SF.net SVN: gar:[23767] csw/mgar/pkg/openssl1/trunk
chninkel at users.sourceforge.net
chninkel at users.sourceforge.net
Thu Jun 5 16:11:41 CEST 2014
Revision: 23767
http://sourceforge.net/p/gar/code/23767
Author: chninkel
Date: 2014-06-05 14:11:41 +0000 (Thu, 05 Jun 2014)
Log Message:
-----------
openssl1/trunk: remove backported patches
Modified Paths:
--------------
csw/mgar/pkg/openssl1/trunk/Makefile
Removed Paths:
-------------
csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0076.patch
csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0160.patch
Modified: csw/mgar/pkg/openssl1/trunk/Makefile
===================================================================
--- csw/mgar/pkg/openssl1/trunk/Makefile 2014-06-05 13:14:40 UTC (rev 23766)
+++ csw/mgar/pkg/openssl1/trunk/Makefile 2014-06-05 14:11:41 UTC (rev 23767)
@@ -107,10 +107,6 @@
PATCHFILES += more_configure_targets.patch$(PATCH_SUFFIX)
-PATCHFILES += CVE-2014-0076.patch
-PATCHFILES += CVE-2014-0160.patch
-
-
#PATCHFILES += fix-test-failure.patch
# We install engines libraries in /opt/csw/lib/engines/1.0.0/
Deleted: csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0076.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0076.patch 2014-06-05 13:14:40 UTC (rev 23766)
+++ csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0076.patch 2014-06-05 14:11:41 UTC (rev 23767)
@@ -1,167 +0,0 @@
-Description: fix side-channel attack on Montgomery ladder implementation
-Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332
-Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923
-
-Index: openssl-1.0.1f/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn.h 2014-01-06 08:47:42.000000000 -0500
-+++ openssl-1.0.1f/crypto/bn/bn.h 2014-04-07 15:37:00.924343048 -0400
-@@ -538,6 +538,8 @@
- BIGNUM *BN_mod_sqrt(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-
-+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-+
- /* Deprecated versions */
- #ifndef OPENSSL_NO_DEPRECATED
- BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-@@ -774,11 +776,20 @@
-
- #define bn_fix_top(a) bn_check_top(a)
-
-+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-+#define bn_wcheck_size(bn, words) \
-+ do { \
-+ const BIGNUM *_bnum2 = (bn); \
-+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
-+ } while(0)
-+
- #else /* !BN_DEBUG */
-
- #define bn_pollute(a)
- #define bn_check_top(a)
- #define bn_fix_top(a) bn_correct_top(a)
-+#define bn_check_size(bn, bits)
-+#define bn_wcheck_size(bn, words)
-
- #endif
-
-Index: openssl-1.0.1f/crypto/bn/bn_lib.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn_lib.c 2014-01-06 08:47:42.000000000 -0500
-+++ openssl-1.0.1f/crypto/bn/bn_lib.c 2014-04-07 15:37:00.924343048 -0400
-@@ -824,3 +824,55 @@
- }
- return bn_cmp_words(a,b,cl);
- }
-+
-+/*
-+ * Constant-time conditional swap of a and b.
-+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
-+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
-+ * and that no more than nwords are used by either a or b.
-+ * a and b cannot be the same number
-+ */
-+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-+ {
-+ BN_ULONG t;
-+ int i;
-+
-+ bn_wcheck_size(a, nwords);
-+ bn_wcheck_size(b, nwords);
-+
-+ assert(a != b);
-+ assert((condition & (condition - 1)) == 0);
-+ assert(sizeof(BN_ULONG) >= sizeof(int));
-+
-+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-+
-+ t = (a->top^b->top) & condition;
-+ a->top ^= t;
-+ b->top ^= t;
-+
-+#define BN_CONSTTIME_SWAP(ind) \
-+ do { \
-+ t = (a->d[ind] ^ b->d[ind]) & condition; \
-+ a->d[ind] ^= t; \
-+ b->d[ind] ^= t; \
-+ } while (0)
-+
-+
-+ switch (nwords) {
-+ default:
-+ for (i = 10; i < nwords; i++)
-+ BN_CONSTTIME_SWAP(i);
-+ /* Fallthrough */
-+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-+ case 1: BN_CONSTTIME_SWAP(0);
-+ }
-+#undef BN_CONSTTIME_SWAP
-+}
-Index: openssl-1.0.1f/crypto/ec/ec2_mult.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c 2014-01-06 08:47:42.000000000 -0500
-+++ openssl-1.0.1f/crypto/ec/ec2_mult.c 2014-04-07 15:37:00.924343048 -0400
-@@ -208,11 +208,15 @@
- return ret;
- }
-
-+
- /* Computes scalar*point and stores the result in r.
- * point can not equal r.
-- * Uses algorithm 2P of
-+ * Uses a modified algorithm 2P of
- * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation" (CHES '99, LNCS 1717).
-+ *
-+ * To protect against side-channel attack the function uses constant time swap,
-+ * avoiding conditional branches.
- */
- static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- const EC_POINT *point, BN_CTX *ctx)
-@@ -246,6 +250,11 @@
- x2 = &r->X;
- z2 = &r->Y;
-
-+ bn_wexpand(x1, group->field.top);
-+ bn_wexpand(z1, group->field.top);
-+ bn_wexpand(x2, group->field.top);
-+ bn_wexpand(z2, group->field.top);
-+
- if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
- if (!BN_one(z1)) goto err; /* z1 = 1 */
- if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
-@@ -270,16 +279,12 @@
- word = scalar->d[i];
- while (mask)
- {
-- if (word & mask)
-- {
-- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
-- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
-- }
-- else
-- {
-- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-- }
-+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
-+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
-+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-+ BN_consttime_swap(word & mask, x1, x2, group->field.top);
-+ BN_consttime_swap(word & mask, z1, z2, group->field.top);
- mask >>= 1;
- }
- mask = BN_TBIT;
-Index: openssl-1.0.1f/util/libeay.num
-===================================================================
---- openssl-1.0.1f.orig/util/libeay.num 2014-01-06 09:35:55.000000000 -0500
-+++ openssl-1.0.1f/util/libeay.num 2014-04-07 15:37:03.976343033 -0400
-@@ -3511,6 +3511,7 @@
- d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
- i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
- CRYPTO_memcmp 3906 EXIST::FUNCTION:
-+BN_consttime_swap 3907 EXIST::FUNCTION:
- SEED_decrypt 3908 EXIST::FUNCTION:SEED
- SEED_encrypt 3909 EXIST::FUNCTION:SEED
- SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
Deleted: csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0160.patch
===================================================================
--- csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0160.patch 2014-06-05 13:14:40 UTC (rev 23766)
+++ csw/mgar/pkg/openssl1/trunk/files/CVE-2014-0160.patch 2014-06-05 14:11:41 UTC (rev 23767)
@@ -1,94 +0,0 @@
-Description: fix memory disclosure in TLS heartbeat extension
-Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
-
-Index: openssl-1.0.1c/ssl/d1_both.c
-===================================================================
---- openssl-1.0.1c.orig/ssl/d1_both.c 2014-04-07 15:44:25.208340860 -0400
-+++ openssl-1.0.1c/ssl/d1_both.c 2014-04-07 15:44:25.204340860 -0400
-@@ -1458,26 +1458,36 @@
- unsigned int payload;
- unsigned int padding = 16; /* Use minimum padding */
-
-- /* Read type and payload length first */
-- hbtype = *p++;
-- n2s(p, payload);
-- pl = p;
--
- if (s->msg_callback)
- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
- &s->s3->rrec.data[0], s->s3->rrec.length,
- s, s->msg_callback_arg);
-
-+ /* Read type and payload length first */
-+ if (1 + 2 + 16 > s->s3->rrec.length)
-+ return 0; /* silently discard */
-+ hbtype = *p++;
-+ n2s(p, payload);
-+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
-+ return 0; /* silently discard per RFC 6520 sec. 4 */
-+ pl = p;
-+
- if (hbtype == TLS1_HB_REQUEST)
- {
- unsigned char *buffer, *bp;
-+ unsigned int write_length = 1 /* heartbeat type */ +
-+ 2 /* heartbeat length */ +
-+ payload + padding;
- int r;
-
-+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
-+ return 0;
-+
- /* Allocate memory for the response, size is 1 byte
- * message type, plus 2 bytes payload length, plus
- * payload, plus padding
- */
-- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
-+ buffer = OPENSSL_malloc(write_length);
- bp = buffer;
-
- /* Enter response type, length and copy payload */
-@@ -1488,11 +1498,11 @@
- /* Random padding */
- RAND_pseudo_bytes(bp, padding);
-
-- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
-+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
-
- if (r >= 0 && s->msg_callback)
- s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-- buffer, 3 + payload + padding,
-+ buffer, write_length,
- s, s->msg_callback_arg);
-
- OPENSSL_free(buffer);
-Index: openssl-1.0.1c/ssl/t1_lib.c
-===================================================================
---- openssl-1.0.1c.orig/ssl/t1_lib.c 2014-04-07 15:44:25.208340860 -0400
-+++ openssl-1.0.1c/ssl/t1_lib.c 2014-04-07 15:44:25.204340860 -0400
-@@ -2441,16 +2441,20 @@
- unsigned int payload;
- unsigned int padding = 16; /* Use minimum padding */
-
-- /* Read type and payload length first */
-- hbtype = *p++;
-- n2s(p, payload);
-- pl = p;
--
- if (s->msg_callback)
- s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
- &s->s3->rrec.data[0], s->s3->rrec.length,
- s, s->msg_callback_arg);
-
-+ /* Read type and payload length first */
-+ if (1 + 2 + 16 > s->s3->rrec.length)
-+ return 0; /* silently discard */
-+ hbtype = *p++;
-+ n2s(p, payload);
-+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
-+ return 0; /* silently discard per RFC 6520 sec. 4 */
-+ pl = p;
-+
- if (hbtype == TLS1_HB_REQUEST)
- {
- unsigned char *buffer, *bp;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list