWP(2048,$td,$tmp,1)); -+ &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); -- &mov ($tmp,&DWP(2048,$td,$tmp,4)); -- &and ($tmp,0xff000000); -+ &movz ($tmp,&DWP(2048,$td,$tmp,1)); -+ &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } -@@ -687,70 +693,38 @@ - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - #Td4: -- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5); -- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838); -- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e); -- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb); -- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282); -- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787); -- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444); -- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb); -- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232); -- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d); -- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b); -- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e); -- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666); -- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2); -- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949); -- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525); -- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464); -- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616); -- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc); -- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292); -- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050); -- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada); -- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757); -- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484); -- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000); -- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a); -- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505); -- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606); -- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f); -- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202); -- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303); -- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b); -- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141); -- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea); -- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece); -- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373); -- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222); -- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585); -- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8); -- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e); -- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171); -- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989); -- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e); -- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b); -- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b); -- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020); -- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe); -- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4); -- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333); -- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131); -- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959); -- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f); -- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9); -- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d); -- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f); -- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef); -- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d); -- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0); -- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c); -- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161); -- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e); -- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626); -- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363); -- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d); -+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); -+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); -+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); -+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); -+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); -+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); -+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); -+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); -+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); -+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); -+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); -+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); -+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); -+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); -+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); -+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); -+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); -+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); -+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); -+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); -+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); -+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); -+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); -+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); -+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); -+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); -+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); -+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); -+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); -+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); -+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); -+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - &function_end_B("_x86_AES_decrypt"); - - # void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -@@ -770,6 +744,18 @@ - &blindpop("ebp"); - &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); - -+ # prefetch Td4 -+ &lea ("ebp",&DWP(2048+128,"ebp")); -+ &mov ($s0,&DWP(0-128,"ebp")); -+ &mov ($s1,&DWP(32-128,"ebp")); -+ &mov ($s2,&DWP(64-128,"ebp")); -+ &mov ($s3,&DWP(96-128,"ebp")); -+ &mov ($s0,&DWP(128-128,"ebp")); -+ &mov ($s1,&DWP(160-128,"ebp")); -+ &mov ($s2,&DWP(192-128,"ebp")); -+ &mov ($s3,&DWP(224-128,"ebp")); -+ &lea ("ebp",&DWP(-2048-128,"ebp")); -+ - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); -@@ -805,6 +791,7 @@ - my $_tmp=&DWP(40,"esp"); #volatile variable - my $ivec=&DWP(44,"esp"); #ivec[16] - my $aes_key=&DWP(60,"esp"); #copy of aes_key -+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds - - &public_label("AES_Te"); - &public_label("AES_Td"); -@@ -865,18 +852,27 @@ - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - -+ &mov ($mark,0); # copy of aes_key->rounds = 0; - if ($compromise) { - &cmp ($s2,$compromise); - &jb (&label("skip_ecopy")); - } -- # copy key schedule to stack -- &mov ("ecx",244/4); -+ # do we copy key schedule to stack? -+ &mov ($s1 eq "ebx" ? $s1 : "",$s3); -+ &mov ($s2 eq "ecx" ? $s2 : "",244/4); -+ &sub ($s1,"ebp"); - &mov ("esi",$s3); -+ &and ($s1,0xfff); - &lea ("edi",$aes_key); -- &mov ($_key,"edi"); -+ &cmp ($s1,2048); -+ &jb (&label("do_ecopy")); -+ &cmp ($s1,4096-244); -+ &jb (&label("skip_ecopy")); - &align (4); -- &data_word(0xF689A5F3); # rep movsd -- &set_label("skip_ecopy") if ($compromise); -+ &set_label("do_ecopy"); -+ &mov ($_key,"edi"); -+ &data_word(0xA5F3F689); # rep movsd -+ &set_label("skip_ecopy"); - - &mov ($acc,$s0); - &mov ($key,16); -@@ -942,18 +938,16 @@ - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - -+ &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &mov ("esp",$_esp); -- if ($compromise) { -- &cmp (&wparam(2),$compromise); -- &jb (&label("skip_ezero")); -- } -+ &je (&label("skip_ezero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); -- &data_word(0xF689ABF3); # rep stosd -- &set_label("skip_ezero") if ($compromise); -+ &data_word(0xABF3F689); # rep stosd -+ &set_label("skip_ezero") - &popf (); - &set_label("enc_out"); - &function_end_A(); -@@ -968,7 +962,7 @@ - &cmp ($key,$acc); # compare with inp - &je (&label("enc_in_place")); - &align (4); -- &data_word(0xF689A4F3); # rep movsb # copy input -+ &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); -@@ -976,7 +970,7 @@ - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); -- &data_word(0xF689AAF3); # rep stosb # zero tail -+ &data_word(0xAAF3F689); # rep stosb # zero tail - &pop ($key); # pop ivp - - &mov ($acc,$_out); # output as input -@@ -996,10 +990,10 @@ - - # ... and make sure it doesn't alias with AES_Td modulo 4096 - &mov ($s0,"ebp"); -- &lea ($s1,&DWP(3072,"ebp")); -+ &lea ($s1,&DWP(2048+256,"ebp")); - &mov ($s3,$key); - &and ($s0,0xfff); # s = %ebp&0xfff -- &and ($s1,0xfff); # e = (%ebp+3072)&0xfff -+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); -@@ -1030,21 +1024,30 @@ - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - -+ &mov ($mark,0); # copy of aes_key->rounds = 0; - if ($compromise) { - &cmp ($s2,$compromise); - &jb (&label("skip_dcopy")); - } -- # copy key schedule to stack -- &mov ("ecx",244/4); -+ # do we copy key schedule to stack? -+ &mov ($s1 eq "ebx" ? $s1 : "",$s3); -+ &mov ($s2 eq "ecx" ? $s2 : "",244/4); -+ &sub ($s1,"ebp"); - &mov ("esi",$s3); -+ &and ($s1,0xfff); - &lea ("edi",$aes_key); -- &mov ($_key,"edi"); -+ &cmp ($s1,2048+256); -+ &jb (&label("do_dcopy")); -+ &cmp ($s1,4096-244); -+ &jb (&label("skip_dcopy")); - &align (4); -- &data_word(0xF689A5F3); # rep movsd -- &set_label("skip_dcopy") if ($compromise); -+ &set_label("do_dcopy"); -+ &mov ($_key,"edi"); -+ &data_word(0xA5F3F689); # rep movsd -+ &set_label("skip_dcopy"); - - &mov ($acc,$s0); -- &mov ($key,24); -+ &mov ($key,18); - &align (4); - &set_label("prefetch_td"); - &mov ($s0,&DWP(0,"ebp")); -@@ -1054,7 +1057,7 @@ - &lea ("ebp",&DWP(128,"ebp")); - &dec ($key); - &jnz (&label("prefetch_td")); -- &sub ("ebp",3072); -+ &sub ("ebp",2048+256); - - &cmp ($acc,$_out); - &je (&label("dec_in_place")); # in-place processing... -@@ -1121,7 +1124,7 @@ - &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); - &mov ($acc eq "esi" ? $acc : "",$key); - &mov ($key eq "edi" ? $key : "",$_out); # load out -- &data_word(0xF689A4F3); # rep movsb # copy output -+ &data_word(0xA4F3F689); # rep movsb # copy output - &mov ($key,$_inp); # use inp as temp ivp - &jmp (&label("dec_end")); - -@@ -1188,22 +1191,20 @@ - &lea ($key,&DWP(0,$key,$s2)); - &lea ($acc,&DWP(16,$acc,$s2)); - &neg ($s2 eq "ecx" ? $s2 : ""); -- &data_word(0xF689A4F3); # rep movsb # restore tail -+ &data_word(0xA4F3F689); # rep movsb # restore tail - - &align (4); - &set_label("dec_out"); -+ &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &mov ("esp",$_esp); -- if ($compromise) { -- &cmp (&wparam(2),$compromise); -- &jb (&label("skip_dzero")); -- } -+ &je (&label("skip_dzero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); -- &data_word(0xF689ABF3); # rep stosd -- &set_label("skip_dzero") if ($compromise); -+ &data_word(0xABF3F689); # rep stosd -+ &set_label("skip_dzero") - &popf (); - &function_end("AES_cbc_encrypt"); - } diff --git a/openssl-0.9.8b-block-padding.patch b/openssl-0.9.8b-block-padding.patch deleted file mode 100644 index 4dac9cd..0000000 --- a/openssl-0.9.8b-block-padding.patch +++ /dev/null @@ -1,22 +0,0 @@ -openssl/ssl/t1_enc.c 1.35.2.1 -> 1.35.2.2 - ---- openssl/ssl/t1_enc.c 2005/09/30 23:38:20 1.35.2.1 -+++ openssl/ssl/t1_enc.c 2006/05/07 12:27:48 1.35.2.2 -@@ -628,7 +628,15 @@ - { - ii=i=rec->data[l-1]; /* padding_length */ - i++; -- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) -+ /* NB: if compression is in operation the first packet -+ * may not be of even length so the padding bug check -+ * cannot be performed. This bug workaround has been -+ * around since SSLeay so hopefully it is either fixed -+ * now or no buggy implementation supports compression -+ * [steve] -+ */ -+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) -+ && !s->expand) - { - /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, - diff --git a/openssl-0.9.8b-bn-threadsafety.patch b/openssl-0.9.8b-bn-threadsafety.patch deleted file mode 100644 index acf3e49..0000000 --- a/openssl-0.9.8b-bn-threadsafety.patch +++ /dev/null @@ -1,447 +0,0 @@ ---- openssl-0.9.8b/crypto/rsa/rsa_eay.c.bn-threadsafe 2005-09-23 01:32:49.000000000 +0200 -+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2006-07-20 13:41:44.000000000 +0200 -@@ -56,7 +56,7 @@ - * [including the GNU Public Licence.] - */ - /* ==================================================================== -- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -238,40 +238,63 @@ - return(r); - } - --static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx) -+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) - { - BN_BLINDING *ret; -+ int got_write_lock = 0; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_RSA); - - if (rsa->blinding == NULL) - { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ - if (rsa->blinding == NULL) -- { -- CRYPTO_w_lock(CRYPTO_LOCK_RSA); -- if (rsa->blinding == NULL) -- rsa->blinding = RSA_setup_blinding(rsa, ctx); -- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -- } -+ rsa->blinding = RSA_setup_blinding(rsa, ctx); - } - - ret = rsa->blinding; - if (ret == NULL) -- return NULL; -+ goto err; - -- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id()) -+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) - { -- *local = 0; -+ /* rsa->blinding is ours! */ -+ -+ *local = 1; -+ } -+ else -+ { -+ /* resort to rsa->mt_blinding instead */ -+ -+ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() -+ * that the BN_BLINDING is shared, meaning that accesses -+ * require locks, and that the blinding factor must be -+ * stored outside the BN_BLINDING -+ */ -+ - if (rsa->mt_blinding == NULL) - { -- CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ if (!got_write_lock) -+ { -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); -+ CRYPTO_w_lock(CRYPTO_LOCK_RSA); -+ got_write_lock = 1; -+ } -+ - if (rsa->mt_blinding == NULL) - rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); -- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - ret = rsa->mt_blinding; - } -- else -- *local = 1; - -+ err: -+ if (got_write_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); -+ else -+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); - return ret; - } - -@@ -358,7 +381,7 @@ - - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - { -- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); - if (blinding == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); -@@ -479,7 +502,7 @@ - - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - { -- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); -+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); - if (blinding == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); ---- openssl-0.9.8b/crypto/bn/bn_mont.c.bn-threadsafe 2005-11-11 13:59:39.000000000 +0100 -+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2006-07-20 13:42:07.000000000 +0200 -@@ -55,6 +55,59 @@ - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -+/* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ - - /* - * Details about Montgomery multiplication algorithms can be found at -@@ -353,18 +406,32 @@ - BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, - const BIGNUM *mod, BN_CTX *ctx) - { -- if (*pmont) -- return *pmont; -- CRYPTO_w_lock(lock); -+ int got_write_lock = 0; -+ BN_MONT_CTX *ret; -+ -+ CRYPTO_r_lock(lock); - if (!*pmont) - { -- BN_MONT_CTX *mtmp; -- mtmp = BN_MONT_CTX_new(); -- if (mtmp && !BN_MONT_CTX_set(mtmp, mod, ctx)) -- BN_MONT_CTX_free(mtmp); -- else -- *pmont = mtmp; -+ CRYPTO_r_unlock(lock); -+ CRYPTO_w_lock(lock); -+ got_write_lock = 1; -+ -+ if (!*pmont) -+ { -+ ret = BN_MONT_CTX_new(); -+ if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) -+ BN_MONT_CTX_free(ret); -+ else -+ *pmont = ret; -+ } - } -- CRYPTO_w_unlock(lock); -- return *pmont; -+ -+ ret = *pmont; -+ -+ if (got_write_lock) -+ CRYPTO_w_unlock(lock); -+ else -+ CRYPTO_r_unlock(lock); -+ -+ return ret; - } ---- openssl-0.9.8b/crypto/err/err.c.bn-threadsafe 2006-02-08 20:16:16.000000000 +0100 -+++ openssl-0.9.8b/crypto/err/err.c 2006-07-20 13:41:44.000000000 +0200 -@@ -548,9 +548,20 @@ - int i; - static int init = 1; - -- if (!init) return; -- -+ CRYPTO_r_lock(CRYPTO_LOCK_ERR); -+ if (!init) -+ { -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); -+ return; -+ } -+ -+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - CRYPTO_w_lock(CRYPTO_LOCK_ERR); -+ if (!init) -+ { -+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); -+ return; -+ } - - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) - { ---- openssl-0.9.8b/ssl/ssl_ciph.c.bn-threadsafe 2006-04-15 02:22:34.000000000 +0200 -+++ openssl-0.9.8b/ssl/ssl_ciph.c 2006-07-20 13:41:44.000000000 +0200 -@@ -56,6 +56,59 @@ - * [including the GNU Public Licence.] - */ - /* ==================================================================== -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * -+ */ -+/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. -@@ -203,36 +256,46 @@ - - static void load_builtin_compressions(void) - { -- if (ssl_comp_methods != NULL) -- return; -+ int got_write_lock = 0; - -- CRYPTO_w_lock(CRYPTO_LOCK_SSL); -+ CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) - { -- SSL_COMP *comp = NULL; -- -- MemCheck_off(); -- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); -- if (ssl_comp_methods != NULL) -+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL); -+ CRYPTO_w_lock(CRYPTO_LOCK_SSL); -+ got_write_lock = 1; -+ -+ if (ssl_comp_methods == NULL) - { -- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); -- if (comp != NULL) -+ SSL_COMP *comp = NULL; -+ -+ MemCheck_off(); -+ ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); -+ if (ssl_comp_methods != NULL) - { -- comp->method=COMP_zlib(); -- if (comp->method -- && comp->method->type == NID_undef) -- OPENSSL_free(comp); -- else -+ comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); -+ if (comp != NULL) - { -- comp->id=SSL_COMP_ZLIB_IDX; -- comp->name=comp->method->name; -- sk_SSL_COMP_push(ssl_comp_methods,comp); -+ comp->method=COMP_zlib(); -+ if (comp->method -+ && comp->method->type == NID_undef) -+ OPENSSL_free(comp); -+ else -+ { -+ comp->id=SSL_COMP_ZLIB_IDX; -+ comp->name=comp->method->name; -+ sk_SSL_COMP_push(ssl_comp_methods,comp); -+ } - } - } -+ MemCheck_on(); - } -- MemCheck_on(); - } -- CRYPTO_w_unlock(CRYPTO_LOCK_SSL); -+ -+ if (got_write_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL); -+ else -+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - } - #endif - ---- openssl-0.9.8b/ssl/ssl_cert.c.bn-threadsafe 2006-02-24 18:58:35.000000000 +0100 -+++ openssl-0.9.8b/ssl/ssl_cert.c 2006-07-20 13:41:44.000000000 +0200 -@@ -56,7 +56,7 @@ - * [including the GNU Public Licence.] - */ - /* ==================================================================== -- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -73,12 +73,12 @@ - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact -- * openssl-core@OpenSSL.org. -+ * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written -@@ -87,7 +87,7 @@ - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -@@ -102,6 +102,11 @@ - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== -+ * -+ * This product includes cryptographic software written by Eric Young -+ * (eay@cryptsoft.com). This product includes software written by Tim -+ * Hudson (tjh@cryptsoft.com). -+ * - */ - /* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. -@@ -130,21 +135,28 @@ - int SSL_get_ex_data_X509_STORE_CTX_idx(void) - { - static volatile int ssl_x509_store_ctx_idx= -1; -+ int got_write_lock = 0; -+ -+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - - if (ssl_x509_store_ctx_idx < 0) - { -- /* any write lock will do; usually this branch -- * will only be taken once anyway */ -+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); -+ got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) - { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); - } -- -- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } -+ -+ if (got_write_lock) -+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); -+ else -+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); -+ - return ssl_x509_store_ctx_idx; - } - diff --git a/openssl-0.9.8b-cve-2006-2937.patch b/openssl-0.9.8b-cve-2006-2937.patch deleted file mode 100644 index c2b49df..0000000 --- a/openssl-0.9.8b-cve-2006-2937.patch +++ /dev/null @@ -1,25 +0,0 @@ -Dr S N Henson of the OpenSSL core team and Open Network Security -recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When -the test suite was run against OpenSSL two denial of service -vulnerabilities were discovered. - -During the parsing of certain invalid ASN1 structures an error -condition is mishandled. This can result in an infinite loop which -consumes system memory. CVE-2006-2938 - -Any code which uses OpenSSL to parse ASN1 data from untrusted sources is -affected. This includes SSL servers which enable client authentication -and S/MIME applications. - -This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier - ---- openssl-0.9.8b/crypto/asn1/tasn_dec.c.asn1-error 2006-02-19 14:45:22.000000000 +0100 -+++ openssl-0.9.8b/crypto/asn1/tasn_dec.c 2006-09-25 12:01:14.000000000 +0200 -@@ -832,6 +832,7 @@ - } - else if (ret == -1) - return -1; -+ ret = 0; - /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if ((utype == V_ASN1_SEQUENCE) - || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) diff --git a/openssl-0.9.8b-cve-2006-2940.patch b/openssl-0.9.8b-cve-2006-2940.patch deleted file mode 100644 index 47f511b..0000000 --- a/openssl-0.9.8b-cve-2006-2940.patch +++ /dev/null @@ -1,215 +0,0 @@ -Dr S N Henson of the OpenSSL core team and Open Network Security -recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When -the test suite was run against OpenSSL two denial of service -vulnerabilities were discovered. - -Certain types of public key can take disproportionate amounts of time -to process. This could be used by an attacker in a denial of service attack. -CVE-2006-2940 - -Any code which uses OpenSSL to parse ASN1 data from untrusted sources is -affected. This includes SSL servers which enable client authentication, -and S/MIME applications. - - -diff -u -r1.37.2.2 dh.h ---- crypto/dh/dh.h 9 Jan 2006 16:05:22 -0000 1.37.2.2 -+++ crypto/dh/dh.h 15 Sep 2006 13:59:47 -0000 -@@ -73,6 +73,8 @@ - #include - #endif - -+#define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+ - #define DH_FLAG_CACHE_MONT_P 0x01 - #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time -@@ -221,6 +223,7 @@ - /* Reason codes. */ - #define DH_R_BAD_GENERATOR 101 - #define DH_R_INVALID_PUBKEY 102 -+#define DH_R_MODULUS_TOO_LARGE 103 - #define DH_R_NO_PRIVATE_VALUE 100 - - #ifdef __cplusplus -diff -u -r1.11.2.2 dh_err.c ---- crypto/dh/dh_err.c 9 Jan 2006 16:05:22 -0000 1.11.2.2 -+++ crypto/dh/dh_err.c 15 Sep 2006 13:59:47 -0000 -@@ -84,6 +84,7 @@ - { - {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, - {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -+{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, - {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, - {0,NULL} - }; -diff -u -r1.24.2.3 dh_key.c ---- crypto/dh/dh_key.c 13 Mar 2006 23:12:06 -0000 1.24.2.3 -+++ crypto/dh/dh_key.c 15 Sep 2006 13:59:47 -0000 -@@ -179,6 +179,12 @@ - int ret= -1; - int check_result; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) -+ { -+ DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); -diff -u -r1.39 dsa.h ---- crypto/dsa/dsa.h 16 May 2005 01:43:30 -0000 1.39 -+++ crypto/dsa/dsa.h 15 Sep 2006 13:59:47 -0000 -@@ -84,6 +84,8 @@ - #endif - #endif - -+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -+ - #define DSA_FLAG_CACHE_MONT_P 0x01 - #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time -@@ -270,8 +272,10 @@ - #define DSA_F_SIG_CB 114 - - /* Reason codes. */ -+#define DSA_R_BAD_Q_VALUE 102 - #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - #define DSA_R_MISSING_PARAMETERS 101 -+#define DSA_R_MODULUS_TOO_LARGE 103 - - #ifdef __cplusplus - } -diff -u -r1.13 dsa_err.c ---- crypto/dsa/dsa_err.c 12 Apr 2005 16:15:12 -0000 1.13 -+++ crypto/dsa/dsa_err.c 15 Sep 2006 13:59:47 -0000 -@@ -89,8 +89,10 @@ - - static ERR_STRING_DATA DSA_str_reasons[]= - { -+{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, - {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, - {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, -+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, - {0,NULL} - }; - -diff -u -r1.24.2.1 dsa_ossl.c ---- crypto/dsa/dsa_ossl.c 26 May 2005 04:40:57 -0000 1.24.2.1 -+++ crypto/dsa/dsa_ossl.c 15 Sep 2006 13:59:47 -0000 -@@ -304,6 +304,18 @@ - return -1; - } - -+ if (BN_num_bits(dsa->q) != 160) -+ { -+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); -+ return -1; -+ } -+ -+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) -+ { -+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ - BN_init(&u1); - BN_init(&u2); - BN_init(&t1); -diff -u -r1.55.2.6 rsa.h ---- crypto/rsa/rsa.h 6 Sep 2006 06:43:25 -0000 1.55.2.6 -+++ crypto/rsa/rsa.h 15 Sep 2006 13:59:48 -0000 -@@ -159,6 +159,11 @@ - BN_BLINDING *mt_blinding; - }; - -+#define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -+ -+#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 -+#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */ -+ - #define RSA_3 0x3L - #define RSA_F4 0x10001L - -@@ -407,6 +412,7 @@ - #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 - #define RSA_R_KEY_SIZE_TOO_SMALL 120 - #define RSA_R_LAST_OCTET_INVALID 134 -+#define RSA_R_MODULUS_TOO_LARGE 105 - #define RSA_R_NO_PUBLIC_EXPONENT 140 - #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 -diff -u -r1.46.2.6 rsa_eay.c ---- crypto/rsa/rsa_eay.c 6 Sep 2006 06:43:25 -0000 1.46.2.6 -+++ crypto/rsa/rsa_eay.c 15 Sep 2006 13:59:48 -0000 -@@ -168,6 +168,28 @@ - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -+ { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ - if ((ctx=BN_CTX_new()) == NULL) goto err; - BN_CTX_start(ctx); - f = BN_CTX_get(ctx); -@@ -597,6 +619,28 @@ - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -+ { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ - if((ctx = BN_CTX_new()) == NULL) goto err; - BN_CTX_start(ctx); - f = BN_CTX_get(ctx); -diff -u -r1.17.2.5 rsa_err.c ---- crypto/rsa/rsa_err.c 6 Sep 2006 06:43:26 -0000 1.17.2.5 -+++ crypto/rsa/rsa_err.c 15 Sep 2006 13:59:48 -0000 -@@ -137,6 +137,7 @@ - {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, - {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, - {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, -+{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, - {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, - {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, diff --git a/openssl-0.9.8b-cve-2006-3738.patch b/openssl-0.9.8b-cve-2006-3738.patch deleted file mode 100644 index 1e23854..0000000 --- a/openssl-0.9.8b-cve-2006-3738.patch +++ /dev/null @@ -1,27 +0,0 @@ -Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer -overflow in SSL_get_shared_ciphers utility function, used by some -applications such as exim and mysql. An attacker could send a list of -ciphers that would overrun a buffer CVE-2006-3738 - ---- ssl/ssl_lib.c 2005-10-01 00:38:20.000000000 +0100 -+++ ssl/ssl_lib.c 2006-08-28 19:08:37.401404000 +0100 -@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL * - c=sk_SSL_CIPHER_value(sk,i); - for (cp=c->name; *cp; ) - { -- if (len-- == 0) -+ if (len-- <= 0) - { - *p='\0'; - return(buf); ---- ssl/s3_srvr.c 2005-10-01 00:38:20.000000000 +0100 -+++ ssl/s3_srvr.c 2006-08-28 19:16:39.313556000 +0100 -@@ -2017,7 +2017,7 @@ int ssl3_get_client_key_exchange(SSL *s) - - if (kssl_ctx->client_princ) - { -- int len = strlen(kssl_ctx->client_princ); -+ size_t len = strlen(kssl_ctx->client_princ); - if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) - { - s->session->krb5_client_princ_len = len; diff --git a/openssl-0.9.8b-cve-2006-4339.patch b/openssl-0.9.8b-cve-2006-4339.patch deleted file mode 100644 index 82cfbbc..0000000 --- a/openssl-0.9.8b-cve-2006-4339.patch +++ /dev/null @@ -1,77 +0,0 @@ -*) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher -(CVE-2006-4339) [Ben Laurie; Google Security Team] -openssl/crypto/rsa/rsa.h 1.55.2.4 -> 1.55.2.5 - ---- openssl/crypto/rsa/rsa.h 2006/01/09 16:05:18 1.55.2.4 -+++ openssl/crypto/rsa/rsa.h 2006/09/05 08:25:42 1.55.2.5 -@@ -412,6 +412,7 @@ - #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - #define RSA_R_OAEP_DECODING_ERROR 121 - #define RSA_R_PADDING_CHECK_FAILED 114 -+#define RSA_R_PKCS1_PADDING_TOO_SHORT 105 - #define RSA_R_P_NOT_PRIME 128 - #define RSA_R_Q_NOT_PRIME 129 - #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 - -openssl/crypto/rsa/rsa_eay.c 1.46.2.4 -> 1.46.2.5 - ---- openssl/crypto/rsa/rsa_eay.c 2006/06/14 08:51:40 1.46.2.4 -+++ openssl/crypto/rsa/rsa_eay.c 2006/09/05 08:25:42 1.46.2.5 -@@ -640,6 +640,15 @@ - { - case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); -+ /* Generally signatures should be at least 2/3 padding, though -+ this isn't possible for really short keys and some standard -+ signature schemes, so don't check if the unpadded data is -+ small. */ -+ if(r > 42 && 3*8*r >= BN_num_bits(rsa->n)) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PKCS1_PADDING_TOO_SHORT); -+ goto err; -+ } - break; - case RSA_X931_PADDING: - r=RSA_padding_check_X931(to,num,buf,i,num); - -openssl/crypto/rsa/rsa_err.c 1.17.2.3 -> 1.17.2.4 - ---- openssl/crypto/rsa/rsa_err.c 2006/01/09 16:05:18 1.17.2.3 -+++ openssl/crypto/rsa/rsa_err.c 2006/09/05 08:25:42 1.17.2.4 -@@ -142,6 +142,7 @@ - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, - {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, -+{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"}, - {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, - {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, - {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, - -openssl/crypto/rsa/rsa_sign.c 1.21 -> 1.21.2.1 - ---- openssl/crypto/rsa/rsa_sign.c 2005/04/26 22:07:17 1.21 -+++ openssl/crypto/rsa/rsa_sign.c 2006/09/05 08:25:42 1.21.2.1 -@@ -185,6 +185,23 @@ - sig=d2i_X509_SIG(NULL,&p,(long)i); - - if (sig == NULL) goto err; -+ -+ /* Excess data can be used to create forgeries */ -+ if(p != s+i) -+ { -+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -+ goto err; -+ } -+ -+ /* Parameters to the signature algorithm can also be used to -+ create forgeries */ -+ if(sig->algor->parameter -+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) -+ { -+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -+ goto err; -+ } -+ - sigtype=OBJ_obj2nid(sig->algor->algorithm); - - diff --git a/openssl-0.9.8b-cve-2006-4343.patch b/openssl-0.9.8b-cve-2006-4343.patch deleted file mode 100644 index b1aa890..0000000 --- a/openssl-0.9.8b-cve-2006-4343.patch +++ /dev/null @@ -1,17 +0,0 @@ -Tavis Ormandy and Will Drewry of the Google Security Team discovered a -possible DoS in the sslv2 client code. Where a client application uses -OpenSSL to make a SSLv2 connection to a malicious server that server -could cause the client to crash. CVE-2006-4343 - ---- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100 -+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100 -@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s) - CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); - } - -- if (s->session->peer != s->session->sess_cert->peer_key->x509) -+ if (s->session->sess_cert == NULL -+ || s->session->peer != s->session->sess_cert->peer_key->x509) - /* can't happen */ - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); diff --git a/openssl-0.9.8b-cve-2007-3108.patch b/openssl-0.9.8b-cve-2007-3108.patch deleted file mode 100644 index 9a3829a..0000000 --- a/openssl-0.9.8b-cve-2007-3108.patch +++ /dev/null @@ -1,934 +0,0 @@ -diff -up openssl-0.9.8b/crypto/rsa/rsa.h.no-branch openssl-0.9.8b/crypto/rsa/rsa.h ---- openssl-0.9.8b/crypto/rsa/rsa.h.no-branch 2007-08-03 13:58:54.000000000 +0200 -+++ openssl-0.9.8b/crypto/rsa/rsa.h 2007-08-03 13:58:58.000000000 +0200 -@@ -189,13 +189,17 @@ struct rsa_st - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ --#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA -- * implementation now uses constant time -- * modular exponentiation for secret exponents -- * by default. This flag causes the -- * faster variable sliding window method to -- * be used for all exponents. -- */ -+#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA -+ * implementation now uses constant time -+ * operations by default in private key operations, -+ * e.g., constant time modular exponentiation, -+ * modular inverse without leaking branches, -+ * division without leaking branches. This -+ * flag disables these constant time -+ * operations and results in faster RSA -+ * private key operations. -+ */ -+#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ - - #define RSA_PKCS1_PADDING 1 - #define RSA_SSLV23_PADDING 2 -diff -up openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_lib.c ---- openssl-0.9.8b/crypto/rsa/rsa_lib.c.no-branch 2005-11-25 15:26:12.000000000 +0100 -+++ openssl-0.9.8b/crypto/rsa/rsa_lib.c 2007-08-03 13:58:58.000000000 +0200 -@@ -361,7 +361,8 @@ err: - - BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) - { -- BIGNUM *e; -+ BIGNUM local_n; -+ BIGNUM *e,*n; - BN_CTX *ctx; - BN_BLINDING *ret = NULL; - -@@ -400,7 +401,16 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); - } - -- ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx, -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ /* Set BN_FLG_CONSTTIME flag */ -+ n = &local_n; -+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); -+ } -+ else -+ n = rsa->n; -+ -+ ret = BN_BLINDING_create_param(NULL, e, n, ctx, - rsa->meth->bn_mod_exp, rsa->_method_mod_n); - if (ret == NULL) - { -diff -up openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_gen.c ---- openssl-0.9.8b/crypto/rsa/rsa_gen.c.no-branch 2006-03-14 00:12:08.000000000 +0100 -+++ openssl-0.9.8b/crypto/rsa/rsa_gen.c 2007-08-03 13:58:58.000000000 +0200 -@@ -85,6 +85,8 @@ int RSA_generate_key_ex(RSA *rsa, int bi - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) - { - BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; -+ BIGNUM local_r0,local_d,local_p; -+ BIGNUM *pr0,*d,*p; - int bitsp,bitsq,ok= -1,n=0; - BN_CTX *ctx=NULL; - -@@ -165,16 +167,39 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ - if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ - if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ -- if (!BN_mod_inverse(rsa->d,rsa->e,r0,ctx)) goto err; /* d */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ pr0 = &local_r0; -+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -+ } -+ else -+ pr0 = r0; -+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ -+ -+ /* set up d for correct BN_FLG_CONSTTIME flag */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } -+ else -+ d = rsa->d; - - /* calculate d mod (p-1) */ -- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; -+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; - - /* calculate d mod (q-1) */ -- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; -+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; - - /* calculate inverse of q mod p */ -- if (!BN_mod_inverse(rsa->iqmp,rsa->q,rsa->p,ctx)) goto err; -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ p = &local_p; -+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -+ } -+ else -+ p = rsa->p; -+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; - - ok=1; - err: -diff -up openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_eay.c ---- openssl-0.9.8b/crypto/rsa/rsa_eay.c.no-branch 2007-08-03 13:58:54.000000000 +0200 -+++ openssl-0.9.8b/crypto/rsa/rsa_eay.c 2007-08-03 13:58:58.000000000 +0200 -@@ -429,11 +429,11 @@ static int RSA_eay_private_encrypt(int f - BIGNUM local_d; - BIGNUM *d = NULL; - -- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - BN_init(&local_d); - d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } - else - d = rsa->d; -@@ -551,10 +551,10 @@ static int RSA_eay_private_decrypt(int f - BIGNUM local_d; - BIGNUM *d = NULL; - -- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } - else - d = rsa->d; -@@ -724,8 +724,9 @@ err: - static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) - { - BIGNUM *r1,*m1,*vrfy; -- BIGNUM local_dmp1, local_dmq1; -- BIGNUM *dmp1, *dmq1; -+ BIGNUM local_dmp1,local_dmq1,local_c,local_r1; -+ BIGNUM *dmp1,*dmq1,*c,*pr1; -+ int bn_flags; - int ret=0; - - BN_CTX_start(ctx); -@@ -733,26 +734,72 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c - m1 = BN_CTX_get(ctx); - vrfy = BN_CTX_get(ctx); - -+ /* Make sure mod_inverse in montgomerey intialization use correct -+ * BN_FLG_CONSTTIME flag. -+ */ -+ bn_flags = rsa->p->flags; -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ rsa->p->flags |= BN_FLG_CONSTTIME; -+ } - MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); -+ /* We restore bn_flags back */ -+ rsa->p->flags = bn_flags; -+ -+ /* Make sure mod_inverse in montgomerey intialization use correct -+ * BN_FLG_CONSTTIME flag. -+ */ -+ bn_flags = rsa->q->flags; -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ rsa->q->flags |= BN_FLG_CONSTTIME; -+ } - MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); -+ /* We restore bn_flags back */ -+ rsa->q->flags = bn_flags; -+ - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); - -- if (!BN_mod(r1,I,rsa->q,ctx)) goto err; -- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) -+ /* compute I mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1,c,rsa->q,ctx)) goto err; -+ } -+ else -+ { -+ if (!BN_mod(r1,I,rsa->q,ctx)) goto err; -+ } -+ -+ /* compute r1^dmq1 mod q */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - dmq1 = &local_dmq1; -- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME); -+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); - } - else - dmq1 = rsa->dmq1; - if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, - rsa->_method_mod_q)) goto err; - -- if (!BN_mod(r1,I,rsa->p,ctx)) goto err; -- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) -+ /* compute I mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ c = &local_c; -+ BN_with_flags(c, I, BN_FLG_CONSTTIME); -+ if (!BN_mod(r1,c,rsa->p,ctx)) goto err; -+ } -+ else -+ { -+ if (!BN_mod(r1,I,rsa->p,ctx)) goto err; -+ } -+ -+ /* compute r1^dmp1 mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - dmp1 = &local_dmp1; -- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME); -+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); - } - else - dmp1 = rsa->dmp1; -@@ -766,7 +813,17 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c - if (!BN_add(r0,r0,rsa->p)) goto err; - - if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; -- if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; -+ -+ /* Turn BN_FLG_CONSTTIME flag on before division operation */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) -+ { -+ pr1 = &local_r1; -+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); -+ } -+ else -+ pr1 = r1; -+ if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; -+ - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r0 is negative above to leave the result still - * negative. This can break the private key operations: the following -@@ -799,10 +856,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c - BIGNUM local_d; - BIGNUM *d = NULL; - -- if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) - { - d = &local_d; -- BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } - else - d = rsa->d; -diff -up openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch openssl-0.9.8b/crypto/rsa/rsa_test.c ---- openssl-0.9.8b/crypto/rsa/rsa_test.c.no-branch 2005-05-16 03:43:31.000000000 +0200 -+++ openssl-0.9.8b/crypto/rsa/rsa_test.c 2007-08-03 13:58:58.000000000 +0200 -@@ -242,7 +242,7 @@ int main(int argc, char *argv[]) - clen = key3(key, ctext_ex); - break; - } -- if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME; -+ if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME; - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); -diff -up openssl-0.9.8b/crypto/bn/bn.h.no-branch openssl-0.9.8b/crypto/bn/bn.h ---- openssl-0.9.8b/crypto/bn/bn.h.no-branch 2007-08-03 13:58:54.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn.h 2007-08-03 13:58:58.000000000 +0200 -@@ -245,8 +245,15 @@ extern "C" { - - #define BN_FLG_MALLOCED 0x01 - #define BN_FLG_STATIC_DATA 0x02 --#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings -- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ -+#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, -+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, -+ * BN_div() will call BN_div_no_branch, -+ * BN_mod_inverse() will call BN_mod_inverse_no_branch. -+ */ -+#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ -+ /* avoid leaking exponent information through timings -+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ -+ - #ifndef OPENSSL_NO_DEPRECATED - #define BN_FLG_FREE 0x8000 /* used for debuging */ - #endif -@@ -534,7 +541,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_M - #define BN_BLINDING_NO_UPDATE 0x00000001 - #define BN_BLINDING_NO_RECREATE 0x00000002 - --BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); -+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); - void BN_BLINDING_free(BN_BLINDING *b); - int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); - int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -@@ -546,7 +553,7 @@ void BN_BLINDING_set_thread_id(BN_BLINDI - unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); - void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); - BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx); -diff -up openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch openssl-0.9.8b/crypto/bn/bn_mont.c ---- openssl-0.9.8b/crypto/bn/bn_mont.c.no-branch 2007-08-03 13:58:54.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn_mont.c 2007-08-03 13:58:58.000000000 +0200 -@@ -159,6 +159,7 @@ int BN_from_montgomery(BIGNUM *ret, cons - BIGNUM *n,*r; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; -+ size_t m1,m2; - - BN_CTX_start(ctx); - if ((r = BN_CTX_get(ctx)) == NULL) goto err; -@@ -176,7 +177,6 @@ int BN_from_montgomery(BIGNUM *ret, cons - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; -- if (bn_wexpand(ret,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; -@@ -228,37 +228,58 @@ int BN_from_montgomery(BIGNUM *ret, cons - } - bn_correct_top(r); - -- /* mont->ri will be a multiple of the word size */ --#if 0 -- BN_rshift(ret,r,mont->ri); --#else -+ /* mont->ri will be a multiple of the word size and below code -+ * is kind of BN_rshift(ret,r,mont->ri) equivalent */ -+ if (r->top <= ri) -+ { -+ ret->top=0; -+ retn=1; -+ goto err; -+ } -+ al=r->top-ri; -+ if (bn_wexpand(ret,ri) == NULL) goto err; -+ x=0-(((al-ri)>>(sizeof(al)*8-1))&1); -+ ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ - ret->neg = r->neg; -- x=ri; -+ - rp=ret->d; -- ap= &(r->d[x]); -- if (r->top < x) -- al=0; -- else -- al=r->top-x; -- ret->top=al; -- al-=4; -- for (i=0; id[ri]); -+ -+ v=bn_sub_words(rp,ap,np,ri); -+ /* this -----------------------^^ works even in alri) nrp=rp; else nrp=ap; */ -+ /* in other words if subtraction result is real, then -+ * trick unconditional memcpy below to perform in-place -+ * "refresh" instead of actual copy. */ -+ m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ -+ m1|=m2; /* (al!=ri) */ -+ m1|=(0-(size_t)v); /* (al!=ri || v) */ -+ m1&=~m2; /* (al!=ri || v) && !al>ri */ -+ nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); -+ -+ /* 'iN,ctx)) goto err; - if (!BN_add(t2,a,t1)) goto err; - if (!BN_rshift(ret,t2,mont->ri)) goto err; --#endif /* MONT_WORD */ - - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - if (!BN_usub(ret,ret,&(mont->N))) goto err; - } -+#endif /* MONT_WORD */ - retn=1; - bn_check_top(ret); - err: -diff -up openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch openssl-0.9.8b/crypto/bn/bn_lib.c ---- openssl-0.9.8b/crypto/bn/bn_lib.c.no-branch 2005-05-03 22:27:00.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn_lib.c 2007-08-03 13:58:58.000000000 +0200 -@@ -763,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) return 0; -- return((a->d[i]&(((BN_ULONG)1)<d[i])>>j)&((BN_ULONG)1)); - } - - int BN_mask_bits(BIGNUM *a, int n) -diff -up openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch openssl-0.9.8b/crypto/bn/bn_blind.c ---- openssl-0.9.8b/crypto/bn/bn_blind.c.no-branch 2005-05-26 06:30:48.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn_blind.c 2007-08-03 13:58:58.000000000 +0200 -@@ -131,7 +131,7 @@ struct bn_blinding_st - BN_MONT_CTX *m_ctx); - }; - --BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) -+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod) - { - BN_BLINDING *ret=NULL; - -@@ -151,7 +151,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNU - { - if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; - } -- ret->mod = mod; -+ -+ /* save a copy of mod in the BN_BLINDING structure */ -+ if ((ret->mod = BN_dup(mod)) == NULL) goto err; -+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) -+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME); -+ - ret->counter = BN_BLINDING_COUNTER; - return(ret); - err: -@@ -167,6 +172,7 @@ void BN_BLINDING_free(BN_BLINDING *r) - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - if (r->e != NULL) BN_free(r->e ); -+ if (r->mod != NULL) BN_free(r->mod); - OPENSSL_free(r); - } - -@@ -278,7 +284,7 @@ void BN_BLINDING_set_flags(BN_BLINDING * - } - - BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -+ const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, - int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx) -diff -up openssl-0.9.8b/crypto/bn/bn_div.c.no-branch openssl-0.9.8b/crypto/bn/bn_div.c ---- openssl-0.9.8b/crypto/bn/bn_div.c.no-branch 2005-08-29 01:20:43.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn_div.c 2007-08-03 13:58:58.000000000 +0200 -@@ -169,13 +169,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, cons - #endif /* OPENSSL_NO_ASM */ - - --/* BN_div computes dv := num / divisor, rounding towards zero, and sets up -- * rm such that dv*divisor + rm = num holds. -+/* BN_div[_no_branch] computes dv := num / divisor, rounding towards -+ * zero, and sets up rm such that dv*divisor + rm = num holds. - * Thus: - * dv->neg == num->neg ^ divisor->neg (unless the result is zero) - * rm->neg == num->neg (unless the remainder is zero) - * If 'dv' or 'rm' is NULL, the respective value is not returned. - */ -+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, -+ const BIGNUM *divisor, BN_CTX *ctx); - int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) - { -@@ -185,6 +187,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const - BN_ULONG d0,d1; - int num_n,div_n; - -+ if (BN_get_flags(num, BN_FLG_CONSTTIME) != 0) -+ { -+ return BN_div_no_branch(dv, rm, num, divisor, ctx); -+ } -+ - bn_check_top(dv); - bn_check_top(rm); - bn_check_top(num); -@@ -397,4 +404,229 @@ err: - return(0); - } - -+ -+/* BN_div_no_branch is a special version of BN_div. It does not contain -+ * branches that may leak sensitive information. -+ */ -+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, -+ const BIGNUM *divisor, BN_CTX *ctx) -+ { -+ int norm_shift,i,loop; -+ BIGNUM *tmp,wnum,*snum,*sdiv,*res; -+ BN_ULONG *resp,*wnump; -+ BN_ULONG d0,d1; -+ int num_n,div_n; -+ -+ bn_check_top(dv); -+ bn_check_top(rm); -+ bn_check_top(num); -+ bn_check_top(divisor); -+ -+ if (BN_is_zero(divisor)) -+ { -+ BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); -+ return(0); -+ } -+ -+ BN_CTX_start(ctx); -+ tmp=BN_CTX_get(ctx); -+ snum=BN_CTX_get(ctx); -+ sdiv=BN_CTX_get(ctx); -+ if (dv == NULL) -+ res=BN_CTX_get(ctx); -+ else res=dv; -+ if (sdiv == NULL || res == NULL) goto err; -+ -+ /* First we normalise the numbers */ -+ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); -+ if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; -+ sdiv->neg=0; -+ norm_shift+=BN_BITS2; -+ if (!(BN_lshift(snum,num,norm_shift))) goto err; -+ snum->neg=0; -+ -+ /* Since we don't know whether snum is larger than sdiv, -+ * we pad snum with enough zeroes without changing its -+ * value. -+ */ -+ if (snum->top <= sdiv->top+1) -+ { -+ if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; -+ for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; -+ snum->top = sdiv->top + 2; -+ } -+ else -+ { -+ if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; -+ snum->d[snum->top] = 0; -+ snum->top ++; -+ } -+ -+ div_n=sdiv->top; -+ num_n=snum->top; -+ loop=num_n-div_n; -+ /* Lets setup a 'window' into snum -+ * This is the part that corresponds to the current -+ * 'area' being divided */ -+ wnum.neg = 0; -+ wnum.d = &(snum->d[loop]); -+ wnum.top = div_n; -+ /* only needed when BN_ucmp messes up the values between top and max */ -+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ -+ -+ /* Get the top 2 words of sdiv */ -+ /* div_n=sdiv->top; */ -+ d0=sdiv->d[div_n-1]; -+ d1=(div_n == 1)?0:sdiv->d[div_n-2]; -+ -+ /* pointer to the 'top' of snum */ -+ wnump= &(snum->d[num_n-1]); -+ -+ /* Setup to 'res' */ -+ res->neg= (num->neg^divisor->neg); -+ if (!bn_wexpand(res,(loop+1))) goto err; -+ res->top=loop-1; -+ resp= &(res->d[loop-1]); -+ -+ /* space for temp */ -+ if (!bn_wexpand(tmp,(div_n+1))) goto err; -+ -+ /* if res->top == 0 then clear the neg value otherwise decrease -+ * the resp pointer */ -+ if (res->top == 0) -+ res->neg = 0; -+ else -+ resp--; -+ -+ for (i=0; i 0x%08X\n", -+ n0, n1, d0, q); -+#endif -+#endif -+ -+#ifndef REMAINDER_IS_ALREADY_CALCULATED -+ /* -+ * rem doesn't have to be BN_ULLONG. The least we -+ * know it's less that d0, isn't it? -+ */ -+ rem=(n1-q*d0)&BN_MASK2; -+#endif -+ t2=(BN_ULLONG)d1*q; -+ -+ for (;;) -+ { -+ if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", -+ n0, n1, d0, q); -+#endif -+#ifndef REMAINDER_IS_ALREADY_CALCULATED -+ rem=(n1-q*d0)&BN_MASK2; -+#endif -+ -+#if defined(BN_UMULT_LOHI) -+ BN_UMULT_LOHI(t2l,t2h,d1,q); -+#elif defined(BN_UMULT_HIGH) -+ t2l = d1 * q; -+ t2h = BN_UMULT_HIGH(d1,q); -+#else -+ t2l=LBITS(d1); t2h=HBITS(d1); -+ ql =LBITS(q); qh =HBITS(q); -+ mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ -+#endif -+ -+ for (;;) -+ { -+ if ((t2h < rem) || -+ ((t2h == rem) && (t2l <= wnump[-2]))) -+ break; -+ q--; -+ rem += d0; -+ if (rem < d0) break; /* don't let rem overflow */ -+ if (t2l < d1) t2h--; t2l -= d1; -+ } -+#endif /* !BN_LLONG */ -+ } -+#endif /* !BN_DIV3W */ -+ -+ l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); -+ tmp->d[div_n]=l0; -+ wnum.d--; -+ /* ingore top values of the bignums just sub the two -+ * BN_ULONG arrays with bn_sub_words */ -+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) -+ { -+ /* Note: As we have considered only the leading -+ * two BN_ULONGs in the calculation of q, sdiv * q -+ * might be greater than wnum (but then (q-1) * sdiv -+ * is less or equal than wnum) -+ */ -+ q--; -+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) -+ /* we can't have an overflow here (assuming -+ * that q != 0, but if q == 0 then tmp is -+ * zero anyway) */ -+ (*wnump)++; -+ } -+ /* store part of the result */ -+ *resp = q; -+ } -+ bn_correct_top(snum); -+ if (rm != NULL) -+ { -+ /* Keep a copy of the neg flag in num because if rm==num -+ * BN_rshift() will overwrite it. -+ */ -+ int neg = num->neg; -+ BN_rshift(rm,snum,norm_shift); -+ if (!BN_is_zero(rm)) -+ rm->neg = neg; -+ bn_check_top(rm); -+ } -+ bn_correct_top(res); -+ BN_CTX_end(ctx); -+ return(1); -+err: -+ bn_check_top(rm); -+ BN_CTX_end(ctx); -+ return(0); -+ } -+ - #endif -diff -up openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch openssl-0.9.8b/crypto/bn/bn_gcd.c ---- openssl-0.9.8b/crypto/bn/bn_gcd.c.no-branch 2005-08-29 01:20:43.000000000 +0200 -+++ openssl-0.9.8b/crypto/bn/bn_gcd.c 2007-08-03 13:58:58.000000000 +0200 -@@ -203,6 +203,8 @@ err: - - - /* solves ax == 1 (mod n) */ -+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); - BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) - { -@@ -210,6 +212,11 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, - BIGNUM *ret=NULL; - int sign; - -+ if (BN_get_flags(n, BN_FLG_CONSTTIME) != 0) -+ { -+ return BN_mod_inverse_no_branch(in, a, n, ctx); -+ } -+ - bn_check_top(a); - bn_check_top(n); - -@@ -491,3 +498,157 @@ err: - bn_check_top(ret); - return(ret); - } -+ -+ -+/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. -+ * It does not contain branches that may leak sensitive information. -+ */ -+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, -+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -+ { -+ BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; -+ BIGNUM local_A, local_B; -+ BIGNUM *pA, *pB; -+ BIGNUM *ret=NULL; -+ int sign; -+ -+ bn_check_top(a); -+ bn_check_top(n); -+ -+ BN_CTX_start(ctx); -+ A = BN_CTX_get(ctx); -+ B = BN_CTX_get(ctx); -+ X = BN_CTX_get(ctx); -+ D = BN_CTX_get(ctx); -+ M = BN_CTX_get(ctx); -+ Y = BN_CTX_get(ctx); -+ T = BN_CTX_get(ctx); -+ if (T == NULL) goto err; -+ -+ if (in == NULL) -+ R=BN_new(); -+ else -+ R=in; -+ if (R == NULL) goto err; -+ -+ BN_one(X); -+ BN_zero(Y); -+ if (BN_copy(B,a) == NULL) goto err; -+ if (BN_copy(A,n) == NULL) goto err; -+ A->neg = 0; -+ -+ if (B->neg || (BN_ucmp(B, A) >= 0)) -+ { -+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -+ * BN_div_no_branch will be called eventually. -+ */ -+ pB = &local_B; -+ BN_with_flags(pB, B, BN_FLG_CONSTTIME); -+ if (!BN_nnmod(B, pB, A, ctx)) goto err; -+ } -+ sign = -1; -+ /* From B = a mod |n|, A = |n| it follows that -+ * -+ * 0 <= B < A, -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ */ -+ -+ while (!BN_is_zero(B)) -+ { -+ BIGNUM *tmp; -+ -+ /* -+ * 0 < B < A, -+ * (*) -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|) -+ */ -+ -+ /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, -+ * BN_div_no_branch will be called eventually. -+ */ -+ pA = &local_A; -+ BN_with_flags(pA, A, BN_FLG_CONSTTIME); -+ -+ /* (D, M) := (A/B, A%B) ... */ -+ if (!BN_div(D,M,pA,B,ctx)) goto err; -+ -+ /* Now -+ * A = D*B + M; -+ * thus we have -+ * (**) sign*Y*a == D*B + M (mod |n|). -+ */ -+ -+ tmp=A; /* keep the BIGNUM object, the value does not matter */ -+ -+ /* (A, B) := (B, A mod B) ... */ -+ A=B; -+ B=M; -+ /* ... so we have 0 <= B < A again */ -+ -+ /* Since the former M is now B and the former B is now A, -+ * (**) translates into -+ * sign*Y*a == D*A + B (mod |n|), -+ * i.e. -+ * sign*Y*a - D*A == B (mod |n|). -+ * Similarly, (*) translates into -+ * -sign*X*a == A (mod |n|). -+ * -+ * Thus, -+ * sign*Y*a + D*sign*X*a == B (mod |n|), -+ * i.e. -+ * sign*(Y + D*X)*a == B (mod |n|). -+ * -+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at -+ * -sign*X*a == B (mod |n|), -+ * sign*Y*a == A (mod |n|). -+ * Note that X and Y stay non-negative all the time. -+ */ -+ -+ if (!BN_mul(tmp,D,X,ctx)) goto err; -+ if (!BN_add(tmp,tmp,Y)) goto err; -+ -+ M=Y; /* keep the BIGNUM object, the value does not matter */ -+ Y=X; -+ X=tmp; -+ sign = -sign; -+ } -+ -+ /* -+ * The while loop (Euclid's algorithm) ends when -+ * A == gcd(a,n); -+ * we have -+ * sign*Y*a == A (mod |n|), -+ * where Y is non-negative. -+ */ -+ -+ if (sign < 0) -+ { -+ if (!BN_sub(Y,n,Y)) goto err; -+ } -+ /* Now Y*a == A (mod |n|). */ -+ -+ if (BN_is_one(A)) -+ { -+ /* Y*a == 1 (mod |n|) */ -+ if (!Y->neg && BN_ucmp(Y,n) < 0) -+ { -+ if (!BN_copy(R,Y)) goto err; -+ } -+ else -+ { -+ if (!BN_nnmod(R,Y,n,ctx)) goto err; -+ } -+ } -+ else -+ { -+ BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); -+ goto err; -+ } -+ ret=R; -+err: -+ if ((ret == NULL) && (in == NULL)) BN_free(R); -+ BN_CTX_end(ctx); -+ bn_check_top(ret); -+ return(ret); -+ } diff --git a/openssl-0.9.8b-cve-2007-4995.patch b/openssl-0.9.8b-cve-2007-4995.patch deleted file mode 100644 index 1dd4baf..0000000 --- a/openssl-0.9.8b-cve-2007-4995.patch +++ /dev/null @@ -1,1429 +0,0 @@ -Fix DTLS implementation to be RFC 4347 compliant. This makes the new client -incompatible with the old openssl DTLS servers. However the older openssl client -will still be able to connect to the new server code. This change also -resolves buffer overrun when out-of-order fragments are received during -the handshake. -CVE-2007-4995 -diff -up openssl-0.9.8b/ssl/dtls1.h.dtls-fixes openssl-0.9.8b/ssl/dtls1.h ---- openssl-0.9.8b/ssl/dtls1.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 -+++ openssl-0.9.8b/ssl/dtls1.h 2007-10-08 17:55:22.000000000 +0200 -@@ -67,9 +67,8 @@ - extern "C" { - #endif - --#define DTLS1_VERSION 0x0100 --#define DTLS1_VERSION_MAJOR 0x01 --#define DTLS1_VERSION_MINOR 0x00 -+#define DTLS1_VERSION 0xFEFF -+#define DTLS1_BAD_VER 0x0100 - - #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 - -@@ -83,7 +82,7 @@ extern "C" { - #define DTLS1_HM_BAD_FRAGMENT -2 - #define DTLS1_HM_FRAGMENT_RETRY -3 - --#define DTLS1_CCS_HEADER_LENGTH 3 -+#define DTLS1_CCS_HEADER_LENGTH 1 - - #define DTLS1_AL_HEADER_LENGTH 7 - -diff -up openssl-0.9.8b/ssl/d1_lib.c.dtls-fixes openssl-0.9.8b/ssl/d1_lib.c ---- openssl-0.9.8b/ssl/d1_lib.c.dtls-fixes 2005-08-08 21:26:35.000000000 +0200 -+++ openssl-0.9.8b/ssl/d1_lib.c 2007-10-08 17:55:22.000000000 +0200 -@@ -188,3 +188,23 @@ void dtls1_clear(SSL *s) - ssl3_clear(s); - s->version=DTLS1_VERSION; - } -+ -+/* -+ * As it's impossible to use stream ciphers in "datagram" mode, this -+ * simple filter is designed to disengage them in DTLS. Unfortunately -+ * there is no universal way to identify stream SSL_CIPHER, so we have -+ * to explicitly list their SSL_* codes. Currently RC4 is the only one -+ * available, but if new ones emerge, they will have to be added... -+ */ -+SSL_CIPHER *dtls1_get_cipher(unsigned int u) -+ { -+ SSL_CIPHER *ciph = ssl3_get_cipher(u); -+ -+ if (ciph != NULL) -+ { -+ if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) -+ return NULL; -+ } -+ -+ return ciph; -+ } -diff -up openssl-0.9.8b/ssl/d1_srvr.c.dtls-fixes openssl-0.9.8b/ssl/d1_srvr.c ---- openssl-0.9.8b/ssl/d1_srvr.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 -+++ openssl-0.9.8b/ssl/d1_srvr.c 2007-10-10 14:21:49.000000000 +0200 -@@ -285,6 +285,10 @@ int dtls1_accept(SSL *s) - s->d1->send_cookie = 0; - s->state=SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; -+ -+ /* HelloVerifyRequests resets Finished MAC */ -+ if (s->client_version != DTLS1_BAD_VER) -+ ssl3_init_finished_mac(s); - break; - - case SSL3_ST_SW_SRVR_HELLO_A: -@@ -620,10 +624,13 @@ int dtls1_send_hello_verify_request(SSL - buf = (unsigned char *)s->init_buf->data; - - msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); -- *(p++) = s->version >> 8; -- *(p++) = s->version & 0xFF; -+ if (s->client_version == DTLS1_BAD_VER) -+ *(p++) = DTLS1_BAD_VER>>8, -+ *(p++) = DTLS1_BAD_VER&0xff; -+ else -+ *(p++) = s->version >> 8, -+ *(p++) = s->version & 0xFF; - -- *(p++) = (unsigned char) s->d1->cookie_len; - if ( s->ctx->app_gen_cookie_cb != NULL && - s->ctx->app_gen_cookie_cb(s, s->d1->cookie, - &(s->d1->cookie_len)) == 0) -@@ -634,6 +641,7 @@ int dtls1_send_hello_verify_request(SSL - /* else the cookie is assumed to have - * been initialized by the application */ - -+ *(p++) = (unsigned char) s->d1->cookie_len; - memcpy(p, s->d1->cookie, s->d1->cookie_len); - p += s->d1->cookie_len; - msg_len = p - msg; -@@ -672,8 +680,12 @@ int dtls1_send_server_hello(SSL *s) - /* Do the message type and length last */ - d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); - -- *(p++)=s->version>>8; -- *(p++)=s->version&0xff; -+ if (s->client_version == DTLS1_BAD_VER) -+ *(p++)=DTLS1_BAD_VER>>8, -+ *(p++)=DTLS1_BAD_VER&0xff; -+ else -+ *(p++)=s->version>>8, -+ *(p++)=s->version&0xff; - - /* Random stuff */ - memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); -@@ -1009,6 +1021,7 @@ int dtls1_send_certificate_request(SSL * - STACK_OF(X509_NAME) *sk=NULL; - X509_NAME *name; - BUF_MEM *buf; -+ unsigned int msg_len; - - if (s->state == SSL3_ST_SW_CERT_REQ_A) - { -@@ -1086,6 +1099,10 @@ int dtls1_send_certificate_request(SSL * - #endif - - /* XDTLS: set message header ? */ -+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; -+ dtls1_set_message_header(s, (void *)s->init_buf->data, -+ SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); -+ - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); - -diff -up openssl-0.9.8b/ssl/s3_srvr.c.dtls-fixes openssl-0.9.8b/ssl/s3_srvr.c ---- openssl-0.9.8b/ssl/s3_srvr.c.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 -+++ openssl-0.9.8b/ssl/s3_srvr.c 2007-10-08 17:55:22.000000000 +0200 -@@ -679,9 +679,9 @@ int ssl3_get_client_hello(SSL *s) - */ - if (s->state == SSL3_ST_SR_CLNT_HELLO_A) - { -- s->first_packet=1; - s->state=SSL3_ST_SR_CLNT_HELLO_B; - } -+ s->first_packet=1; - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CLNT_HELLO_B, - SSL3_ST_SR_CLNT_HELLO_C, -@@ -690,6 +690,7 @@ int ssl3_get_client_hello(SSL *s) - &ok); - - if (!ok) return((int)n); -+ s->first_packet=0; - d=p=(unsigned char *)s->init_msg; - - /* use version from inside client hello, not from record header -@@ -697,7 +698,8 @@ int ssl3_get_client_hello(SSL *s) - s->client_version=(((int)p[0])<<8)|(int)p[1]; - p+=2; - -- if (s->client_version < s->version) -+ if ((s->version == DTLS1_VERSION && s->client_version > s->version) || -+ (s->version != DTLS1_VERSION && s->client_version < s->version)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) -@@ -748,7 +750,7 @@ int ssl3_get_client_hello(SSL *s) - - p+=j; - -- if (SSL_version(s) == DTLS1_VERSION) -+ if (s->version == DTLS1_VERSION) - { - /* cookie stuff */ - cookie_len = *(p++); -@@ -1709,8 +1711,9 @@ int ssl3_get_client_key_exchange(SSL *s) - rsa=pkey->pkey.rsa; - } - -- /* TLS */ -- if (s->version > SSL3_VERSION) -+ /* TLS and [incidentally] DTLS, including pre-0.9.8f */ -+ if (s->version > SSL3_VERSION && -+ s->client_version != DTLS1_BAD_VER) - { - n2s(p,i); - if (n != i+2) -diff -up openssl-0.9.8b/ssl/ssl_locl.h.dtls-fixes openssl-0.9.8b/ssl/ssl_locl.h ---- openssl-0.9.8b/ssl/ssl_locl.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 -+++ openssl-0.9.8b/ssl/ssl_locl.h 2007-10-08 17:55:22.000000000 +0200 -@@ -677,7 +677,7 @@ SSL_METHOD *func_name(void) \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ -- ssl3_get_cipher, \ -+ dtls1_get_cipher, \ - s_get_meth, \ - dtls1_default_timeout, \ - &DTLSv1_enc_data, \ -@@ -842,6 +842,8 @@ void dtls1_get_message_header(unsigned c - void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); - void dtls1_reset_seq_numbers(SSL *s, int rw); - long dtls1_default_timeout(void); -+SSL_CIPHER *dtls1_get_cipher(unsigned int u); -+ - - - /* some client-only functions */ -diff -up openssl-0.9.8b/ssl/t1_enc.c.dtls-fixes openssl-0.9.8b/ssl/t1_enc.c ---- openssl-0.9.8b/ssl/t1_enc.c.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 -+++ openssl-0.9.8b/ssl/t1_enc.c 2007-10-10 14:24:52.000000000 +0200 -@@ -737,15 +737,35 @@ int tls1_mac(SSL *ssl, unsigned char *md - md_size=EVP_MD_size(hash); - - buf[0]=rec->type; -- buf[1]=TLS1_VERSION_MAJOR; -- buf[2]=TLS1_VERSION_MINOR; -+ if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) -+ { -+ buf[1]=TLS1_VERSION_MAJOR; -+ buf[2]=TLS1_VERSION_MINOR; -+ } -+ else { -+ buf[1]=(unsigned char)(ssl->version>>8); -+ buf[2]=(unsigned char)(ssl->version); -+ } -+ - buf[3]=rec->length>>8; - buf[4]=rec->length&0xff; - - /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ - HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); -- HMAC_Update(&hmac,seq,8); -+ -+ if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) -+ { -+ unsigned char dtlsseq[8],*p=dtlsseq; -+ -+ s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); -+ memcpy (p,&seq[2],6); -+ -+ HMAC_Update(&hmac,dtlsseq,8); -+ } -+ else -+ HMAC_Update(&hmac,seq,8); -+ - HMAC_Update(&hmac,buf,5); - HMAC_Update(&hmac,rec->input,rec->length); - HMAC_Final(&hmac,md,&md_size); -@@ -762,8 +782,8 @@ printf("rec="); - {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } - #endif - -- if ( SSL_version(ssl) != DTLS1_VERSION) -- { -+ if ( SSL_version(ssl) != DTLS1_VERSION) -+ { - for (i=7; i>=0; i--) - { - ++seq[i]; -diff -up openssl-0.9.8b/ssl/ssl.h.dtls-fixes openssl-0.9.8b/ssl/ssl.h ---- openssl-0.9.8b/ssl/ssl.h.dtls-fixes 2007-10-08 17:55:22.000000000 +0200 -+++ openssl-0.9.8b/ssl/ssl.h 2007-10-08 17:55:22.000000000 +0200 -@@ -315,7 +315,7 @@ extern "C" { - /* The following cipher list is used by default. - * It also is substituted when an application-defined cipher list string - * starts with 'DEFAULT'. */ --#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ -+#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ - - /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ - #define SSL_SENT_SHUTDOWN 1 -@@ -1551,6 +1551,7 @@ void ERR_load_SSL_strings(void); - #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 - #define SSL_F_DTLS1_GET_RECORD 254 - #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 -+#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 - #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 - #define SSL_F_DTLS1_PROCESS_RECORD 257 - #define SSL_F_DTLS1_READ_BYTES 258 -diff -up openssl-0.9.8b/ssl/d1_pkt.c.dtls-fixes openssl-0.9.8b/ssl/d1_pkt.c ---- openssl-0.9.8b/ssl/d1_pkt.c.dtls-fixes 2006-02-08 20:16:32.000000000 +0100 -+++ openssl-0.9.8b/ssl/d1_pkt.c 2007-10-08 17:55:22.000000000 +0200 -@@ -120,6 +120,7 @@ - #include - #include - #include -+#include - - static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, - int len, int peek); -@@ -486,9 +487,9 @@ int dtls1_get_record(SSL *s) - SSL3_RECORD *rr; - SSL_SESSION *sess; - unsigned char *p; -- short version; -+ unsigned short version; - DTLS1_BITMAP *bitmap; -- unsigned int is_next_epoch; -+ unsigned int is_next_epoch; - - rr= &(s->s3->rrec); - sess=s->session; -@@ -524,7 +525,7 @@ again: - ssl_minor= *(p++); - version=(ssl_major<<8)|ssl_minor; - -- /* sequence number is 64 bits, with top 2 bytes = epoch */ -+ /* sequence number is 64 bits, with top 2 bytes = epoch */ - n2s(p,rr->epoch); - - memcpy(&(s->s3->read_sequence[2]), p, 6); -@@ -533,13 +534,9 @@ again: - n2s(p,rr->length); - - /* Lets check version */ -- if (s->first_packet) -+ if (!s->first_packet) - { -- s->first_packet=0; -- } -- else -- { -- if (version != s->version) -+ if (version != s->version && version != DTLS1_BAD_VER) - { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their -@@ -550,7 +547,8 @@ again: - } - } - -- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00)) -+ if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && -+ (version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) - { - SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto err; -@@ -796,8 +794,14 @@ start: - dest = s->d1->alert_fragment; - dest_len = &s->d1->alert_fragment_len; - } -- else /* else it's a CCS message */ -- OPENSSL_assert(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC); -+ /* else it's a CCS message, or it's wrong */ -+ else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) -+ { -+ /* Not certain if this is the right error handling */ -+ al=SSL_AD_UNEXPECTED_MESSAGE; -+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); -+ goto f_err; -+ } - - - if (dest_maxlen > 0) -@@ -971,47 +975,40 @@ start: - } - - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) -- { -- struct ccs_header_st ccs_hdr; -+ { -+ struct ccs_header_st ccs_hdr; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - -- if ( ccs_hdr.seq == s->d1->handshake_read_seq) -+ /* 'Change Cipher Spec' is just a single byte, so we know -+ * exactly what the record payload has to look like */ -+ /* XDTLS: check that epoch is consistent */ -+ if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || -+ (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || -+ (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) - { -- /* 'Change Cipher Spec' is just a single byte, so we know -- * exactly what the record payload has to look like */ -- /* XDTLS: check that epoch is consistent */ -- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) || -- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) -- { -- i=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); -- goto err; -- } -- -- rr->length=0; -- -- if (s->msg_callback) -- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, -- rr->data, 1, s, s->msg_callback_arg); -- -- s->s3->change_cipher_spec=1; -- if (!ssl3_do_change_cipher_spec(s)) -- goto err; -- -- /* do this whenever CCS is processed */ -- dtls1_reset_seq_numbers(s, SSL3_CC_READ); -- -- /* handshake read seq is reset upon handshake completion */ -- s->d1->handshake_read_seq++; -- -- goto start; -- } -- else -- { -- rr->length = 0; -- goto start; -+ i=SSL_AD_ILLEGAL_PARAMETER; -+ SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); -+ goto err; - } -+ -+ rr->length=0; -+ -+ if (s->msg_callback) -+ s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, -+ rr->data, 1, s, s->msg_callback_arg); -+ -+ s->s3->change_cipher_spec=1; -+ if (!ssl3_do_change_cipher_spec(s)) -+ goto err; -+ -+ /* do this whenever CCS is processed */ -+ dtls1_reset_seq_numbers(s, SSL3_CC_READ); -+ -+ /* handshake read seq is reset upon handshake completion */ -+ s->d1->handshake_read_seq++; -+ -+ goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ -@@ -1339,8 +1336,12 @@ int do_dtls1_write(SSL *s, int type, con - *(p++)=type&0xff; - wr->type=type; - -- *(p++)=(s->version>>8); -- *(p++)=s->version&0xff; -+ if (s->client_version == DTLS1_BAD_VER) -+ *(p++) = DTLS1_BAD_VER>>8, -+ *(p++) = DTLS1_BAD_VER&0xff; -+ else -+ *(p++)=(s->version>>8), -+ *(p++)=s->version&0xff; - - /* field where we are to write out packet epoch, seq num and len */ - pseq=p; -@@ -1395,8 +1396,14 @@ int do_dtls1_write(SSL *s, int type, con - - - /* ssl3_enc can only have an error on read */ -- wr->length += bs; /* bs != 0 in case of CBC. The enc fn provides -- * the randomness */ -+ if (bs) /* bs != 0 in case of CBC */ -+ { -+ RAND_pseudo_bytes(p,bs); -+ /* master IV and last CBC residue stand for -+ * the rest of randomness */ -+ wr->length += bs; -+ } -+ - s->method->ssl3_enc->enc(s,1); - - /* record length after mac and block padding */ -diff -up openssl-0.9.8b/ssl/ssl_err.c.dtls-fixes openssl-0.9.8b/ssl/ssl_err.c ---- openssl-0.9.8b/ssl/ssl_err.c.dtls-fixes 2006-01-08 22:52:46.000000000 +0100 -+++ openssl-0.9.8b/ssl/ssl_err.c 2007-10-08 17:55:22.000000000 +0200 -@@ -87,6 +87,7 @@ static ERR_STRING_DATA SSL_str_functs[]= - {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, - {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, - {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, -+{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, - {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, - {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, -diff -up openssl-0.9.8b/ssl/s3_pkt.c.dtls-fixes openssl-0.9.8b/ssl/s3_pkt.c ---- openssl-0.9.8b/ssl/s3_pkt.c.dtls-fixes 2005-10-01 01:38:20.000000000 +0200 -+++ openssl-0.9.8b/ssl/s3_pkt.c 2007-10-08 17:55:22.000000000 +0200 -@@ -277,11 +277,7 @@ again: - n2s(p,rr->length); - - /* Lets check version */ -- if (s->first_packet) -- { -- s->first_packet=0; -- } -- else -+ if (!s->first_packet) - { - if (version != s->version) - { -diff -up openssl-0.9.8b/ssl/s23_srvr.c.dtls-fixes openssl-0.9.8b/ssl/s23_srvr.c ---- openssl-0.9.8b/ssl/s23_srvr.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 -+++ openssl-0.9.8b/ssl/s23_srvr.c 2007-10-08 17:55:22.000000000 +0200 -@@ -565,7 +565,6 @@ int ssl23_get_client_hello(SSL *s) - s->init_num=0; - - if (buf != buf_space) OPENSSL_free(buf); -- s->first_packet=1; - return(SSL_accept(s)); - err: - if (buf != buf_space) OPENSSL_free(buf); -diff -up openssl-0.9.8b/ssl/s23_clnt.c.dtls-fixes openssl-0.9.8b/ssl/s23_clnt.c ---- openssl-0.9.8b/ssl/s23_clnt.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 -+++ openssl-0.9.8b/ssl/s23_clnt.c 2007-10-08 17:55:22.000000000 +0200 -@@ -574,7 +574,6 @@ static int ssl23_get_server_hello(SSL *s - if (!ssl_get_new_session(s,0)) - goto err; - -- s->first_packet=1; - return(SSL_connect(s)); - err: - return(-1); -diff -up openssl-0.9.8b/ssl/s3_lib.c.dtls-fixes openssl-0.9.8b/ssl/s3_lib.c ---- openssl-0.9.8b/ssl/s3_lib.c.dtls-fixes 2006-01-15 08:14:38.000000000 +0100 -+++ openssl-0.9.8b/ssl/s3_lib.c 2007-10-08 17:55:22.000000000 +0200 -@@ -903,7 +903,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - }, - - #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES -- /* New TLS Export CipherSuites */ -+ /* New TLS Export CipherSuites from expired ID */ -+#if 0 - /* Cipher 60 */ - { - 1, -@@ -930,6 +931,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - /* Cipher 62 */ - { - 1, -diff -up openssl-0.9.8b/ssl/s2_lib.c.dtls-fixes openssl-0.9.8b/ssl/s2_lib.c ---- openssl-0.9.8b/ssl/s2_lib.c.dtls-fixes 2005-08-27 14:05:23.000000000 +0200 -+++ openssl-0.9.8b/ssl/s2_lib.c 2007-10-08 17:55:22.000000000 +0200 -@@ -178,7 +178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[] - SSL_ALL_STRENGTHS, - }, - /* RC4_64_WITH_MD5 */ --#if 1 -+#if 0 - { - 1, - SSL2_TXT_RC4_64_WITH_MD5, -diff -up openssl-0.9.8b/ssl/d1_both.c.dtls-fixes openssl-0.9.8b/ssl/d1_both.c ---- openssl-0.9.8b/ssl/d1_both.c.dtls-fixes 2005-08-29 01:20:52.000000000 +0200 -+++ openssl-0.9.8b/ssl/d1_both.c 2007-10-08 17:55:22.000000000 +0200 -@@ -138,38 +138,40 @@ static void dtls1_set_message_header_int - unsigned long frag_len); - static int dtls1_retransmit_buffered_messages(SSL *s); - static long dtls1_get_message_fragment(SSL *s, int st1, int stn, -- long max, int *ok); --static void dtls1_process_handshake_fragment(SSL *s, int frag_len); -+ long max, int *ok); - - static hm_fragment * - dtls1_hm_fragment_new(unsigned long frag_len) -- { -- hm_fragment *frag = NULL; -- unsigned char *buf = NULL; -+ { -+ hm_fragment *frag = NULL; -+ unsigned char *buf = NULL; - -- frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); -- if ( frag == NULL) -- return NULL; -+ frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); -+ if ( frag == NULL) -+ return NULL; - -- buf = (unsigned char *)OPENSSL_malloc(frag_len -- + DTLS1_HM_HEADER_LENGTH); -- if ( buf == NULL) -- { -- OPENSSL_free(frag); -- return NULL; -- } -- -- frag->fragment = buf; -+ if (frag_len) -+ { -+ buf = (unsigned char *)OPENSSL_malloc(frag_len); -+ if ( buf == NULL) -+ { -+ OPENSSL_free(frag); -+ return NULL; -+ } -+ } - -- return frag; -- } -+ /* zero length fragment gets zero frag->fragment */ -+ frag->fragment = buf; -+ -+ return frag; -+ } - - static void - dtls1_hm_fragment_free(hm_fragment *frag) -- { -- OPENSSL_free(frag->fragment); -- OPENSSL_free(frag); -- } -+ { -+ if (frag->fragment) OPENSSL_free(frag->fragment); -+ OPENSSL_free(frag); -+ } - - /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ - int dtls1_do_write(SSL *s, int type) -@@ -180,7 +182,7 @@ int dtls1_do_write(SSL *s, int type) - - /* AHA! Figure out the MTU, and stick to the right size */ - if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) -- { -+ { - s->d1->mtu = - BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); - -@@ -207,7 +209,7 @@ int dtls1_do_write(SSL *s, int type) - mtu = curr_mtu; - else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0) - return ret; -- -+ - if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) - { - ret = BIO_flush(SSL_get_wbio(s)); -@@ -254,11 +256,11 @@ int dtls1_do_write(SSL *s, int type) - s->init_off -= DTLS1_HM_HEADER_LENGTH; - s->init_num += DTLS1_HM_HEADER_LENGTH; - -- /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ -+ /* write atleast DTLS1_HM_HEADER_LENGTH bytes */ - if ( len <= DTLS1_HM_HEADER_LENGTH) - len += DTLS1_HM_HEADER_LENGTH; - } -- -+ - dtls1_fix_message_header(s, frag_off, - len - DTLS1_HM_HEADER_LENGTH); - -@@ -286,18 +288,40 @@ int dtls1_do_write(SSL *s, int type) - } - else - { -- -+ - /* bad if this assert fails, only part of the handshake - * message got sent. but why would this happen? */ -- OPENSSL_assert(len == (unsigned int)ret); -- -+ OPENSSL_assert(len == (unsigned int)ret); -+ - if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting) -+ { - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ -- ssl3_finish_mac(s, -- (unsigned char *)&s->init_buf->data[s->init_off + -- DTLS1_HM_HEADER_LENGTH], ret - DTLS1_HM_HEADER_LENGTH); -- -+ unsigned char *p = &s->init_buf->data[s->init_off]; -+ const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; -+ int len; -+ -+ if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) -+ { -+ /* reconstruct message header is if it -+ * is being sent in single fragment */ -+ *p++ = msg_hdr->type; -+ l2n3(msg_hdr->msg_len,p); -+ s2n (msg_hdr->seq,p); -+ l2n3(0,p); -+ l2n3(msg_hdr->msg_len,p); -+ p -= DTLS1_HM_HEADER_LENGTH; -+ len = ret; -+ } -+ else -+ { -+ p += DTLS1_HM_HEADER_LENGTH; -+ len = ret - DTLS1_HM_HEADER_LENGTH; -+ } -+ -+ ssl3_finish_mac(s, p, len); -+ } -+ - if (ret == s->init_num) - { - if (s->msg_callback) -@@ -307,7 +331,7 @@ int dtls1_do_write(SSL *s, int type) - - s->init_off = 0; /* done writing this message */ - s->init_num = 0; -- -+ - return(1); - } - s->init_off+=ret; -@@ -327,6 +351,7 @@ int dtls1_do_write(SSL *s, int type) - long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - int i, al; -+ struct hm_header_st *msg_hdr; - - /* s3->tmp is used to store messages that are unexpected, caused - * by the absence of an optional handshake message */ -@@ -344,25 +369,56 @@ long dtls1_get_message(SSL *s, int st1, - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } -- -+ -+ msg_hdr = &s->d1->r_msg_hdr; - do - { -- if ( s->d1->r_msg_hdr.frag_off == 0) -+ if ( msg_hdr->frag_off == 0) - { - /* s->d1->r_message_header.msg_len = 0; */ -- memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st)); -+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - } - - i = dtls1_get_message_fragment(s, st1, stn, max, ok); - if ( i == DTLS1_HM_BAD_FRAGMENT || -- i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ -+ i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ - continue; - else if ( i <= 0 && !*ok) - return i; - -- if (s->d1->r_msg_hdr.msg_len == (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) -+ /* Note that s->init_sum is used as a counter summing -+ * up fragments' lengths: as soon as they sum up to -+ * handshake packet length, we assume we have got all -+ * the fragments. Overlapping fragments would cause -+ * premature termination, so we don't expect overlaps. -+ * Well, handling overlaps would require something more -+ * drastic. Indeed, as it is now there is no way to -+ * tell if out-of-order fragment from the middle was -+ * the last. '>=' is the best/least we can do to control -+ * the potential damage caused by malformed overlaps. */ -+ if ((unsigned int)s->init_num >= msg_hdr->msg_len) - { -- memset(&(s->d1->r_msg_hdr), 0x00, sizeof(struct hm_header_st)); -+ unsigned char *p = s->init_buf->data; -+ unsigned long msg_len = msg_hdr->msg_len; -+ -+ /* reconstruct message header as if it was -+ * sent in single fragment */ -+ *(p++) = msg_hdr->type; -+ l2n3(msg_len,p); -+ s2n (msg_hdr->seq,p); -+ l2n3(0,p); -+ l2n3(msg_len,p); -+ if (s->client_version != DTLS1_BAD_VER) -+ p -= DTLS1_HM_HEADER_LENGTH, -+ msg_len += DTLS1_HM_HEADER_LENGTH; -+ -+ ssl3_finish_mac(s, p, msg_len); -+ if (s->msg_callback) -+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, -+ p, msg_len, -+ s, s->msg_callback_arg); -+ -+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - - s->d1->handshake_read_seq++; - /* we just read a handshake message from the other side: -@@ -379,11 +435,11 @@ long dtls1_get_message(SSL *s, int st1, - * first data segment, but is there a better way? */ - dtls1_clear_record_buffer(s); - -- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; -- return s->init_num - DTLS1_HM_HEADER_LENGTH; -+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; -+ return s->init_num; - } - else -- s->d1->r_msg_hdr.frag_off = i; -+ msg_hdr->frag_off = i; - } while(1) ; - - f_err: -@@ -393,161 +449,183 @@ f_err: - } - - --static int --dtls1_retrieve_buffered_fragment(SSL *s, unsigned long *copied) -- { -- /* (0) check whether the desired fragment is available -- * if so: -- * (1) copy over the fragment to s->init_buf->data[] -- * (2) update s->init_num -- */ -- pitem *item; -- hm_fragment *frag; -- unsigned long overlap; -- unsigned char *p; -- -- item = pqueue_peek(s->d1->buffered_messages); -- if ( item == NULL) -- return 0; -+static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max) -+ { -+ size_t frag_off,frag_len,msg_len; - -- frag = (hm_fragment *)item->data; -- -- if ( s->d1->handshake_read_seq == frag->msg_header.seq && -- frag->msg_header.frag_off <= (unsigned int)s->init_num - DTLS1_HM_HEADER_LENGTH) -- { -- pqueue_pop(s->d1->buffered_messages); -- overlap = s->init_num - DTLS1_HM_HEADER_LENGTH -- - frag->msg_header.frag_off; -- -- p = frag->fragment; -- -- memcpy(&s->init_buf->data[s->init_num], -- p + DTLS1_HM_HEADER_LENGTH + overlap, -- frag->msg_header.frag_len - overlap); -- -- OPENSSL_free(frag->fragment); -- OPENSSL_free(frag); -- pitem_free(item); -+ msg_len = msg_hdr->msg_len; -+ frag_off = msg_hdr->frag_off; -+ frag_len = msg_hdr->frag_len; - -- *copied = frag->msg_header.frag_len - overlap; -- return *copied; -- } -- else -- return 0; -- } -+ /* sanity checking */ -+ if ( (frag_off+frag_len) > msg_len) -+ { -+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -+ return SSL_AD_ILLEGAL_PARAMETER; -+ } - -+ if ( (frag_off+frag_len) > (unsigned long)max) -+ { -+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -+ return SSL_AD_ILLEGAL_PARAMETER; -+ } - --static int --dtls1_buffer_handshake_fragment(SSL *s, struct hm_header_st* msg_hdr) --{ -- hm_fragment *frag = NULL; -- pitem *item = NULL; -- PQ_64BIT seq64; -+ if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ -+ { -+ /* msg_len is limited to 2^24, but is effectively checked -+ * against max above */ -+ if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH)) -+ { -+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); -+ return SSL_AD_INTERNAL_ERROR; -+ } - -- frag = dtls1_hm_fragment_new(msg_hdr->frag_len); -- if ( frag == NULL) -- goto err; -+ s->s3->tmp.message_size = msg_len; -+ s->d1->r_msg_hdr.msg_len = msg_len; -+ s->s3->tmp.message_type = msg_hdr->type; -+ s->d1->r_msg_hdr.type = msg_hdr->type; -+ s->d1->r_msg_hdr.seq = msg_hdr->seq; -+ } -+ else if (msg_len != s->d1->r_msg_hdr.msg_len) -+ { -+ /* They must be playing with us! BTW, failure to enforce -+ * upper limit would open possibility for buffer overrun. */ -+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -+ return SSL_AD_ILLEGAL_PARAMETER; -+ } - -- memcpy(frag->fragment, &(s->init_buf->data[s->init_num]), -- msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH); -+ return 0; /* no error */ -+ } - -- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); - -- pq_64bit_init(&seq64); -- pq_64bit_assign_word(&seq64, msg_hdr->seq); -+static int -+dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) -+ { -+ /* (0) check whether the desired fragment is available -+ * if so: -+ * (1) copy over the fragment to s->init_buf->data[] -+ * (2) update s->init_num -+ */ -+ pitem *item; -+ hm_fragment *frag; -+ int al; - -- item = pitem_new(seq64, frag); -- if ( item == NULL) -- goto err; -+ *ok = 0; -+ item = pqueue_peek(s->d1->buffered_messages); -+ if ( item == NULL) -+ return 0; - -- pq_64bit_free(&seq64); -+ frag = (hm_fragment *)item->data; - -- pqueue_insert(s->d1->buffered_messages, item); -- return 1; -+ if ( s->d1->handshake_read_seq == frag->msg_header.seq) -+ { -+ pqueue_pop(s->d1->buffered_messages); - --err: -- if ( frag != NULL) dtls1_hm_fragment_free(frag); -- if ( item != NULL) OPENSSL_free(item); -- return 0; --} -+ al=dtls1_preprocess_fragment(s,&frag->msg_header,max); - -+ if (al==0) /* no alert */ -+ { -+ unsigned char *p = s->init_buf->data+DTLS1_HM_HEADER_LENGTH; -+ memcpy(&p[frag->msg_header.frag_off], -+ frag->fragment,frag->msg_header.frag_len); -+ } - --static void --dtls1_process_handshake_fragment(SSL *s, int frag_len) -- { -- unsigned char *p; -+ dtls1_hm_fragment_free(frag); -+ pitem_free(item); - -- p = (unsigned char *)s->init_buf->data; -+ if (al==0) -+ { -+ *ok = 1; -+ return frag->msg_header.frag_len; -+ } - -- ssl3_finish_mac(s, &p[s->init_num - frag_len], frag_len); -- } -+ ssl3_send_alert(s,SSL3_AL_FATAL,al); -+ s->init_num = 0; -+ *ok = 0; -+ return -1; -+ } -+ else -+ return 0; -+ } - - - static int --dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st *msg_hdr, int *ok) -- { -- int i; -- unsigned char *p; -- -- /* make sure there's enough room to read this fragment */ -- if ( (int)msg_hdr->frag_len && !BUF_MEM_grow_clean(s->init_buf, -- (int)msg_hdr->frag_len + DTLS1_HM_HEADER_LENGTH + s->init_num)) -- { -- SSLerr(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE,ERR_R_BUF_LIB); -- goto err; -- } -+dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) -+{ -+ int i=-1; -+ hm_fragment *frag = NULL; -+ pitem *item = NULL; -+ PQ_64BIT seq64; -+ unsigned long frag_len = msg_hdr->frag_len; - -- p = (unsigned char *)s->init_buf->data; -+ if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) -+ goto err; - -- /* read the body of the fragment (header has already been read */ -- if ( msg_hdr->frag_len > 0) -+ if (msg_hdr->seq <= s->d1->handshake_read_seq) - { -- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, -- &p[s->init_num], -- msg_hdr->frag_len,0); -- if (i <= 0) -+ unsigned char devnull [256]; -+ -+ while (frag_len) - { -- *ok = 0; -- return i; -+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, -+ devnull, -+ frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0); -+ if (i<=0) goto err; -+ frag_len -= i; - } - } - -- if ( msg_hdr->seq > s->d1->handshake_read_seq) -- dtls1_buffer_handshake_fragment(s, msg_hdr); -- else -- OPENSSL_assert(msg_hdr->seq < s->d1->handshake_read_seq); -+ frag = dtls1_hm_fragment_new(frag_len); -+ if ( frag == NULL) -+ goto err; -+ -+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); -+ -+ if (frag_len) -+ { -+ /* read the body of the fragment (header has already been read */ -+ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, -+ frag->fragment,frag_len,0); -+ if (i<=0 || i!=frag_len) -+ goto err; -+ } -+ -+ pq_64bit_init(&seq64); -+ pq_64bit_assign_word(&seq64, msg_hdr->seq); -+ -+ item = pitem_new(seq64, frag); -+ pq_64bit_free(&seq64); -+ if ( item == NULL) -+ goto err; -+ -+ pqueue_insert(s->d1->buffered_messages, item); -+ return DTLS1_HM_FRAGMENT_RETRY; - -- return DTLS1_HM_FRAGMENT_RETRY; - err: -- *ok = 0; -- return -1; -- } -+ if ( frag != NULL) dtls1_hm_fragment_free(frag); -+ if ( item != NULL) OPENSSL_free(item); -+ *ok = 0; -+ return i; -+ } - - - static long - dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) - { -- unsigned char *p; -+ unsigned char wire[DTLS1_HM_HEADER_LENGTH]; - unsigned long l, frag_off, frag_len; - int i,al; - struct hm_header_st msg_hdr; -- unsigned long overlap; -- -- /* see if we have the required fragment already */ -- if (dtls1_retrieve_buffered_fragment(s, &l)) -- { -- /* compute MAC, remove fragment headers */ -- dtls1_process_handshake_fragment(s, l); -- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; -- s->state = stn; -- return 1; -- } - -- /* get a handshake fragment from the record layer */ -- p = (unsigned char *)s->init_buf->data; -+ /* see if we have the required fragment already */ -+ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) -+ { -+ if (*ok) s->init_num += frag_len; -+ return frag_len; -+ } - -- /* read handshake message header */ -- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], -+ /* read handshake message header */ -+ i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire, - DTLS1_HM_HEADER_LENGTH, 0); - if (i <= 0) /* nbio, or an error */ - { -@@ -555,130 +633,61 @@ dtls1_get_message_fragment(SSL *s, int s - *ok = 0; - return i; - } -- - OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); - -- p += s->init_num; -- /* parse the message fragment header */ -- -- dtls1_get_message_header(p, &msg_hdr); -+ /* parse the message fragment header */ -+ dtls1_get_message_header(wire, &msg_hdr); - -- /* -- * if this is a future (or stale) message it gets buffered -- * (or dropped)--no further processing at this time -- */ -- if ( msg_hdr.seq != s->d1->handshake_read_seq) -- return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); -+ /* -+ * if this is a future (or stale) message it gets buffered -+ * (or dropped)--no further processing at this time -+ */ -+ if ( msg_hdr.seq != s->d1->handshake_read_seq) -+ return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - -- l = msg_hdr.msg_len; -- frag_off = msg_hdr.frag_off; -+ l = msg_hdr.msg_len; -+ frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - -- /* sanity checking */ -- if ( frag_off + frag_len > l) -- { -- al=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -- goto f_err; -- } -- - if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && -- p[0] == SSL3_MT_HELLO_REQUEST) -- { -- /* The server may always send 'Hello Request' messages -- -- * we are doing a handshake anyway now, so ignore them -- * if their format is correct. Does not count for -- * 'Finished' MAC. */ -- if (p[1] == 0 && p[2] == 0 &&p[3] == 0) -- { -- if (s->msg_callback) -- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, -- p, DTLS1_HM_HEADER_LENGTH, s, -- s->msg_callback_arg); -- -- s->init_num = 0; -- return dtls1_get_message_fragment(s, st1, stn, -- max, ok); -- } -- else /* Incorrectly formated Hello request */ -- { -- al=SSL_AD_UNEXPECTED_MESSAGE; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); -- goto f_err; -- } -- } -- -- /* XDTLS: do a sanity check on the fragment */ -- -- s->init_num += i; -- -- if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ -+ wire[0] == SSL3_MT_HELLO_REQUEST) - { -- /* BUF_MEM_grow takes an 'int' parameter */ -- if (l > (INT_MAX-DTLS1_HM_HEADER_LENGTH)) -+ /* The server may always send 'Hello Request' messages -- -+ * we are doing a handshake anyway now, so ignore them -+ * if their format is correct. Does not count for -+ * 'Finished' MAC. */ -+ if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) - { -- al=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -- goto f_err; -- } -- if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l -- + DTLS1_HM_HEADER_LENGTH)) -- { -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); -- goto err; -+ if (s->msg_callback) -+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, -+ wire, DTLS1_HM_HEADER_LENGTH, s, -+ s->msg_callback_arg); -+ -+ s->init_num = 0; -+ return dtls1_get_message_fragment(s, st1, stn, -+ max, ok); - } -- /* Only do this test when we're reading the expected message. -- * Stale messages will be dropped and future messages will be buffered */ -- if ( l > (unsigned long)max) -+ else /* Incorrectly formated Hello request */ - { -- al=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -+ al=SSL_AD_UNEXPECTED_MESSAGE; -+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } -- -- s->s3->tmp.message_size=l; - } - -- if ( frag_len > (unsigned long)max) -- { -- al=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -- goto f_err; -- } -- if ( frag_len + s->init_num > (INT_MAX - DTLS1_HM_HEADER_LENGTH)) -- { -- al=SSL_AD_ILLEGAL_PARAMETER; -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE); -- goto f_err; -- } -- -- if ( frag_len & !BUF_MEM_grow_clean(s->init_buf, (int)frag_len -- + DTLS1_HM_HEADER_LENGTH + s->init_num)) -- { -- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,ERR_R_BUF_LIB); -- goto err; -- } -- -- if ( s->d1->r_msg_hdr.frag_off == 0) -- { -- s->s3->tmp.message_type = msg_hdr.type; -- s->d1->r_msg_hdr.type = msg_hdr.type; -- s->d1->r_msg_hdr.msg_len = l; -- /* s->d1->r_msg_hdr.seq = seq_num; */ -- } -+ if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max))) -+ goto f_err; - - /* XDTLS: ressurect this when restart is in place */ - s->state=stn; -- -- /* next state (stn) */ -- p = (unsigned char *)s->init_buf->data; - - if ( frag_len > 0) - { -+ unsigned char *p=s->init_buf->data+DTLS1_HM_HEADER_LENGTH; -+ - i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, -- &p[s->init_num], -- frag_len,0); -- /* XDTLS: fix this--message fragments cannot span multiple packets */ -+ &p[frag_off],frag_len,0); -+ /* XDTLS: fix this--message fragments cannot span multiple packets */ - if (i <= 0) - { - s->rwstate=SSL_READING; -@@ -689,70 +698,23 @@ dtls1_get_message_fragment(SSL *s, int s - else - i = 0; - -- /* XDTLS: an incorrectly formatted fragment should cause the -- * handshake to fail */ -+ /* XDTLS: an incorrectly formatted fragment should cause the -+ * handshake to fail */ - OPENSSL_assert(i == (int)frag_len); - --#if 0 -- /* Successfully read a fragment. -- * It may be (1) out of order, or -- * (2) it's a repeat, in which case we dump it -- * (3) the one we are expecting next (maybe with overlap) -- * If it is next one, it may overlap with previously read bytes -- */ -+ *ok = 1; - -- /* case (1): buffer the future fragment -- * (we can treat fragments from a future message the same -- * as future fragments from the message being currently read, since -- * they are sematically simply out of order. -- */ -- if ( msg_hdr.seq > s->d1->handshake_read_seq || -- frag_off > s->init_num - DTLS1_HM_HEADER_LENGTH) -- { -- dtls1_buffer_handshake_fragment(s, &msg_hdr); -- return DTLS1_HM_FRAGMENT_RETRY; -- } -- -- /* case (2): drop the entire fragment, and try again */ -- if ( msg_hdr.seq < s->d1->handshake_read_seq || -- frag_off + frag_len < s->init_num - DTLS1_HM_HEADER_LENGTH) -- { -- s->init_num -= DTLS1_HM_HEADER_LENGTH; -- return DTLS1_HM_FRAGMENT_RETRY; -- } --#endif -- -- /* case (3): received a immediately useful fragment. Determine the -- * possible overlap and copy the fragment. -- */ -- overlap = (s->init_num - DTLS1_HM_HEADER_LENGTH) - frag_off; -- -- /* retain the header for the first fragment */ -- if ( s->init_num > DTLS1_HM_HEADER_LENGTH) -- { -- memmove(&(s->init_buf->data[s->init_num]), -- &(s->init_buf->data[s->init_num + DTLS1_HM_HEADER_LENGTH + overlap]), -- frag_len - overlap); -- -- s->init_num += frag_len - overlap; -- } -- else -- s->init_num += frag_len; -- -- dtls1_process_handshake_fragment(s, frag_len - overlap); -- -- if (s->msg_callback) -- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, -- (size_t)s->init_num, s, -- s->msg_callback_arg); -- *ok=1; -- -- return s->init_num; -+ /* Note that s->init_num is *not* used as current offset in -+ * s->init_buf->data, but as a counter summing up fragments' -+ * lengths: as soon as they sum up to handshake packet -+ * length, we assume we have got all the fragments. */ -+ s->init_num += frag_len; -+ return frag_len; - - f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -- s->init_num = 0; --err: -+ s->init_num = 0; -+ - *ok=0; - return(-1); - } -@@ -790,7 +752,7 @@ int dtls1_send_finished(SSL *s, int a, i - - /* buffer the message to handle re-xmits */ - dtls1_buffer_message(s, 0); -- -+ - s->state=b; - } - -@@ -816,9 +778,14 @@ int dtls1_send_change_cipher_spec(SSL *s - *p++=SSL3_MT_CCS; - s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; - s->d1->next_handshake_write_seq++; -- s2n(s->d1->handshake_write_seq,p); -- - s->init_num=DTLS1_CCS_HEADER_LENGTH; -+ -+ if (s->client_version == DTLS1_BAD_VER) -+ { -+ s2n(s->d1->handshake_write_seq,p); -+ s->init_num+=2; -+ } -+ - s->init_off=0; - - dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, -@@ -1056,7 +1023,7 @@ dtls1_buffer_message(SSL *s, int is_ccs) - if ( is_ccs) - { - OPENSSL_assert(s->d1->w_msg_hdr.msg_len + -- DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); -+ DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); - } - else - { -@@ -1259,5 +1226,4 @@ dtls1_get_ccs_header(unsigned char *data - memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); - - ccs_hdr->type = *(data++); -- n2s(data, ccs_hdr->seq); - } -diff -up openssl-0.9.8b/ssl/d1_clnt.c.dtls-fixes openssl-0.9.8b/ssl/d1_clnt.c ---- openssl-0.9.8b/ssl/d1_clnt.c.dtls-fixes 2005-12-05 18:32:19.000000000 +0100 -+++ openssl-0.9.8b/ssl/d1_clnt.c 2007-10-08 17:55:22.000000000 +0200 -@@ -214,17 +214,21 @@ int dtls1_connect(SSL *s) - - /* don't push the buffering BIO quite yet */ - -- ssl3_init_finished_mac(s); -- - s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; -+ /* mark client_random uninitialized */ -+ memset(s->s3->client_random,0,sizeof(s->s3->client_random)); - break; - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; -+ -+ /* every DTLS ClientHello resets Finished MAC */ -+ ssl3_init_finished_mac(s); -+ - ret=dtls1_client_hello(s); - if (ret <= 0) goto end; - -@@ -422,6 +426,9 @@ int dtls1_connect(SSL *s) - s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; - } - s->init_num=0; -+ /* mark client_random uninitialized */ -+ memset (s->s3->client_random,0,sizeof(s->s3->client_random)); -+ - break; - - case SSL3_ST_CR_FINISHED_A: -@@ -544,9 +551,15 @@ int dtls1_client_hello(SSL *s) - /* else use the pre-loaded session */ - - p=s->s3->client_random; -- Time=(unsigned long)time(NULL); /* Time */ -- l2n(Time,p); -- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); -+ /* if client_random is initialized, reuse it, we are -+ * required to use same upon reply to HelloVerify */ -+ for (i=0;p[i]=='\0' && is3->client_random);i++) ; -+ if (i==sizeof(s->s3->client_random)) -+ { -+ Time=(unsigned long)time(NULL); /* Time */ -+ l2n(Time,p); -+ RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); -+ } - - /* Do the message type and length last */ - d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/openssl-0.9.8b-cve-2007-5135.patch b/openssl-0.9.8b-cve-2007-5135.patch deleted file mode 100644 index 49e2fff..0000000 --- a/openssl-0.9.8b-cve-2007-5135.patch +++ /dev/null @@ -1,45 +0,0 @@ -Possible one byte buffer overflow in SSL_get_shared_ciphers. -CVE-2007-5135 -diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c ---- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200 -+++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200 -@@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha - char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { - char *p; -- const char *cp; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int i; -@@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL * - sk=s->session->ciphers; - for (i=0; iname; *cp; ) -+ n=strlen(c->name); -+ if (n+1 > len) - { -- if (len-- <= 0) -- { -- *p='\0'; -- return(buf); -- } -- else -- *(p++)= *(cp++); -+ if (p != buf) -+ --p; -+ *p='\0'; -+ return buf; - } -+ strcpy(p,c->name); -+ p+=n; - *(p++)=':'; -+ len-=n+1; - } - p[-1]='\0'; - return(buf); diff --git a/openssl-0.9.8b-enc-bufsize.patch b/openssl-0.9.8b-enc-bufsize.patch deleted file mode 100644 index b17cd5e..0000000 --- a/openssl-0.9.8b-enc-bufsize.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- openssl-0.9.8a/apps/enc.c.orig 2006-07-27 18:37:05.000000000 -0500 -+++ openssl-0.9.8a/apps/enc.c 2006-07-27 18:38:30.000000000 -0500 -@@ -340,7 +340,7 @@ - } - - /* It must be large enough for a base64 encoded line */ -- if (n < 80) n=80; -+ if (base64 && n < 80) n=80; - - bsize=(int)n; - if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); -@@ -370,7 +370,11 @@ - } - - if (inf == NULL) -+ { -+ if (bufsize != NULL) -+ setvbuf(stdin, (char *)NULL, _IONBF, 0); - BIO_set_fp(in,stdin,BIO_NOCLOSE); -+ } - else - { - if (BIO_read_filename(in,inf) <= 0) -@@ -421,6 +425,8 @@ - if (outf == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); -+ if (bufsize != NULL) -+ setvbuf(stdout, (char *)NULL, _IONBF, 0); - #ifdef OPENSSL_SYS_VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); diff --git a/openssl-0.9.8b-pkcs12-fix.patch b/openssl-0.9.8b-pkcs12-fix.patch deleted file mode 100644 index 59f7ae2..0000000 --- a/openssl-0.9.8b-pkcs12-fix.patch +++ /dev/null @@ -1,49 +0,0 @@ -openssl/crypto/pkcs12/p12_mutl.c 1.23.2.1 -> 1.23.2.2 - ---- openssl/crypto/pkcs12/p12_mutl.c 2005/06/30 11:34:27 1.23.2.1 -+++ openssl/crypto/pkcs12/p12_mutl.c 2006/05/17 18:20:27 1.23.2.2 -@@ -69,7 +69,7 @@ - { - const EVP_MD *md_type; - HMAC_CTX hmac; -- unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; -+ unsigned char key[EVP_MAX_MD_SIZE], *salt; - int saltlen, iter; - - if (!PKCS7_type_is_data(p12->authsafes)) -@@ -88,12 +88,12 @@ - return 0; - } - if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -- PKCS12_MAC_KEY_LENGTH, key, md_type)) { -+ EVP_MD_size(md_type), key, md_type)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); - return 0; - } - HMAC_CTX_init(&hmac); -- HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); -+ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); - HMAC_Update(&hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length); - HMAC_Final(&hmac, mac, maclen); -openssl/apps/pkcs12.c 1.79.2.1 -> 1.79.2.2 - ---- openssl/apps/pkcs12.c 2005/05/31 17:31:50 1.79.2.1 -+++ openssl/apps/pkcs12.c 2006/05/17 18:25:59 1.79.2.2 -@@ -825,12 +825,14 @@ - PBEPARAM *pbe; - const unsigned char *p; - p = alg->parameter->value.sequence->data; -- pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); -+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); -+ if (!pbe) -+ return 1; - BIO_printf (bio_err, "%s, Iteration %ld\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), - ASN1_INTEGER_get(pbe->iter)); - PBEPARAM_free (pbe); -- return 0; -+ return 1; - } - - /* Load all certificates from a given file */ diff --git a/openssl-0.9.8b-pkcs7-leak.patch b/openssl-0.9.8b-pkcs7-leak.patch deleted file mode 100644 index b6f7b2c..0000000 --- a/openssl-0.9.8b-pkcs7-leak.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openssl-0.9.8b/crypto/pkcs7/pk7_smime.c.pk7-leak 2005-08-05 00:10:05.000000000 +0200 -+++ openssl-0.9.8b/crypto/pkcs7/pk7_smime.c 2006-07-20 13:53:16.000000000 +0200 -@@ -127,6 +127,8 @@ - } - } - -+ if(flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1); -+ - if (flags & PKCS7_STREAM) - return p7; - -@@ -138,8 +140,6 @@ - - SMIME_crlf_copy(data, p7bio, flags); - -- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); -- - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); - PKCS7_free(p7); diff --git a/openssl-0.9.8b-x509-add-dir.patch b/openssl-0.9.8b-x509-add-dir.patch deleted file mode 100644 index 02c2dc6..0000000 --- a/openssl-0.9.8b-x509-add-dir.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- openssl-0.9.8b/crypto/x509/by_dir.c.add-dir 2005-07-03 15:15:53.000000000 +0200 -+++ openssl-0.9.8b/crypto/x509/by_dir.c 2006-10-03 15:14:06.000000000 +0200 -@@ -189,7 +189,7 @@ - - s=dir; - p=s; -- for (;;) -+ for (;;p++) - { - if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) - { -@@ -198,8 +198,11 @@ - len=(int)(p-ss); - if (len == 0) continue; - for (j=0; jnum_dirs; j++) -- if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) -- continue; -+ if (strlen(ctx->dirs[j]) == len && -+ strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) -+ break; -+ if (jnum_dirs) -+ continue; - if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) - { - ctx->num_dirs_alloced+=10; -@@ -231,7 +234,6 @@ - ctx->num_dirs++; - } - if (*p == '\0') break; -- p++; - } - return(1); - } diff --git a/openssl-0.9.8b-ipv6-apps.patch b/openssl-0.9.8g-ipv6-apps.patch similarity index 86% rename from openssl-0.9.8b-ipv6-apps.patch rename to openssl-0.9.8g-ipv6-apps.patch index 6c51509..588cf4e 100644 --- a/openssl-0.9.8b-ipv6-apps.patch +++ b/openssl-0.9.8g-ipv6-apps.patch @@ -1,103 +1,7 @@ -diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_apps.h openssl-0.9.8b/apps/s_apps.h ---- openssl-0.9.8b.orig/apps/s_apps.h 2006-07-11 16:14:29.000000000 +0200 -+++ openssl-0.9.8b/apps/s_apps.h 2006-07-13 08:44:29.000000000 +0200 -@@ -148,7 +148,7 @@ - #define PORT_STR "4433" - #define PROTOCOL "tcp" - --int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); -+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -156,10 +156,9 @@ - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); - #endif --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, char *port, int type); - int should_retry(int i); --int extract_port(char *str, short *port_ptr); --int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -+int extract_host_port(char *str,char **host_ptr,char **port_ptr); - - long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret); -diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_client.c openssl-0.9.8b/apps/s_client.c ---- openssl-0.9.8b.orig/apps/s_client.c 2005-11-25 14:46:41.000000000 +0100 -+++ openssl-0.9.8b/apps/s_client.c 2006-07-13 08:44:29.000000000 +0200 -@@ -246,7 +246,7 @@ - int cbuf_len,cbuf_off; - int sbuf_len,sbuf_off; - fd_set readfds,writefds; -- short port=PORT; -+ char *port_str = PORT_STR; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; -@@ -330,13 +330,12 @@ - else if (strcmp(*argv,"-port") == 0) - { - if (--argc < 1) goto bad; -- port=atoi(*(++argv)); -- if (port == 0) goto bad; -+ port_str= *(++argv); - } - else if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; -- if (!extract_host_port(*(++argv),&host,NULL,&port)) -+ if (!extract_host_port(*(++argv),&host,&port_str)) - goto bad; - } - else if (strcmp(*argv,"-verify") == 0) -@@ -619,7 +618,7 @@ - - re_start: - -- if (init_client(&s,host,port,sock_type) == 0) -+ if (init_client(&s,host,port_str,sock_type) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); - SHUTDOWN(s); -diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_server.c openssl-0.9.8b/apps/s_server.c ---- openssl-0.9.8b.orig/apps/s_server.c 2005-09-02 14:27:02.000000000 +0200 -+++ openssl-0.9.8b/apps/s_server.c 2006-07-13 08:44:29.000000000 +0200 -@@ -532,7 +532,7 @@ - { - X509_STORE *store = NULL; - int vflags = 0; -- short port=PORT; -+ char *port_str = PORT_STR; - char *CApath=NULL,*CAfile=NULL; - unsigned char *context = NULL; - char *dhfile = NULL; -@@ -597,8 +597,7 @@ - (strcmp(*argv,"-accept") == 0)) - { - if (--argc < 1) goto bad; -- if (!extract_port(*(++argv),&port)) -- goto bad; -+ port_str= *(++argv); - } - else if (strcmp(*argv,"-verify") == 0) - { -@@ -1086,9 +1085,9 @@ - - BIO_printf(bio_s_out,"ACCEPT\n"); - if (www) -- do_server(port,sock_type,&accept_socket,www_body, context); -+ do_server(port_str,sock_type,&accept_socket,www_body, context); - else -- do_server(port,sock_type,&accept_socket,sv_body, context); -+ do_server(port_str,sock_type,&accept_socket,sv_body, context); - print_stats(bio_s_out,ctx); - ret=0; - end: -diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_socket.c openssl-0.9.8b/apps/s_socket.c ---- openssl-0.9.8b.orig/apps/s_socket.c 2005-06-13 05:21:00.000000000 +0200 -+++ openssl-0.9.8b/apps/s_socket.c 2006-07-13 08:44:29.000000000 +0200 -@@ -96,9 +96,7 @@ +diff -up openssl-0.9.8g/apps/s_socket.c.ipv6-apps openssl-0.9.8g/apps/s_socket.c +--- openssl-0.9.8g/apps/s_socket.c.ipv6-apps 2005-06-13 05:21:00.000000000 +0200 ++++ openssl-0.9.8g/apps/s_socket.c 2007-12-03 13:28:42.000000000 +0100 +@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); @@ -108,7 +12,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ static int do_accept(int acc_sock, int *sock, char **host); static int host_ip(char *str, unsigned char ip[4]); -@@ -228,60 +226,69 @@ +@@ -228,60 +226,69 @@ static int ssl_sock_init(void) return(1); } @@ -208,17 +112,17 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ + res = res->ai_next; + } + freeaddrinfo(res0); -+ + +-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) + perror(failed_call); + return(0); + } - --int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) ++ +int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) { int sock; char *name = NULL; -@@ -319,33 +326,38 @@ +@@ -319,33 +326,38 @@ int do_server(int port, int type, int *r } } @@ -248,15 +152,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ -#else - memcpy(&server.sin_addr,ip,4); -#endif -- ++ memset(&hints, '\0', sizeof(hints)); ++ hints.ai_socktype = type; ++ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; + - if (type == SOCK_STREAM) - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); - else /* type == SOCK_DGRAM */ - s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_socktype = type; -+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; -+ + e = getaddrinfo(NULL, port, &hints, &res); + if (e) + { @@ -279,7 +182,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ #if defined SOL_SOCKET && defined SO_REUSEADDR { int j = 1; -@@ -353,36 +365,39 @@ +@@ -353,36 +365,39 @@ static int init_server_long(int *sock, i (void *) &j, sizeof j); } #endif @@ -339,7 +242,7 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ int len; /* struct linger ling; */ -@@ -427,137 +442,62 @@ +@@ -427,137 +442,62 @@ redoit: if (i < 0) { perror("keepalive"); return(0); } */ @@ -353,14 +256,14 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ - sizeof(struct in_addr),AF_INET); -#endif - if (h1 == NULL) -+ if (host == NULL) - { +- { - BIO_printf(bio_err,"bad gethostbyaddr\n"); - *host=NULL; - /* return(0); */ - } - else -- { ++ if (host == NULL) + { - if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) - { - perror("OPENSSL_malloc"); @@ -506,3 +409,99 @@ diff --exclude-from=exclude-diff-openssl-0.9.8b -bru openssl-0.9.8b.orig/apps/s_ return(1); } +diff -up openssl-0.9.8g/apps/s_server.c.ipv6-apps openssl-0.9.8g/apps/s_server.c +--- openssl-0.9.8g/apps/s_server.c.ipv6-apps 2007-08-23 14:16:02.000000000 +0200 ++++ openssl-0.9.8g/apps/s_server.c 2007-12-03 13:31:14.000000000 +0100 +@@ -592,7 +592,7 @@ int MAIN(int argc, char *argv[]) + { + X509_STORE *store = NULL; + int vflags = 0; +- short port=PORT; ++ char *port_str = PORT_STR; + char *CApath=NULL,*CAfile=NULL; + unsigned char *context = NULL; + char *dhfile = NULL; +@@ -662,8 +662,7 @@ int MAIN(int argc, char *argv[]) + (strcmp(*argv,"-accept") == 0)) + { + if (--argc < 1) goto bad; +- if (!extract_port(*(++argv),&port)) +- goto bad; ++ port_str= *(++argv); + } + else if (strcmp(*argv,"-verify") == 0) + { +@@ -1332,9 +1331,9 @@ bad: + } + BIO_printf(bio_s_out,"ACCEPT\n"); + if (www) +- do_server(port,socket_type,&accept_socket,www_body, context); ++ do_server(port_str,socket_type,&accept_socket,www_body, context); + else +- do_server(port,socket_type,&accept_socket,sv_body, context); ++ do_server(port_str,socket_type,&accept_socket,sv_body, context); + print_stats(bio_s_out,ctx); + ret=0; + end: +diff -up openssl-0.9.8g/apps/s_client.c.ipv6-apps openssl-0.9.8g/apps/s_client.c +--- openssl-0.9.8g/apps/s_client.c.ipv6-apps 2007-08-23 14:20:56.000000000 +0200 ++++ openssl-0.9.8g/apps/s_client.c 2007-12-03 13:28:42.000000000 +0100 +@@ -285,7 +285,7 @@ int MAIN(int argc, char **argv) + int cbuf_len,cbuf_off; + int sbuf_len,sbuf_off; + fd_set readfds,writefds; +- short port=PORT; ++ char *port_str = PORT_STR; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; +@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv) + else if (strcmp(*argv,"-port") == 0) + { + if (--argc < 1) goto bad; +- port=atoi(*(++argv)); +- if (port == 0) goto bad; ++ port_str= *(++argv); + } + else if (strcmp(*argv,"-connect") == 0) + { + if (--argc < 1) goto bad; +- if (!extract_host_port(*(++argv),&host,NULL,&port)) ++ if (!extract_host_port(*(++argv),&host,&port_str)) + goto bad; + } + else if (strcmp(*argv,"-verify") == 0) +@@ -739,7 +738,7 @@ bad: + + re_start: + +- if (init_client(&s,host,port,sock_type) == 0) ++ if (init_client(&s,host,port_str,sock_type) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); +diff -up openssl-0.9.8g/apps/s_apps.h.ipv6-apps openssl-0.9.8g/apps/s_apps.h +--- openssl-0.9.8g/apps/s_apps.h.ipv6-apps 2007-12-03 13:28:42.000000000 +0100 ++++ openssl-0.9.8g/apps/s_apps.h 2007-12-03 13:28:42.000000000 +0100 +@@ -148,7 +148,7 @@ typedef fd_mask fd_set; + #define PORT_STR "4433" + #define PROTOCOL "tcp" + +-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); ++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok, + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); + int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); + #endif +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, char *port, int type); + int should_retry(int i); +-int extract_port(char *str, short *port_ptr); +-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); ++int extract_host_port(char *str,char **host_ptr,char **port_ptr); + + long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, + int argi, long argl, long ret); diff --git a/openssl-0.9.8a-redhat.patch b/openssl-0.9.8g-redhat.patch similarity index 91% rename from openssl-0.9.8a-redhat.patch rename to openssl-0.9.8g-redhat.patch index 02a9527..71b85c4 100644 --- a/openssl-0.9.8a-redhat.patch +++ b/openssl-0.9.8g-redhat.patch @@ -1,6 +1,7 @@ ---- openssl-0.9.8a/Configure.redhat 2005-11-08 01:50:41.000000000 +0100 -+++ openssl-0.9.8a/Configure 2005-11-08 10:23:38.000000000 +0100 -@@ -313,29 +313,29 @@ +diff -up openssl-0.9.8g/Configure.redhat openssl-0.9.8g/Configure +--- openssl-0.9.8g/Configure.redhat 2007-09-16 14:24:17.000000000 +0200 ++++ openssl-0.9.8g/Configure 2007-12-03 13:16:08.000000000 +0100 +@@ -313,28 +313,28 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... @@ -16,10 +17,9 @@ +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", #### -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - # -bpowerpc64-linux is transient option, -m64 should be the one to use... --"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-ppc64", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -36,12 +36,12 @@ -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall -Wa,-Av8plus -DBN_DIV2W \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -349,8 +349,8 @@ +@@ -348,8 +348,8 @@ my %table=( # # # diff --git a/openssl-0.9.8b-soversion.patch b/openssl-0.9.8g-soversion.patch similarity index 69% rename from openssl-0.9.8b-soversion.patch rename to openssl-0.9.8g-soversion.patch index 25c4899..699fcae 100644 --- a/openssl-0.9.8b-soversion.patch +++ b/openssl-0.9.8g-soversion.patch @@ -3,17 +3,30 @@ compatibility, we have to increment the soname in order to allow this version to co-exist with another versions and have everything work right. ---- openssl-0.9.8b/Makefile.org.soversion 2006-05-11 11:53:26.000000000 +0200 -+++ openssl-0.9.8b/Makefile.org 2006-05-11 12:14:05.000000000 +0200 -@@ -10,6 +10,7 @@ +diff -up openssl-0.9.8g/Configure.soversion openssl-0.9.8g/Configure +--- openssl-0.9.8g/Configure.soversion 2007-12-03 14:41:19.000000000 +0100 ++++ openssl-0.9.8g/Configure 2007-12-03 14:41:19.000000000 +0100 +@@ -1371,7 +1371,7 @@ while () + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { +diff -up openssl-0.9.8g/Makefile.org.soversion openssl-0.9.8g/Makefile.org +--- openssl-0.9.8g/Makefile.org.soversion 2007-12-03 14:41:19.000000000 +0100 ++++ openssl-0.9.8g/Makefile.org 2007-12-03 14:41:19.000000000 +0100 +@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= SHLIB_MAJOR= SHLIB_MINOR= SHLIB_EXT= -+SHLIB_SONAMEVER=6 ++SHLIB_SONAMEVER=7 PLATFORM=dist OPTIONS= CONFIGURE_ARGS= -@@ -277,10 +278,9 @@ +@@ -277,10 +278,9 @@ clean-shared: link-shared: @ set -e; for i in ${SHLIBDIRS}; do \ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ @@ -25,7 +38,7 @@ work right. done build-shared: do_$(SHLIB_TARGET) link-shared -@@ -291,7 +291,7 @@ +@@ -291,7 +291,7 @@ do_$(SHLIB_TARGET): libs="$(LIBKRB5) $$libs"; \ fi; \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ @@ -34,14 +47,3 @@ work right. LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ LIBDEPS="$$libs $(EX_LIBS)" \ link_a.$(SHLIB_TARGET); \ ---- openssl-0.9.8b/Configure.soversion 2006-05-11 11:53:26.000000000 +0200 -+++ openssl-0.9.8b/Configure 2006-05-11 11:53:26.000000000 +0200 -@@ -1327,7 +1327,7 @@ - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { diff --git a/openssl.spec b/openssl.spec index 4b3e299..407ee77 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,8 @@ # 0.9.7a soversion = 4 # 0.9.7ef soversion = 5 # 0.9.8ab soversion = 6 -%define soversion 6 +# 0.9.8g soversion = 7 +%define soversion 7 # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -20,8 +21,8 @@ Summary: The OpenSSL toolkit Name: openssl -Version: 0.9.8b -Release: 17%{?dist} +Version: 0.9.8g +Release: 1%{?dist} Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -33,41 +34,25 @@ Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h # Build changes -Patch0: openssl-0.9.8a-redhat.patch +Patch0: openssl-0.9.8g-redhat.patch Patch1: openssl-0.9.8a-defaults.patch Patch2: openssl-0.9.8a-link-krb5.patch -Patch3: openssl-0.9.8b-soversion.patch +Patch3: openssl-0.9.8g-soversion.patch Patch4: openssl-0.9.8a-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch -Patch24: openssl-0.9.8a-padlock.patch +Patch6: openssl-0.9.8b-test-use-localhost.patch +# Bug fixes +Patch21: openssl-0.9.8b-aliasing-bug.patch +Patch22: openssl-0.9.8b-x509-name-cmp.patch # Functionality changes Patch32: openssl-0.9.7-beta6-ia64.patch Patch33: openssl-0.9.7f-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.7-beta5-version-add-engines.patch -Patch36: openssl-0.9.8a-use-poll.patch Patch38: openssl-0.9.8a-reuse-cipher-change.patch -Patch39: openssl-0.9.8b-ipv6-apps.patch -Patch40: openssl-0.9.8b-enc-bufsize.patch +Patch39: openssl-0.9.8g-ipv6-apps.patch # Backported fixes including security fixes -Patch51: openssl-0.9.8b-block-padding.patch -Patch52: openssl-0.9.8b-pkcs12-fix.patch -Patch53: openssl-0.9.8b-bn-threadsafety.patch -Patch54: openssl-0.9.8b-aes-cachecol.patch -Patch55: openssl-0.9.8b-pkcs7-leak.patch -Patch56: openssl-0.9.8b-cve-2006-4339.patch -Patch57: openssl-0.9.8b-cve-2006-2937.patch -Patch58: openssl-0.9.8b-cve-2006-2940.patch -Patch59: openssl-0.9.8b-cve-2006-3738.patch -Patch60: openssl-0.9.8b-cve-2006-4343.patch -Patch61: openssl-0.9.8b-aliasing-bug.patch -Patch62: openssl-0.9.8b-x509-name-cmp.patch -Patch63: openssl-0.9.8b-x509-add-dir.patch -Patch64: openssl-0.9.8b-test-use-localhost.patch -Patch65: openssl-0.9.8b-cve-2007-3108.patch -Patch66: openssl-0.9.7a-ssl-strict-matching.patch -Patch67: openssl-0.9.8b-cve-2007-4995.patch -Patch68: openssl-0.9.8b-cve-2007-5135.patch +# None yet License: OpenSSL Group: System Environment/Libraries @@ -116,36 +101,17 @@ from other formats to the formats used by the OpenSSL toolkit. %patch3 -p1 -b .soversion %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath +%patch6 -p1 -b .use-localhost -%patch24 -p1 -b .padlock +%patch21 -p1 -b .aliasing-bug +%patch22 -p1 -b .name-cmp %patch32 -p1 -b .ia64 #patch33 is applied after make test %patch34 -p1 -b .x509 %patch35 -p1 -b .version-add-engines -%patch36 -p1 -b .use-poll %patch38 -p1 -b .cipher-change %patch39 -p1 -b .ipv6-apps -%patch40 -p1 -b .enc-bufsize - -%patch51 -p1 -b .block-padding -%patch52 -p1 -b .pkcs12-fix -%patch53 -p1 -b .bn-threadsafety -%patch54 -p1 -b .cachecol -%patch55 -p1 -b .pkcs7-leak -%patch56 -p1 -b .short-padding -%patch57 -p1 -b .asn1-error -%patch58 -p0 -b .parasitic -%patch59 -p0 -b .shared-ciphers -%patch60 -p0 -b .client-dos -%patch61 -p1 -b .aliasing-bug -%patch62 -p1 -b .name-cmp -%patch63 -p1 -b .add-dir -%patch64 -p1 -b .use-localhost -%patch65 -p1 -b .no-branch -%patch66 -p1 -b .strict-matching -%patch67 -p1 -b .dtls-fixes -%patch68 -p1 -b .shciphers # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -386,6 +352,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint %postun -p /sbin/ldconfig %changelog +* Mon Nov 3 2007 Tomas Mraz 0.9.8g-1 +- update to latest upstream release, SONAME bumped to 7 + * Mon Oct 15 2007 Joe Orton 0.9.8b-17 - update to new CA bundle from mozilla.org diff --git a/sources b/sources index 8e58421..6a814b3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c99f8df9f19fdd38ee784b0ac06c2221 openssl-0.9.8b-usa.tar.bz2 +3208630e1965e9b801a21831995ad537 openssl-0.9.8g-usa.tar.bz2