[openssl-commits] [openssl] OpenSSL_1_0_0-stable update
Matt Caswell
matt at openssl.org
Thu Jan 8 15:23:20 UTC 2015
The branch OpenSSL_1_0_0-stable has been updated
via a98051fb47eed17baced30fa70e009f4c9608635 (commit)
via 225628f280d79dda31d135f96e231807d06e38c3 (commit)
via ca39b261bf54dc8138d93f3b07c6cc61d2e11f6c (commit)
via c1beec0e6dd4325210f4e42ddf2fb97c32dda45b (commit)
via b095884a58876ccd3e65f620b7f80d61b4bce687 (commit)
via f7fe3d235abf201343c20a59f9d9c8957acc62ff (commit)
via b2688c91613566db1f42edd4b45f6e17146531b9 (commit)
via bf6fa208b5c081c041f267c4c0352c686fa8d8a5 (commit)
via eb37b6aa41c2916c386bce5872b0f90dc22b4247 (commit)
from f66f76a24a5bb3c1e51dce56c9e6de23d72a5531 (commit)
- Log -----------------------------------------------------------------
commit a98051fb47eed17baced30fa70e009f4c9608635
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 8 14:23:38 2015 +0000
Prepare for 1.0.0q-dev
Reviewed-by: Stephen Henson <steve at openssl.org>
commit 225628f280d79dda31d135f96e231807d06e38c3
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 8 14:21:42 2015 +0000
Prepare for 1.0.0p release
Reviewed-by: Stephen Henson <steve at openssl.org>
commit ca39b261bf54dc8138d93f3b07c6cc61d2e11f6c
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 8 14:21:42 2015 +0000
make update
Reviewed-by: Stephen Henson <steve at openssl.org>
commit c1beec0e6dd4325210f4e42ddf2fb97c32dda45b
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 8 13:31:01 2015 +0000
CHANGES and NEWS updates for release
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Steve Henson <steve at openssl.org>
commit b095884a58876ccd3e65f620b7f80d61b4bce687
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jan 7 14:18:13 2015 +0000
A memory leak can occur in dtls1_buffer_record if either of the calls to
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.
Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.
CVE-2015-0206
Reviewed-by: Dr Stephen Henson <steve at openssl.org>
(cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862)
commit f7fe3d235abf201343c20a59f9d9c8957acc62ff
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Oct 23 20:36:17 2014 +0100
Unauthenticated DH client certificate fix.
Fix to prevent use of DH client certificates without sending
certificate verify message.
If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.
We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.
Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt at openssl.org>
commit b2688c91613566db1f42edd4b45f6e17146531b9
Author: Matt Caswell <matt at openssl.org>
Date: Sat Jan 3 00:54:35 2015 +0000
Follow on from CVE-2014-3571. This fixes the code that was the original source
of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.
Conflicts:
ssl/d1_pkt.c
Reviewed-by: Dr Stephen Henson <steve at openssl.org>
commit bf6fa208b5c081c041f267c4c0352c686fa8d8a5
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Jan 3 00:45:13 2015 +0000
Fix crash in dtls1_get_record whilst in the listen state where you get two
separate reads performed - one for the header and one for the body of the
handshake record.
CVE-2014-3571
Reviewed-by: Matt Caswell <matt at openssl.org>
commit eb37b6aa41c2916c386bce5872b0f90dc22b4247
Author: Andy Polyakov <appro at openssl.org>
Date: Mon Jan 5 14:52:56 2015 +0100
Fix for CVE-2014-3570.
Reviewed-by: Emilia Kasper <emilia at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 53 ++++-
NEWS | 13 +-
README | 2 +-
crypto/bn/asm/mips3.s | 514 ++++++++++++++++++++++----------------------
crypto/bn/asm/x86_64-gcc.c | 34 ++-
crypto/bn/bn_asm.c | 16 +-
crypto/bn/bntest.c | 102 ++++++---
crypto/ecdsa/Makefile | 13 +-
crypto/opensslv.h | 6 +-
openssl.spec | 2 +-
ssl/d1_pkt.c | 35 +--
ssl/s3_pkt.c | 2 +
ssl/s3_srvr.c | 2 +-
13 files changed, 461 insertions(+), 333 deletions(-)
diff --git a/CHANGES b/CHANGES
index bc92912..e52cb9e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,8 +2,35 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.0o and 1.0.0p [xx XXX xxxx]
-
+ Changes between 1.0.0p and 1.0.0q [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.0o and 1.0.0p [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+ dtls1_buffer_record function under certain conditions. In particular this
+ could occur if an attacker sent repeated DTLS records with the same
+ sequence number but for the next epoch. The memory leak could be exploited
+ by an attacker in a Denial of Service attack through memory exhaustion.
+ Thanks to Chris Mueller for reporting this issue.
+ (CVE-2015-0206)
+ [Matt Caswell]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
@@ -21,6 +48,28 @@
(CVE-2015-0204)
[Steve Henson]
+ *) Fixed issue where DH client certificates are accepted without verification.
+ An OpenSSL server will accept a DH certificate for client authentication
+ without the certificate verify message. This effectively allows a client to
+ authenticate without the use of a private key. This only affects servers
+ which trust a client certificate authority which issues certificates
+ containing DH keys: these are extremely rare and hardly ever encountered.
+ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+ this issue.
+ (CVE-2015-0205)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
*) Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
diff --git a/NEWS b/NEWS
index 84cef1a..0a8846b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,21 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [under development]
+ Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [under development]
o
+ Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2015-0206
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2015-0205
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014]
o Fix for CVE-2014-3513
diff --git a/README b/README
index 8ee9bb1..9bc6659 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.0p-dev
+ OpenSSL 1.0.0q-dev
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s
index dca4105..8ced51b 100644
--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,56(a0)
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,72(a0)
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,88(a0)
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
sd c_2,104(a0)
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4)
.set reorder
ld a_0,0(a1)
ld a_1,8(a1)
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
ld a_2,16(a1)
ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
mflo c_1
mfhi c_2
sd c_1,0(a0)
@@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -2118,48 +2118,48 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
- daddu t_2,AT
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
daddu c_2,t_2
- sltu AT,c_2,t_2
daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
sd c_1,24(a0)
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
- daddu t_2,AT
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -2174,17 +2174,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
- daddu t_2,AT
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
sd c_3,40(a0)
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
index 31476ab..2d39407 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#if 0
/* original macros are kept for reference purposes */
#define mul_add_c(a,b,c0,c1,c2) { \
@@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#else
#define mul_add_c(a,b,c0,c1,c2) do { \
@@ -328,22 +332,14 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
: "=a"(t1),"=d"(t2) \
: "a"(a),"m"(b) \
: "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
} while (0)
#endif
diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
index c43c91c..a33b634 100644
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#ifdef BN_LLONG
#define mul_add_c(a,b,c0,c1,c2) \
t=(BN_ULLONG)a*b; \
@@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
#define mul_add_c2(a,b,c0,c1,c2) { \
BN_ULONG ta=(a),tb=(b),t0; \
BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
@@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 0cd99c5..0ca9ba3 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -676,44 +676,98 @@ int test_mul(BIO *bp)
int test_sqr(BIO *bp, BN_CTX *ctx)
{
- BIGNUM a,c,d,e;
- int i;
+ BIGNUM *a,*c,*d,*e;
+ int i, ret = 0;
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
+ {
+ goto err;
+ }
for (i=0; i<num0; i++)
{
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
+ BN_bntest_rand(a,40+i*10,0,0);
+ a->neg=rand_neg();
+ BN_sqr(c,a,ctx);
if (bp != NULL)
{
if (!results)
{
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," * ");
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," - ");
}
- BN_print(bp,&c);
+ BN_print(bp,c);
BIO_puts(bp,"\n");
}
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Square test failed!\n");
- return 0;
- }
+ BN_div(d,e,c,a,ctx);
+ BN_sub(d,d,a);
+ if(!BN_is_zero(d) || !BN_is_zero(e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ goto err;
+ }
}
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+err:
+ if (a != NULL) BN_free(a);
+ if (c != NULL) BN_free(c);
+ if (d != NULL) BN_free(d);
+ if (e != NULL) BN_free(e);
+ return ret;
}
int test_mont(BIO *bp, BN_CTX *ctx)
diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile
index e89e0c0..60c876d 100644
--- a/crypto/ecdsa/Makefile
+++ b/crypto/ecdsa/Makefile
@@ -126,15 +126,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ecs_sign.o: ecs_locl.h ecs_sign.c
-ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 87a6a81..b871e00 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10000100L
+#define OPENSSL_VERSION_NUMBER 0x10000110L
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0p-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-fips-dev xx XXX xxxx"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0p-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-dev xx XXX xxxx"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl.spec b/openssl.spec
index 1804d20..a6e807f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.0p
+Version: 1.0.0q
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 8004528..003d620 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
-
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
@@ -239,18 +239,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
return(1);
@@ -306,8 +310,9 @@ dtls1_process_buffered_records(SSL *s)
dtls1_get_unprocessed_record(s);
if ( ! dtls1_process_record(s))
return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->processed_rcds),
+ s->s3->rrec.seq_num)<0)
+ return -1;
}
}
@@ -522,7 +527,6 @@ printf("\n");
/* we have pulled in a full packet so zero things */
s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
f_err:
@@ -555,7 +559,8 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- dtls1_process_buffered_records(s);
+ if(dtls1_process_buffered_records(s)<0)
+ return -1;
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -634,8 +639,6 @@ again:
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
i=rr->length;
n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
/* this packet contained a partial record, dump it */
if ( n != i)
{
@@ -665,7 +668,8 @@ again:
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;
@@ -685,7 +689,9 @@ again:
{
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
+ return -1;
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
}
rr->length = 0;
s->packet_length = 0;
@@ -698,6 +704,7 @@ again:
s->packet_length = 0; /* dump this record */
goto again; /* get another record */
}
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
return(1);
@@ -830,7 +837,11 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0)
+ {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
rr->length = 0;
goto start;
}
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 92a65c3..000f326 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -182,6 +182,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
* at once (as long as it fits into the buffer). */
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
+ if (left == 0 && extend)
+ return 0;
if (left > 0 && n > left)
n = left;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0dce557..df51bf9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2765,7 +2765,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type & EVP_PKT_SIGN))
+ if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
More information about the openssl-commits
mailing list