[Midnightbsd-cvs] src [6971] trunk/crypto/openssl: Upgrade to openssl 0.9.8ze
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Mar 6 21:55:44 EST 2015
Revision: 6971
http://svnweb.midnightbsd.org/src/?rev=6971
Author: laffer1
Date: 2015-03-06 21:55:43 -0500 (Fri, 06 Mar 2015)
Log Message:
-----------
Upgrade to openssl 0.9.8ze
Modified Paths:
--------------
trunk/UPDATING
trunk/crypto/openssl/CHANGES
trunk/crypto/openssl/Makefile
trunk/crypto/openssl/Makefile.bak
trunk/crypto/openssl/NEWS
trunk/crypto/openssl/README
trunk/crypto/openssl/crypto/Makefile
trunk/crypto/openssl/crypto/asn1/a_bitstr.c
trunk/crypto/openssl/crypto/asn1/a_type.c
trunk/crypto/openssl/crypto/asn1/a_verify.c
trunk/crypto/openssl/crypto/asn1/asn1.h
trunk/crypto/openssl/crypto/asn1/asn1_err.c
trunk/crypto/openssl/crypto/asn1/tasn_dec.c
trunk/crypto/openssl/crypto/asn1/x_algor.c
trunk/crypto/openssl/crypto/bn/asm/mips3.s
trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
trunk/crypto/openssl/crypto/bn/bn_asm.c
trunk/crypto/openssl/crypto/bn/bntest.c
trunk/crypto/openssl/crypto/bn/exptest.c
trunk/crypto/openssl/crypto/constant_time_locl.h
trunk/crypto/openssl/crypto/cryptlib.c
trunk/crypto/openssl/crypto/dsa/dsa_asn1.c
trunk/crypto/openssl/crypto/ecdsa/ecs_vrf.c
trunk/crypto/openssl/crypto/evp/Makefile
trunk/crypto/openssl/crypto/evp/evp_enc.c
trunk/crypto/openssl/crypto/md32_common.h
trunk/crypto/openssl/crypto/opensslv.h
trunk/crypto/openssl/crypto/rand/rand_win.c
trunk/crypto/openssl/crypto/rsa/rsa_oaep.c
trunk/crypto/openssl/crypto/rsa/rsa_pk1.c
trunk/crypto/openssl/crypto/x509/x509.h
trunk/crypto/openssl/crypto/x509/x_all.c
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
trunk/crypto/openssl/e_os.h
trunk/crypto/openssl/openssl.spec
trunk/crypto/openssl/ssl/d1_pkt.c
trunk/crypto/openssl/ssl/d1_srvr.c
trunk/crypto/openssl/ssl/s23_srvr.c
trunk/crypto/openssl/ssl/s3_clnt.c
trunk/crypto/openssl/ssl/s3_pkt.c
trunk/crypto/openssl/ssl/s3_srvr.c
trunk/crypto/openssl/ssl/ssl.h
trunk/crypto/openssl/ssl/ssl_lib.c
trunk/crypto/openssl/util/libeay.num
trunk/crypto/openssl/util/mk1mf.pl
Removed Paths:
-------------
trunk/crypto/openssl/INSTALL.DJGPP
trunk/crypto/openssl/INSTALL.VMS
Property Changed:
----------------
trunk/crypto/openssl/
Modified: trunk/UPDATING
===================================================================
--- trunk/UPDATING 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/UPDATING 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1,5 +1,8 @@
Updating Information for MidnightBSD users.
+20150306:
+ Upgrade OpenSSL to 0.9.8ze
+
20150225:
Fix two security vulnerabilities.
Index: trunk/crypto/openssl
===================================================================
--- trunk/crypto/openssl 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl 2015-03-07 02:55:43 UTC (rev 6971)
Property changes on: trunk/crypto/openssl
___________________________________________________________________
Modified: svn:mergeinfo
## -1 +1 ##
-/vendor-crypto/openssl/dist:6869-6896
\ No newline at end of property
+/vendor-crypto/openssl/dist:6869-6970
\ No newline at end of property
Modified: trunk/crypto/openssl/CHANGES
===================================================================
--- trunk/crypto/openssl/CHANGES 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/CHANGES 2015-03-07 02:55:43 UTC (rev 6971)
@@ -2,6 +2,92 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+ [Matt Caswell and Richard Levitte]
+
+ Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
+ *) Remove non-export ephemeral RSA code on client and server. This code
+ violated the TLS standard by allowing the use of temporary RSA keys in
+ non-export ciphersuites and could be used by a server to effectively
+ downgrade the RSA key length used to a value smaller than the server
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
+ (CVE-2015-0204)
+ [Steve Henson]
+
+ *) Fix various certificate fingerprint issues.
+
+ By using non-DER or invalid encodings outside the signed portion of a
+ certificate the fingerprint can be changed without breaking the signature.
+ Although no details of the signed portion of the certificate can be changed
+ this can cause problems with some applications: e.g. those using the
+ certificate fingerprint for blacklists.
+
+ 1. Reject signatures with non zero unused bits.
+
+ If the BIT STRING containing the signature has non zero unused bits reject
+ the signature. All current signature algorithms require zero unused bits.
+
+ 2. Check certificate algorithm consistency.
+
+ Check the AlgorithmIdentifier inside TBS matches the one in the
+ certificate signature. NB: this will result in signature failure
+ errors for some broken certificates.
+
+ Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+ 3. Check DSA/ECDSA signatures use DER.
+
+ Reencode DSA/ECDSA signatures and compare with the original received
+ signature. Return an error if there is a mismatch.
+
+ This will reject various cases including garbage after signature
+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+ (negative or with leading zeroes).
+
+ Further analysis was conducted and fixes were developed by Stephen Henson
+ of the OpenSSL core team.
+
+ (CVE-2014-8275)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014]
*) Session Ticket Memory Leak.
Deleted: trunk/crypto/openssl/INSTALL.DJGPP
===================================================================
--- trunk/crypto/openssl/INSTALL.DJGPP 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/INSTALL.DJGPP 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1,47 +0,0 @@
-
-
- INSTALLATION ON THE DOS PLATFORM WITH DJGPP
- -------------------------------------------
-
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
- environment for 16-bit DOS, but only with long filename support.
- If you wish to compile on native DOS with 8+3 filenames, you will
- have to tweak the installation yourself, including renaming files
- with illegal or duplicate names.
-
- You should have a full DJGPP environment installed, including the
- latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
- requires that PERL and BC also be installed.
-
- All of these can be obtained from the usual DJGPP mirror sites or
- directly at "http://www.delorie.com/pub/djgpp". For help on which
- files to download, see the DJGPP "ZIP PICKER" page at
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
- the WATT-32 networking package installed before you try to compile
- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
- The Makefile assumes that the WATT-32 code is in the directory
- specified by the environment variable WATT_ROOT. If you have watt-32
- in directory "watt32" under your main DJGPP directory, specify
- WATT_ROOT="/dev/env/DJDIR/watt32".
-
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
- running "./Configure" with appropriate arguments:
-
- ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
-
- And finally fire up "make". You may run out of DPMI selectors when
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
-
- RUN-TIME CAVEAT LECTOR
- --------------
-
- Quoting FAQ:
-
- "Cryptographic software needs a source of unpredictable data to work
- correctly. Many open source operating systems provide a "randomness
- device" (/dev/urandom or /dev/random) that serves this purpose."
-
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".
Deleted: trunk/crypto/openssl/INSTALL.VMS
===================================================================
--- trunk/crypto/openssl/INSTALL.VMS 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/INSTALL.VMS 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1,299 +0,0 @@
- VMS Installation instructions
- written by Richard Levitte
- <richard at levitte.org>
-
-
-Intro:
-======
-
-This file is divided in the following parts:
-
- Requirements - Mandatory reading.
- Checking the distribution - Mandatory reading.
- Compilation - Mandatory reading.
- Logical names - Mandatory reading.
- Test - Mandatory reading.
- Installation - Mandatory reading.
- Backward portability - Read if it's an issue.
- Possible bugs or quirks - A few warnings on things that
- may go wrong or may surprise you.
- TODO - Things that are to come.
-
-
-Requirements:
-=============
-
-To build and install OpenSSL, you will need:
-
- * DEC C or some other ANSI C compiler. VAX C is *not* supported.
- [Note: OpenSSL has only been tested with DEC C. Compiling with
- a different ANSI C compiler may require some work]
-
-Checking the distribution:
-==========================
-
-There have been reports of places where the distribution didn't quite get
-through, for example if you've copied the tree from a NFS-mounted Unix
-mount point.
-
-The easiest way to check if everything got through as it should is to check
-for one of the following files:
-
- [.CRYPTO]OPENSSLCONF.H_IN
- [.CRYPTO]OPENSSLCONF_H.IN
-
-They should never exist both at once, but one of them should (preferably
-the first variant). If you can't find any of those two, something went
-wrong.
-
-The best way to get a correct distribution is to download the gzipped tar
-file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
-use VMSTAR to unpack the resulting tar file.
-
-GUNZIP is available in many places on the net. One of the distribution
-points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
-
-VMSTAR is also available in many places on the net. The recommended place
-to find information about it is http://www.free.lp.se/vmstar/ .
-
-
-Compilation:
-============
-
-I've used the very good command procedures written by Robert Byer
-<byer at mail.all-net.net>, and just slightly modified them, making
-them slightly more general and easier to maintain.
-
-You can actually compile in almost any directory separately. Look
-for a command procedure name xxx-LIB.COM (in the library directories)
-or MAKExxx.COM (in the program directories) and read the comments at
-the top to understand how to use them. However, if you want to
-compile all you can get, the simplest is to use MAKEVMS.COM in the top
-directory. The syntax is the following:
-
- @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
-
-<option> must be one of the following:
-
- ALL Just build "everything".
- CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
- BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
- SOFTLINKS Just copies some files, to simulate Unix soft links.
- BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
- RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
- CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
- SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
- SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
- TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
- APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
-
-<rsaref-p> must be one of the following:
-
- RSAREF compile using the RSAREF Library
- NORSAREF compile without using RSAREF
-
-Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
- expires September 20, 2000, and RSA Security chose to make
- the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
- and you have to download it. RSA Security doesn't carry it
- any more, but there are a number of places where you can find
- it. You have to get the ".tar-Z" file as the ".zip" file
- doesn't have the directory structure stored. You have to
- extract the file into the [.RSAREF] directory as that is where
- the scripts will look for the files.
-
-Note 2: I have never done this, so I've no idea if it works or not.
-
-<debug-p> must be one of the following:
-
- DEBUG compile with debugging info (will not optimize)
- NODEBUG compile without debugging info (will optimize)
-
-<compiler> must be one of the following:
-
- DECC For DEC C.
- GNUC For GNU C.
-
-
-You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
-where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
-named LIBSSL.OLB, and you will find a bunch of useful programs in
-[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
-just to test them. For production use, make sure you install first, see
-Installation below.
-
-Note 1: Some programs in this package require a TCP/IP library.
-
-Note 2: if you want to compile the crypto library only, please make sure
- you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
- a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
-
-
-Logical names:
-==============
-
-There are a few things that can't currently be given through the command
-line. Instead, logical names are used.
-
-Currently, the logical names supported are:
-
- OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
- not be used. Instead, plain C implementations are
- used. This is good to try if something doesn't work.
- OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
- will not be implemented. Supported algorithms to
- do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
- SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
- SSL2. So, for example, having the logical name
- OPENSSL_NO_RSA with the value YES means that the
- LIBCRYPTO.OLB library will not contain an RSA
- implementation.
-
-
-Test:
-=====
-
-Testing is very simple, just do the following:
-
- @[.TEST]TESTS
-
-If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
-it's an ugly hack!) and rebuild. Please send a bug report to
-<openssl-bugs at openssl.org>, including the output of "openssl version -a"
-and of the failed test.
-
-
-Installation:
-=============
-
-Installation is easy, just do the following:
-
- @INSTALL <root>
-
-<root> is the directory in which everything will be installed,
-subdirectories, libraries, header files, programs and startup command
-procedures.
-
-N.B.: INSTALL.COM builds a new directory structure, different from
-the directory tree where you have now build OpenSSL.
-
-In the [.VMS] subdirectory of the installation, you will find the
-following command procedures:
-
- OPENSSL_STARTUP.COM
-
- defines all needed logical names. Takes one argument that
- tells it in what logical name table to insert the logical
- names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
- call should look like this:
-
- @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
-
- OPENSSL_UTILS.COM
-
- sets up the symbols to the applications. Should be called
- from for example SYS$MANAGER:SYLOGIN.COM
-
-The logical names that are set up are the following:
-
- SSLROOT a dotted concealed logical name pointing at the
- root directory.
-
- SSLCERTS Initially an empty directory, this is the default
- location for certificate files.
- SSLMISC Various scripts.
- SSLPRIVATE Initially an empty directory, this is the default
- location for private key files.
-
- SSLEXE Contains the openssl binary and a few other utility
- programs.
- SSLINCLUDE Contains the header files needed if you want to
- compile programs with libcrypto or libssl.
- SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
- and LIBSSL.OLB) themselves.
-
- OPENSSL Same as SSLINCLUDE. This is because the standard
- way to include OpenSSL header files from version
- 0.9.3 and on is:
-
- #include <openssl/header.h>
-
- For more info on this issue, see the INSTALL. file
- (the NOTE in section 4 of "Installation in Detail").
- You don't need to "deleting old header files"!!!
-
-
-Backward portability:
-=====================
-
-One great problem when you build a library is making sure it will work
-on as many versions of VMS as possible. Especially, code compiled on
-OpenVMS version 7.x and above tend to be unusable in version 6.x or
-lower, because some C library routines have changed names internally
-(the C programmer won't usually see it, because the old name is
-maintained through C macros). One obvious solution is to make sure
-you have a development machine with an old enough version of OpenVMS.
-However, if you are stuck with a bunch of Alphas running OpenVMS version
-7.1, you seem to be out of luck. Fortunately, the DEC C header files
-are cluttered with conditionals that make some declarations and definitions
-dependent on the OpenVMS version or the C library version, *and* you
-can use those macros to simulate older OpenVMS or C library versions,
-by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
-correct values. In the compilation scripts, I've provided the possibility
-for the user to influence the creation of such macros, through a bunch of
-symbols, all having names starting with USER_. Here's the list of them:
-
- USER_CCFLAGS - Used to give additional qualifiers to the
- compiler. It can't be used to define macros
- since the scripts will do such things as well.
- To do such things, use USER_CCDEFS.
- USER_CCDEFS - Used to define macros on the command line. The
- value of this symbol will be inserted inside a
- /DEFINE=(...).
- USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
- inserted inside a /DISABLE=WARNING=(...).
-
-So, to maintain backward compatibility with older VMS versions, do the
-following before you start compiling:
-
- $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
- $ USER_CCDISABLEWARNINGS := PREOPTW
-
-The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
-that those macros have been changed.
-
-Note: Currently, this is only useful for library compilation. The
- programs will still be linked with the current version of the
- C library shareable image, and will thus complain if they are
- faced with an older version of the same C library shareable image.
- This will probably be fixed in a future revision of OpenSSL.
-
-
-Possible bugs or quirks:
-========================
-
-I'm not perfectly sure all the programs will use the SSLCERTS:
-directory by default, it may very well be that you have to give them
-extra arguments. Please experiment.
-
-
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
-- Description files. ("Makefile's" :-))
-- Script code to link an already compiled build tree.
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users at openssl.org> or to me directly if you
-have any ideas.
-
---
-Richard Levitte <richard at levitte.org>
-2000-02-27
Modified: trunk/crypto/openssl/Makefile
===================================================================
--- trunk/crypto/openssl/Makefile 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/Makefile 2015-03-07 02:55:43 UTC (rev 6971)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8zc
+VERSION=0.9.8ze
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
Modified: trunk/crypto/openssl/Makefile.bak
===================================================================
--- trunk/crypto/openssl/Makefile.bak 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/Makefile.bak 2015-03-07 02:55:43 UTC (rev 6971)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8zb-dev
+VERSION=0.9.8ze-dev
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
Modified: trunk/crypto/openssl/NEWS
===================================================================
--- trunk/crypto/openssl/NEWS 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/NEWS 2015-03-07 02:55:43 UTC (rev 6971)
@@ -5,6 +5,19 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+
+ Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
o Fix for CVE-2014-3513
Modified: trunk/crypto/openssl/README
===================================================================
--- trunk/crypto/openssl/README 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/README 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1,5 +1,5 @@
- OpenSSL 0.9.8zc 15 Oct 2014
+ OpenSSL 0.9.8ze 15 Jan 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Modified: trunk/crypto/openssl/crypto/Makefile
===================================================================
--- trunk/crypto/openssl/crypto/Makefile 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/Makefile 2015-03-07 02:55:43 UTC (rev 6971)
@@ -41,7 +41,8 @@
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
-HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
+ constant_time_locl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
Modified: trunk/crypto/openssl/crypto/asn1/a_bitstr.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_bitstr.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/a_bitstr.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -136,11 +136,16 @@
p= *pp;
i= *(p++);
+ if (i > 7)
+ {
+ i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+ goto err;
+ }
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
* on output */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
if (len-- > 1) /* using one because of the bits left byte */
{
Modified: trunk/crypto/openssl/crypto/asn1/a_type.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_type.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/a_type.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -108,3 +108,49 @@
IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+ {
+ int result = -1;
+
+ if (!a || !b || a->type != b->type) return -1;
+
+ switch (a->type)
+ {
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ case V_ASN1_BIT_STRING:
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_SEQUENCE:
+ case V_ASN1_SET:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_OTHER:
+ default:
+ result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
+ (ASN1_STRING *) b->value.ptr);
+ break;
+ }
+
+ return result;
+ }
Modified: trunk/crypto/openssl/crypto/asn1/a_verify.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_verify.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/a_verify.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -89,6 +89,12 @@
ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ goto err;
+ }
inl=i2d(data,NULL);
buf_in=OPENSSL_malloc((unsigned int)inl);
@@ -144,6 +150,12 @@
return -1;
}
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ return -1;
+ }
+
EVP_MD_CTX_init(&ctx);
i=OBJ_obj2nid(a->algorithm);
type=EVP_get_digestbyname(OBJ_nid2sn(i));
Modified: trunk/crypto/openssl/crypto/asn1/asn1.h
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/asn1.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -769,6 +769,7 @@
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1260,6 +1261,7 @@
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 200
@@ -1308,6 +1310,7 @@
#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
#define ASN1_R_TOO_LONG 155
#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE 218
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
Modified: trunk/crypto/openssl/crypto/asn1/asn1_err.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/asn1_err.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/asn1_err.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -235,6 +235,7 @@
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
@@ -283,6 +284,7 @@
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
Modified: trunk/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -866,6 +866,14 @@
}
else if (cst)
{
+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+ || utype == V_ASN1_ENUMERATED)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_PRIMITIVE);
+ return 0;
+ }
buf.length = 0;
buf.max = 0;
buf.data = NULL;
Modified: trunk/crypto/openssl/crypto/asn1/x_algor.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/x_algor.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/asn1/x_algor.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -128,3 +128,13 @@
}
}
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+ {
+ int rv;
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
+ if (rv)
+ return rv;
+ if (!a->parameter && !b->parameter)
+ return 0;
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
+ }
Modified: trunk/crypto/openssl/crypto/bn/asm/mips3.s
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/mips3.s 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/bn/asm/mips3.s 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1584,17 +1584,17 @@
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1609,63 +1609,63 @@
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1680,93 +1680,93 @@
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1781,108 +1781,108 @@
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,56(a0)
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1897,78 +1897,78 @@
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,72(a0)
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1983,48 +1983,48 @@
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,88(a0)
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -2039,17 +2039,17 @@
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,104(a0)
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2070,9 +2070,9 @@
.set reorder
ld a_0,0(a1)
ld a_1,8(a1)
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
ld a_2,16(a1)
ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
mflo c_1
mfhi c_2
sd c_1,0(a0)
@@ -2093,17 +2093,17 @@
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -2118,48 +2118,48 @@
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -2174,17 +2174,17 @@
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
Modified: trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/bn/asm/x86_64-gcc.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -269,6 +269,10 @@
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#if 0
/* original macros are kept for reference purposes */
#define mul_add_c(a,b,c0,c1,c2) { \
@@ -283,10 +287,10 @@
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#else
#define mul_add_c(a,b,c0,c1,c2) do { \
@@ -324,22 +328,14 @@
: "=a"(t1),"=d"(t2) \
: "a"(a),"m"(b) \
: "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
} while (0)
#endif
Modified: trunk/crypto/openssl/crypto/bn/bn_asm.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bn_asm.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/bn/bn_asm.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -431,6 +431,10 @@
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#ifdef BN_LLONG
#define mul_add_c(a,b,c0,c1,c2) \
t=(BN_ULLONG)a*b; \
@@ -471,10 +475,10 @@
#define mul_add_c2(a,b,c0,c1,c2) { \
BN_ULONG ta=(a),tb=(b),t0; \
BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
@@ -501,10 +505,10 @@
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
Modified: trunk/crypto/openssl/crypto/bn/bntest.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/bntest.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/bn/bntest.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -676,44 +676,98 @@
int test_sqr(BIO *bp, BN_CTX *ctx)
{
- BIGNUM a,c,d,e;
- int i;
+ BIGNUM *a,*c,*d,*e;
+ int i, ret = 0;
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
+ {
+ goto err;
+ }
for (i=0; i<num0; i++)
{
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
+ BN_bntest_rand(a,40+i*10,0,0);
+ a->neg=rand_neg();
+ BN_sqr(c,a,ctx);
if (bp != NULL)
{
if (!results)
{
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," * ");
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," - ");
}
- BN_print(bp,&c);
+ BN_print(bp,c);
BIO_puts(bp,"\n");
}
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Square test failed!\n");
- return 0;
- }
+ BN_div(d,e,c,a,ctx);
+ BN_sub(d,d,a);
+ if(!BN_is_zero(d) || !BN_is_zero(e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ goto err;
+ }
}
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+err:
+ if (a != NULL) BN_free(a);
+ if (c != NULL) BN_free(c);
+ if (d != NULL) BN_free(d);
+ if (e != NULL) BN_free(e);
+ return ret;
}
int test_mont(BIO *bp, BN_CTX *ctx)
Modified: trunk/crypto/openssl/crypto/bn/exptest.c
===================================================================
--- trunk/crypto/openssl/crypto/bn/exptest.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/bn/exptest.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -71,6 +71,11 @@
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+/*
+ * Disabled for FIPS capable builds because they use the FIPS BIGNUM library
+ * which will fail this test.
+ */
+#ifndef OPENSSL_FIPS
/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
static int test_exp_mod_zero() {
BIGNUM a, p, m;
@@ -107,7 +112,7 @@
return ret;
}
-
+#endif
int main(int argc, char *argv[])
{
BN_CTX *ctx;
@@ -228,10 +233,10 @@
CRYPTO_mem_leaks(out);
BIO_free(out);
printf("\n");
-
+#ifndef OPENSSL_FIPS
if (test_exp_mod_zero() != 0)
goto err;
-
+#endif
printf("done\n");
EXIT(0);
Modified: trunk/crypto/openssl/crypto/constant_time_locl.h
===================================================================
--- trunk/crypto/openssl/crypto/constant_time_locl.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/constant_time_locl.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -129,17 +129,12 @@
static inline unsigned int constant_time_msb(unsigned int a)
{
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+ return 0-(a >> (sizeof(a) * 8 - 1));
}
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
{
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
+ return constant_time_msb(a^((a^b)|((a-b)^b)));
}
static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
@@ -149,12 +144,7 @@
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
{
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
+ return ~constant_time_lt(a, b);
}
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
@@ -204,7 +194,7 @@
return (unsigned char)(constant_time_select(mask, a, b));
}
-inline int constant_time_select_int(unsigned int mask, int a, int b)
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
Modified: trunk/crypto/openssl/crypto/cryptlib.c
===================================================================
--- trunk/crypto/openssl/crypto/cryptlib.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/cryptlib.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -512,7 +512,7 @@
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
/* this -------------v--- guards NT-specific calls */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+ if (check_winnt() && OPENSSL_isservice() > 0)
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
const TCHAR *pmsg=buf;
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
Modified: trunk/crypto/openssl/crypto/dsa/dsa_asn1.c
===================================================================
--- trunk/crypto/openssl/crypto/dsa/dsa_asn1.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/dsa/dsa_asn1.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -200,7 +200,11 @@
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
+
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
@@ -211,10 +215,18 @@
s = DSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
DSA_SIG_free(s);
return(ret);
}
-
Modified: trunk/crypto/openssl/crypto/ecdsa/ecs_vrf.c
===================================================================
--- trunk/crypto/openssl/crypto/ecdsa/ecs_vrf.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/ecdsa/ecs_vrf.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -57,6 +57,7 @@
*/
#include "ecs_locl.h"
+#include <string.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -84,13 +85,25 @@
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
ECDSA_SIG_free(s);
return(ret);
}
Modified: trunk/crypto/openssl/crypto/evp/Makefile
===================================================================
--- trunk/crypto/openssl/crypto/evp/Makefile 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/evp/Makefile 2015-03-07 02:55:43 UTC (rev 6971)
@@ -385,8 +385,7 @@
evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_enc.o: ../../include/openssl/x509_vfy.h ../constant_time_locl.h
-evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
Modified: trunk/crypto/openssl/crypto/evp/evp_enc.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/evp_enc.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/evp/evp_enc.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -64,7 +64,6 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
-#include "../constant_time_locl.h"
#include "evp_locl.h"
#ifdef OPENSSL_FIPS
@@ -302,11 +301,11 @@
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- unsigned int i, b;
- unsigned char pad, padding_good;
+ int i,n;
+ unsigned int b;
*outl=0;
- b=(unsigned int)(ctx->cipher->block_size);
+ b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
if(ctx->buf_len)
@@ -325,34 +324,28 @@
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
- pad=ctx->final[b-1];
-
- padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
- padding_good &= constant_time_ge_8(b, pad);
-
- for (i = 1; i < b; ++i)
+ n=ctx->final[b-1];
+ if (n == 0 || n > (int)b)
{
- unsigned char is_pad_index = constant_time_lt_8(i, pad);
- unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
- padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
}
-
- /*
- * At least 1 byte is always padding, so we always write b - 1
- * bytes to avoid a timing leak. The caller is required to have |b|
- * bytes space in |out| by the API contract.
- */
- for (i = 0; i < b - 1; ++i)
- out[i] = ctx->final[i] & padding_good;
- /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- *outl = padding_good & ((unsigned char)(b - pad));
- return padding_good & 1;
+ for (i=0; i<n; i++)
+ {
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ }
+ n=ctx->cipher->block_size-n;
+ for (i=0; i<n; i++)
+ out[i]=ctx->final[i];
+ *outl=n;
}
else
- {
- *outl = 0;
- return 1;
- }
+ *outl=0;
+ return(1);
}
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
Modified: trunk/crypto/openssl/crypto/md32_common.h
===================================================================
--- trunk/crypto/openssl/crypto/md32_common.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/md32_common.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -225,8 +225,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++))) ), \
- l)
+ l|=(((unsigned long)(*((c)++))) ) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
@@ -262,8 +261,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24), \
- l)
+ l|=(((unsigned long)(*((c)++)))<<24) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
Modified: trunk/crypto/openssl/crypto/opensslv.h
===================================================================
--- trunk/crypto/openssl/crypto/opensslv.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/opensslv.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x009081cfL
+#define OPENSSL_VERSION_NUMBER 0x009081efL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zc-fips 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze-fips 15 Jan 2015"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zc 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze 15 Jan 2015"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Modified: trunk/crypto/openssl/crypto/rand/rand_win.c
===================================================================
--- trunk/crypto/openssl/crypto/rand/rand_win.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/rand/rand_win.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -196,12 +196,6 @@
DWORD w;
int good = 0;
- /* Determine the OS version we are on so we can turn off things
- * that do not work properly.
- */
- OSVERSIONINFO osverinfo ;
- osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
- GetVersionEx( &osverinfo ) ;
#if defined(OPENSSL_SYS_WINCE)
# if defined(_WIN32_WCE) && _WIN32_WCE>=300
@@ -281,57 +275,7 @@
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
- /* Wolfgang Marczy <WMarczy at topcall.co.at> reports that
- * the RegQueryValueEx call below can hang on NT4.0 (SP6).
- * So we don't use this at all for now. */
-#if 0
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
- {
- /* Read Performance Statistics from NT/2000 registry
- * The size of the performance data can vary from call
- * to call so we must guess the size of the buffer to use
- * and increase its size if we get an ERROR_MORE_DATA
- * return instead of ERROR_SUCCESS.
- */
- LONG rc=ERROR_MORE_DATA;
- char * buf=NULL;
- DWORD bufsz=0;
- DWORD length;
- while (rc == ERROR_MORE_DATA)
- {
- buf = realloc(buf,bufsz+8192);
- if (!buf)
- break;
- bufsz += 8192;
-
- length = bufsz;
- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
- NULL, NULL, buf, &length);
- }
- if (rc == ERROR_SUCCESS)
- {
- /* For entropy count assume only least significant
- * byte of each DWORD is random.
- */
- RAND_add(&length, sizeof(length), 0);
- RAND_add(buf, length, length / 4.0);
-
- /* Close the Registry Key to allow Windows to cleanup/close
- * the open handle
- * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
- * when the RegQueryValueEx above is done. However, if
- * it is not explicitly closed, it can cause disk
- * partition manipulation problems.
- */
- RegCloseKey(HKEY_PERFORMANCE_DATA);
- }
- if (buf)
- free(buf);
- }
-#endif
-
if (advapi)
{
/*
@@ -383,7 +327,7 @@
if (advapi)
FreeLibrary(advapi);
- if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
+ if ((!check_winnt() ||
!OPENSSL_isservice()) &&
(user = LoadLibrary(TEXT("USER32.DLL"))))
{
@@ -407,8 +351,7 @@
* on NT4 even though it exists in SP3 (or SP6) and
* higher.
*/
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
+ if (check_winnt() && !check_win_minplat(5))
cursor = 0;
}
if (cursor)
@@ -750,7 +693,7 @@
int y; /* y-coordinate of screen lines to grab */
int n = 16; /* number of screen lines to grab at a time */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+ if (check_winnt() && OPENSSL_isservice()>0)
return;
/* Create a screen DC and a memory DC compatible to screen DC */
Modified: trunk/crypto/openssl/crypto/rsa/rsa_oaep.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_oaep.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/rsa/rsa_oaep.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -18,7 +18,7 @@
* an equivalent notion.
*/
-#include "../constant_time_locl.h"
+#include "constant_time_locl.h"
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
#include <stdio.h>
Modified: trunk/crypto/openssl/crypto/rsa/rsa_pk1.c
===================================================================
--- trunk/crypto/openssl/crypto/rsa/rsa_pk1.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/rsa/rsa_pk1.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-#include "../constant_time_locl.h"
+#include "constant_time_locl.h"
#include <stdio.h>
#include "cryptlib.h"
Modified: trunk/crypto/openssl/crypto/x509/x509.h
===================================================================
--- trunk/crypto/openssl/crypto/x509/x509.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/x509/x509.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -870,6 +870,7 @@
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
Modified: trunk/crypto/openssl/crypto/x509/x_all.c
===================================================================
--- trunk/crypto/openssl/crypto/x509/x_all.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/crypto/x509/x_all.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -73,6 +73,8 @@
int X509_verify(X509 *a, EVP_PKEY *r)
{
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+ return 0;
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
a->signature,a->cert_info,r));
}
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 2015-03-07 02:55:43 UTC (rev 6971)
@@ -61,12 +61,16 @@
flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
return after the handshake and successful completion.
-=item SSL_MODE_FALLBACK_SCSV
+=item SSL_MODE_SEND_FALLBACK_SCSV
Send TLS_FALLBACK_SCSV in the ClientHello.
-To be set by applications that reconnect with a downgraded protocol
+To be set only by applications that reconnect with a downgraded protocol
version; see draft-ietf-tls-downgrade-scsv-00 for details.
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
=back
=head1 RETURN VALUES
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 2015-03-07 02:55:43 UTC (rev 6971)
@@ -152,15 +152,7 @@
=item SSL_OP_EPHEMERAL_RSA
-Always use ephemeral (temporary) RSA key when doing RSA operations
-(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
-According to the specifications this is only done, when a RSA key
-can only be used for signature operations (namely under export ciphers
-with restricted RSA keylength). By setting this option, ephemeral
-RSA keys are always used. This option breaks compatibility with the
-SSL/TLS specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with EDH (ephemeral
-Diffie-Hellman) key exchange should be used instead.
+This option is no longer implemented and is treated as no op.
=item SSL_OP_CIPHER_SERVER_PREFERENCE
Modified: trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
===================================================================
--- trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-03-07 02:55:43 UTC (rev 6971)
@@ -74,22 +74,15 @@
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
-and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
-standard. When ephemeral RSA key exchange is required for export ciphers,
-it will automatically be used without this option!
+An application may either directly specify the key or can supply the key via a
+callback function. The callback approach has the advantage, that the callback
+may generate the key only in case it is actually needed. As the generation of a
+RSA key is however costly, it will lead to a significant delay in the handshake
+procedure. Another advantage of the callback function is that it can supply
+keys of different size while the explicit setting of the key is only useful for
+key size of 512 bits to satisfy the export restricted ciphers and does give
+away key length if a longer key would be allowed.
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a RSA key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
-
The B<tmp_rsa_callback> is called with the B<keylength> needed and
the B<is_export> information. The B<is_export> flag is set, when the
ephemeral RSA key exchange is performed with an export cipher.
Modified: trunk/crypto/openssl/e_os.h
===================================================================
--- trunk/crypto/openssl/e_os.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/e_os.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -275,7 +275,7 @@
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
+static __inline unsigned int _strlen31(const char *str)
{
unsigned int len=0;
while (*str && len<0x80000000U) str++, len++;
@@ -360,13 +360,13 @@
# define DEFAULT_HOME "C:"
# endif
-/*
- * Visual Studio: inline is available in C++ only, however
- * __inline is available for C, see
- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
- */
-#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline)
-# define inline __inline
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+#if defined(_MSC_VER) && _MSC_VER>=1800
+# define check_winnt() (1)
+# define check_win_minplat(x) (1)
+#else
+# define check_winnt() (GetVersion() < 0x80000000)
+# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
#endif
#else /* The non-microsoft world */
@@ -711,6 +711,23 @@
#endif
/* end vxworks */
+#if !defined(inline) && !defined(__cplusplus)
+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+ /* do nothing, inline works */
+# elif defined(__GNUC__) && __GNUC__>=2
+# define inline __inline__
+# elif defined(_MSC_VER)
+ /*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+# define inline __inline
+# else
+# define inline
+# endif
+#endif
+
#ifdef __cplusplus
}
#endif
Modified: trunk/crypto/openssl/openssl.spec
===================================================================
--- trunk/crypto/openssl/openssl.spec 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/openssl.spec 2015-03-07 02:55:43 UTC (rev 6971)
@@ -6,7 +6,7 @@
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 0.9.8zc
+Version: 0.9.8ze
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Modified: trunk/crypto/openssl/ssl/d1_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_pkt.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/d1_pkt.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -595,8 +595,6 @@
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
i=rr->length;
n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
/* this packet contained a partial record, dump it */
if ( n != i)
{
@@ -626,7 +624,8 @@
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
{
rr->length = 0;
Modified: trunk/crypto/openssl/ssl/d1_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/d1_srvr.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/d1_srvr.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -371,23 +371,11 @@
/* clear this, it may get reset by
* send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange, fortezza or
* RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
- || (l & (SSL_DH|SSL_kFZA))
+ if ((l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
Modified: trunk/crypto/openssl/ssl/s23_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s23_srvr.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/s23_srvr.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -559,12 +559,14 @@
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
Modified: trunk/crypto/openssl/ssl/s3_clnt.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_clnt.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/s3_clnt.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1123,8 +1123,21 @@
if (!ok) return((int)n);
+ alg=s->s3->tmp.new_cipher->algorithms;
+ EVP_MD_CTX_init(&md_ctx);
+
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg & (SSL_kEDH|SSL_kECDHE))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
s->s3->tmp.reuse_message=1;
return(1);
}
@@ -1162,13 +1175,18 @@
/* Total length of the parameters including the length prefix */
param_len=0;
- alg=s->s3->tmp.new_cipher->algorithms;
- EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR;
#ifndef OPENSSL_NO_RSA
if (alg & SSL_kRSA)
{
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
if ((rsa=RSA_new()) == NULL)
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
Modified: trunk/crypto/openssl/ssl/s3_pkt.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_pkt.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/s3_pkt.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -147,6 +147,8 @@
* at once (as long as it fits into the buffer). */
if (SSL_version(s) == DTLS1_VERSION)
{
+ if (s->s3->rbuf.left == 0 && extend)
+ return 0;
if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
n = s->s3->rbuf.left;
}
Modified: trunk/crypto/openssl/ssl/s3_srvr.c
===================================================================
--- trunk/crypto/openssl/ssl/s3_srvr.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/s3_srvr.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -355,18 +355,7 @@
/* clear this, it may get reset by
* send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange, fortezza or
@@ -378,8 +367,7 @@
* server certificate contains the server's
* public key for key exchange.
*/
- if (s->s3->tmp.use_rsa_tmp
- || (l & SSL_kECDHE)
+ if ((l & SSL_kECDHE)
|| (l & (SSL_DH|SSL_kFZA))
|| ((l & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -2412,7 +2400,7 @@
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
+ if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
Modified: trunk/crypto/openssl/ssl/ssl.h
===================================================================
--- trunk/crypto/openssl/ssl/ssl.h 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/ssl.h 2015-03-07 02:55:43 UTC (rev 6971)
@@ -526,9 +526,8 @@
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibiity */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -564,8 +563,13 @@
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
Modified: trunk/crypto/openssl/ssl/ssl_lib.c
===================================================================
--- trunk/crypto/openssl/ssl/ssl_lib.c 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/ssl/ssl_lib.c 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1401,6 +1401,7 @@
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
+ p += n;
continue;
}
Modified: trunk/crypto/openssl/util/libeay.num
===================================================================
--- trunk/crypto/openssl/util/libeay.num 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/util/libeay.num 2015-03-07 02:55:43 UTC (rev 6971)
@@ -1807,6 +1807,7 @@
X509_REQ_digest 2362 EXIST::FUNCTION:EVP
X509_CRL_digest 2391 EXIST::FUNCTION:EVP
d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
+X509_ALGOR_cmp 2398 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
@@ -3730,3 +3731,4 @@
pqueue_size 4114 EXIST::FUNCTION:
OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
+ASN1_TYPE_cmp 4428 EXIST::FUNCTION:
Modified: trunk/crypto/openssl/util/mk1mf.pl
===================================================================
--- trunk/crypto/openssl/util/mk1mf.pl 2015-03-07 00:08:20 UTC (rev 6970)
+++ trunk/crypto/openssl/util/mk1mf.pl 2015-03-07 02:55:43 UTC (rev 6971)
@@ -786,12 +786,6 @@
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
{
if ($cpuid_asm_obj ne "")
More information about the Midnightbsd-cvs
mailing list