Date: Tue, 2 Apr 2013 17:34:42 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r249029 - in releng: 8.3 8.3/crypto/openssl 8.3/crypto/openssl/apps 8.3/crypto/openssl/crypto 8.3/crypto/openssl/crypto/asn1 8.3/crypto/openssl/crypto/bio 8.3/crypto/openssl/crypto/bn 8... Message-ID: <201304021734.r32HYgxX076233@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Apr 2 17:34:42 2013 New Revision: 249029 URL: http://svnweb.freebsd.org/changeset/base/249029 Log: Fix OpenSSL multiple vulnerabilities. [13:03] Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Approved by: so Added: releng/8.3/crypto/openssl/ssl/s3_cbc.c releng/9.0/crypto/openssl/ssl/s3_cbc.c releng/9.1/crypto/openssl/ssl/s3_cbc.c Modified: releng/8.3/UPDATING releng/8.3/crypto/openssl/CHANGES releng/8.3/crypto/openssl/Configure releng/8.3/crypto/openssl/FAQ releng/8.3/crypto/openssl/LICENSE releng/8.3/crypto/openssl/Makefile releng/8.3/crypto/openssl/NEWS releng/8.3/crypto/openssl/README releng/8.3/crypto/openssl/apps/apps.c releng/8.3/crypto/openssl/apps/asn1pars.c releng/8.3/crypto/openssl/apps/cms.c releng/8.3/crypto/openssl/apps/dhparam.c releng/8.3/crypto/openssl/apps/openssl.cnf releng/8.3/crypto/openssl/apps/pkcs12.c releng/8.3/crypto/openssl/apps/s_client.c releng/8.3/crypto/openssl/apps/s_server.c releng/8.3/crypto/openssl/apps/x509.c releng/8.3/crypto/openssl/config releng/8.3/crypto/openssl/crypto/asn1/a_object.c releng/8.3/crypto/openssl/crypto/asn1/a_strex.c releng/8.3/crypto/openssl/crypto/asn1/a_strnid.c releng/8.3/crypto/openssl/crypto/asn1/a_verify.c releng/8.3/crypto/openssl/crypto/asn1/asn1.h releng/8.3/crypto/openssl/crypto/asn1/asn_mime.c releng/8.3/crypto/openssl/crypto/asn1/x_name.c releng/8.3/crypto/openssl/crypto/asn1/x_pubkey.c releng/8.3/crypto/openssl/crypto/bio/bf_buff.c releng/8.3/crypto/openssl/crypto/bio/bio.h releng/8.3/crypto/openssl/crypto/bio/bss_dgram.c releng/8.3/crypto/openssl/crypto/bn/asm/mo-586.pl releng/8.3/crypto/openssl/crypto/bn/asm/ppc.pl releng/8.3/crypto/openssl/crypto/bn/bn_blind.c releng/8.3/crypto/openssl/crypto/bn/bn_gf2m.c releng/8.3/crypto/openssl/crypto/bn/bn_word.c releng/8.3/crypto/openssl/crypto/cms/cms.h releng/8.3/crypto/openssl/crypto/cms/cms_enc.c releng/8.3/crypto/openssl/crypto/cms/cms_env.c releng/8.3/crypto/openssl/crypto/cms/cms_io.c releng/8.3/crypto/openssl/crypto/cms/cms_lcl.h releng/8.3/crypto/openssl/crypto/cms/cms_smime.c releng/8.3/crypto/openssl/crypto/comp/c_rle.c releng/8.3/crypto/openssl/crypto/conf/conf_api.c releng/8.3/crypto/openssl/crypto/cryptlib.c releng/8.3/crypto/openssl/crypto/crypto.h releng/8.3/crypto/openssl/crypto/ec/ec2_smpl.c releng/8.3/crypto/openssl/crypto/ec/ec_key.c releng/8.3/crypto/openssl/crypto/ec/ecp_smpl.c releng/8.3/crypto/openssl/crypto/ecdsa/ecdsatest.c releng/8.3/crypto/openssl/crypto/ecdsa/ecs_ossl.c releng/8.3/crypto/openssl/crypto/evp/evp_test.c releng/8.3/crypto/openssl/crypto/o_init.c releng/8.3/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/8.3/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/8.3/crypto/openssl/crypto/opensslv.h releng/8.3/crypto/openssl/crypto/perlasm/cbc.pl releng/8.3/crypto/openssl/crypto/pkcs7/pk7_smime.c releng/8.3/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl releng/8.3/crypto/openssl/crypto/rc4/rc4_skey.c releng/8.3/crypto/openssl/crypto/rsa/rsa_eay.c releng/8.3/crypto/openssl/crypto/rsa/rsa_oaep.c releng/8.3/crypto/openssl/crypto/symhacks.h releng/8.3/crypto/openssl/crypto/x509/x509_vfy.c releng/8.3/crypto/openssl/crypto/x509v3/v3_addr.c releng/8.3/crypto/openssl/crypto/x509v3/v3_asid.c releng/8.3/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/8.3/crypto/openssl/doc/apps/CA.pl.pod releng/8.3/crypto/openssl/doc/apps/ca.pod releng/8.3/crypto/openssl/doc/apps/dgst.pod releng/8.3/crypto/openssl/doc/crypto/engine.pod releng/8.3/crypto/openssl/doc/ssl/SSL_clear.pod releng/8.3/crypto/openssl/engines/e_capi.c releng/8.3/crypto/openssl/engines/e_capi_err.h releng/8.3/crypto/openssl/fips/fips_canister.c releng/8.3/crypto/openssl/openssl.spec releng/8.3/crypto/openssl/ssl/Makefile releng/8.3/crypto/openssl/ssl/bio_ssl.c releng/8.3/crypto/openssl/ssl/d1_both.c releng/8.3/crypto/openssl/ssl/d1_clnt.c releng/8.3/crypto/openssl/ssl/d1_enc.c releng/8.3/crypto/openssl/ssl/d1_lib.c releng/8.3/crypto/openssl/ssl/d1_pkt.c releng/8.3/crypto/openssl/ssl/d1_srvr.c releng/8.3/crypto/openssl/ssl/s2_clnt.c releng/8.3/crypto/openssl/ssl/s2_pkt.c releng/8.3/crypto/openssl/ssl/s2_srvr.c releng/8.3/crypto/openssl/ssl/s3_both.c releng/8.3/crypto/openssl/ssl/s3_clnt.c releng/8.3/crypto/openssl/ssl/s3_enc.c releng/8.3/crypto/openssl/ssl/s3_lib.c releng/8.3/crypto/openssl/ssl/s3_pkt.c releng/8.3/crypto/openssl/ssl/s3_srvr.c releng/8.3/crypto/openssl/ssl/ssl.h releng/8.3/crypto/openssl/ssl/ssl_ciph.c releng/8.3/crypto/openssl/ssl/ssl_err.c releng/8.3/crypto/openssl/ssl/ssl_lib.c releng/8.3/crypto/openssl/ssl/ssl_locl.h releng/8.3/crypto/openssl/ssl/t1_enc.c releng/8.3/crypto/openssl/ssl/t1_lib.c releng/8.3/crypto/openssl/util/fipslink.pl releng/8.3/crypto/openssl/util/libeay.num releng/8.3/crypto/openssl/util/mkerr.pl releng/8.3/crypto/openssl/util/pl/VC-32.pl releng/8.3/secure/lib/libcrypto/Makefile.inc releng/8.3/secure/lib/libssl/Makefile releng/8.3/sys/conf/newvers.sh releng/9.0/UPDATING releng/9.0/crypto/openssl/CHANGES releng/9.0/crypto/openssl/Configure releng/9.0/crypto/openssl/FAQ releng/9.0/crypto/openssl/LICENSE releng/9.0/crypto/openssl/Makefile releng/9.0/crypto/openssl/NEWS releng/9.0/crypto/openssl/README releng/9.0/crypto/openssl/apps/apps.c releng/9.0/crypto/openssl/apps/asn1pars.c releng/9.0/crypto/openssl/apps/cms.c releng/9.0/crypto/openssl/apps/dhparam.c releng/9.0/crypto/openssl/apps/openssl.cnf releng/9.0/crypto/openssl/apps/pkcs12.c releng/9.0/crypto/openssl/apps/s_client.c releng/9.0/crypto/openssl/apps/s_server.c releng/9.0/crypto/openssl/apps/x509.c releng/9.0/crypto/openssl/config releng/9.0/crypto/openssl/crypto/asn1/a_object.c releng/9.0/crypto/openssl/crypto/asn1/a_strex.c releng/9.0/crypto/openssl/crypto/asn1/a_strnid.c releng/9.0/crypto/openssl/crypto/asn1/a_verify.c releng/9.0/crypto/openssl/crypto/asn1/asn1.h releng/9.0/crypto/openssl/crypto/asn1/asn_mime.c releng/9.0/crypto/openssl/crypto/asn1/x_name.c releng/9.0/crypto/openssl/crypto/asn1/x_pubkey.c releng/9.0/crypto/openssl/crypto/bio/bf_buff.c releng/9.0/crypto/openssl/crypto/bio/bio.h releng/9.0/crypto/openssl/crypto/bio/bss_dgram.c releng/9.0/crypto/openssl/crypto/bn/asm/mo-586.pl releng/9.0/crypto/openssl/crypto/bn/asm/ppc.pl releng/9.0/crypto/openssl/crypto/bn/bn_blind.c releng/9.0/crypto/openssl/crypto/bn/bn_gf2m.c releng/9.0/crypto/openssl/crypto/bn/bn_word.c releng/9.0/crypto/openssl/crypto/cms/cms.h releng/9.0/crypto/openssl/crypto/cms/cms_enc.c releng/9.0/crypto/openssl/crypto/cms/cms_env.c releng/9.0/crypto/openssl/crypto/cms/cms_io.c releng/9.0/crypto/openssl/crypto/cms/cms_lcl.h releng/9.0/crypto/openssl/crypto/cms/cms_smime.c releng/9.0/crypto/openssl/crypto/comp/c_rle.c releng/9.0/crypto/openssl/crypto/conf/conf_api.c releng/9.0/crypto/openssl/crypto/cryptlib.c releng/9.0/crypto/openssl/crypto/crypto.h releng/9.0/crypto/openssl/crypto/ec/ec2_smpl.c releng/9.0/crypto/openssl/crypto/ec/ec_key.c releng/9.0/crypto/openssl/crypto/ec/ecp_smpl.c releng/9.0/crypto/openssl/crypto/ecdsa/ecdsatest.c releng/9.0/crypto/openssl/crypto/ecdsa/ecs_ossl.c releng/9.0/crypto/openssl/crypto/evp/evp_test.c releng/9.0/crypto/openssl/crypto/o_init.c releng/9.0/crypto/openssl/crypto/ocsp/ocsp_lib.c releng/9.0/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/9.0/crypto/openssl/crypto/opensslv.h releng/9.0/crypto/openssl/crypto/perlasm/cbc.pl releng/9.0/crypto/openssl/crypto/pkcs7/pk7_smime.c releng/9.0/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl releng/9.0/crypto/openssl/crypto/rc4/rc4_skey.c releng/9.0/crypto/openssl/crypto/rsa/rsa_eay.c releng/9.0/crypto/openssl/crypto/rsa/rsa_oaep.c releng/9.0/crypto/openssl/crypto/symhacks.h releng/9.0/crypto/openssl/crypto/x509/x509_vfy.c releng/9.0/crypto/openssl/crypto/x509v3/v3_addr.c releng/9.0/crypto/openssl/crypto/x509v3/v3_asid.c releng/9.0/crypto/openssl/doc/HOWTO/proxy_certificates.txt releng/9.0/crypto/openssl/doc/apps/CA.pl.pod releng/9.0/crypto/openssl/doc/apps/ca.pod releng/9.0/crypto/openssl/doc/apps/dgst.pod releng/9.0/crypto/openssl/doc/crypto/engine.pod releng/9.0/crypto/openssl/doc/ssl/SSL_clear.pod releng/9.0/crypto/openssl/engines/e_capi.c releng/9.0/crypto/openssl/engines/e_capi_err.h releng/9.0/crypto/openssl/fips/fips_canister.c releng/9.0/crypto/openssl/openssl.spec releng/9.0/crypto/openssl/ssl/Makefile releng/9.0/crypto/openssl/ssl/bio_ssl.c releng/9.0/crypto/openssl/ssl/d1_both.c releng/9.0/crypto/openssl/ssl/d1_clnt.c releng/9.0/crypto/openssl/ssl/d1_enc.c releng/9.0/crypto/openssl/ssl/d1_lib.c releng/9.0/crypto/openssl/ssl/d1_pkt.c releng/9.0/crypto/openssl/ssl/d1_srvr.c releng/9.0/crypto/openssl/ssl/s2_clnt.c releng/9.0/crypto/openssl/ssl/s2_pkt.c releng/9.0/crypto/openssl/ssl/s2_srvr.c releng/9.0/crypto/openssl/ssl/s3_both.c releng/9.0/crypto/openssl/ssl/s3_clnt.c releng/9.0/crypto/openssl/ssl/s3_enc.c releng/9.0/crypto/openssl/ssl/s3_lib.c releng/9.0/crypto/openssl/ssl/s3_pkt.c releng/9.0/crypto/openssl/ssl/s3_srvr.c releng/9.0/crypto/openssl/ssl/ssl.h releng/9.0/crypto/openssl/ssl/ssl_ciph.c releng/9.0/crypto/openssl/ssl/ssl_err.c releng/9.0/crypto/openssl/ssl/ssl_lib.c releng/9.0/crypto/openssl/ssl/ssl_locl.h releng/9.0/crypto/openssl/ssl/t1_enc.c releng/9.0/crypto/openssl/ssl/t1_lib.c releng/9.0/crypto/openssl/util/fipslink.pl releng/9.0/crypto/openssl/util/libeay.num releng/9.0/crypto/openssl/util/mkerr.pl releng/9.0/crypto/openssl/util/pl/VC-32.pl releng/9.0/lib/bind/config.h releng/9.0/secure/lib/libcrypto/Makefile.inc releng/9.0/secure/lib/libssl/Makefile releng/9.0/sys/conf/newvers.sh releng/9.1/UPDATING releng/9.1/crypto/openssl/CHANGES releng/9.1/crypto/openssl/Configure releng/9.1/crypto/openssl/FAQ releng/9.1/crypto/openssl/Makefile releng/9.1/crypto/openssl/NEWS releng/9.1/crypto/openssl/README releng/9.1/crypto/openssl/apps/Makefile releng/9.1/crypto/openssl/apps/apps.c releng/9.1/crypto/openssl/apps/dhparam.c releng/9.1/crypto/openssl/apps/s_server.c releng/9.1/crypto/openssl/crypto/asn1/a_strex.c releng/9.1/crypto/openssl/crypto/asn1/a_verify.c releng/9.1/crypto/openssl/crypto/asn1/x_pubkey.c releng/9.1/crypto/openssl/crypto/bn/bn_word.c releng/9.1/crypto/openssl/crypto/cryptlib.c releng/9.1/crypto/openssl/crypto/crypto.h releng/9.1/crypto/openssl/crypto/o_init.c releng/9.1/crypto/openssl/crypto/ocsp/ocsp_vfy.c releng/9.1/crypto/openssl/crypto/opensslv.h releng/9.1/crypto/openssl/crypto/rsa/rsa_oaep.c releng/9.1/crypto/openssl/crypto/symhacks.h releng/9.1/crypto/openssl/doc/apps/CA.pl.pod releng/9.1/crypto/openssl/engines/e_capi.c releng/9.1/crypto/openssl/openssl.spec releng/9.1/crypto/openssl/ssl/Makefile releng/9.1/crypto/openssl/ssl/d1_enc.c releng/9.1/crypto/openssl/ssl/d1_pkt.c releng/9.1/crypto/openssl/ssl/s2_clnt.c releng/9.1/crypto/openssl/ssl/s2_pkt.c releng/9.1/crypto/openssl/ssl/s3_both.c releng/9.1/crypto/openssl/ssl/s3_clnt.c releng/9.1/crypto/openssl/ssl/s3_enc.c releng/9.1/crypto/openssl/ssl/s3_pkt.c releng/9.1/crypto/openssl/ssl/s3_srvr.c releng/9.1/crypto/openssl/ssl/ssl.h releng/9.1/crypto/openssl/ssl/ssl_err.c releng/9.1/crypto/openssl/ssl/ssl_lib.c releng/9.1/crypto/openssl/ssl/ssl_locl.h releng/9.1/crypto/openssl/ssl/t1_enc.c releng/9.1/crypto/openssl/ssl/t1_lib.c releng/9.1/crypto/openssl/util/libeay.num releng/9.1/lib/bind/config.h releng/9.1/secure/lib/libcrypto/Makefile.inc releng/9.1/secure/lib/libssl/Makefile releng/9.1/sys/conf/newvers.sh Modified: releng/8.3/UPDATING ============================================================================== --- releng/8.3/UPDATING Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/UPDATING Tue Apr 2 17:34:42 2013 (r249029) @@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20130402: p7 FreeBSD-SA-13:03.openssl + Fix multiple vulnerabilities in OpenSSL. + 20130218: p6 FreeBSD-SA-13:02.libc Fix Denial of Service vulnerability in libc's glob(3) functionality. Modified: releng/8.3/crypto/openssl/CHANGES ============================================================================== --- releng/8.3/crypto/openssl/CHANGES Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/CHANGES Tue Apr 2 17:34:42 2013 (r249029) @@ -2,6 +2,171 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8x and 0.9.8y [5 Feb 2013] + + *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. + + This addresses the flaw in CBC record processing discovered by + Nadhem Alfardan and Kenny Paterson. Details of this attack can be found + at: http://www.isg.rhul.ac.uk/tls/ + + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and + Emilia Käsper for the initial patch. + (CVE-2013-0169) + [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] + + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + + *) Call OCSP Stapling callback after ciphersuite has been chosen, so + the right response is stapled. Also change SSL_get_certificate() + so it returns the certificate actually sent. + See http://rt.openssl.org/Ticket/Display.html?id=2836. + (This is a backport) + [Rob Stradling <rob.stradling@comodo.com>] + + *) Fix possible deadlock when decoding public keys. + [Steve Henson] + + Changes between 0.9.8w and 0.9.8x [10 May 2012] + + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + + *) Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + + Changes between 0.9.8v and 0.9.8w [23 Apr 2012] + + *) The fix for CVE-2012-2110 did not take into account that the + 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an + int in OpenSSL 0.9.8, making it still vulnerable. Fix by + rejecting negative len parameter. (CVE-2012-2131) + [Tomas Hoger <thoger@redhat.com>] + + Changes between 0.9.8u and 0.9.8v [19 Apr 2012] + + *) Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer + in CRYPTO_realloc_clean. + + Thanks to Tavis Ormandy, Google Security Team, for discovering this + issue and to Adam Langley <agl@chromium.org> for fixing it. + (CVE-2012-2110) + [Adam Langley (Google), Tavis Ormandy, Google Security Team] + + Changes between 0.9.8t and 0.9.8u [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + + *) Fix CVE-2011-4619: make sure we really are receiving a + client hello before rejecting multiple SGC restarts. Thanks to + Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. + [Steve Henson] + + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + Thanks to Antonio Martin, Enterprise Secure Access Research and + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] + + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] + + *) Nadhem Alfardan and Kenny Paterson have discovered an extension + of the Vaudenay padding oracle attack on CBC mode encryption + which enables an efficient plaintext recovery attack against + the OpenSSL implementation of DTLS. Their attack exploits timing + differences arising during decryption processing. A research + paper describing this attack can be found at: + http://www.isg.rhul.ac.uk/~kp/dtls.pdf + Thanks go to Nadhem Alfardan and Kenny Paterson of the Information + Security Group at Royal Holloway, University of London + (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann + <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> + for preparing the fix. (CVE-2011-4108) + [Robin Seggelmann, Michael Tuexen] + + *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) + [Ben Laurie, Kasper <ekasper@google.com>] + + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + + *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George + Kadianakis <desnacked@gmail.com> for discovering this issue and + Adam Langley for preparing the fix. (CVE-2011-4619) + [Adam Langley (Google)] + + *) Prevent malformed RFC3779 data triggering an assertion failure. + Thanks to Andrew Chi, BBN Technologies, for discovering the flaw + and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) + [Rob Austein <sra@hactrn.net>] + + *) Fix ssl_ciph.c set-up race. + [Adam Langley (Google)] + + *) Fix spurious failures in ecdsatest.c. + [Emilia Käsper (Google)] + + *) Fix the BIO_f_buffer() implementation (which was mixing different + interpretations of the '..._len' fields). + [Adam Langley (Google)] + + *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than + BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent + threads won't reuse the same blinding coefficients. + + This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING + lock to call BN_BLINDING_invert_ex, and avoids one use of + BN_BLINDING_update for each BN_BLINDING structure (previously, + the last update always remained unused). + [Emilia Käsper (Google)] + + *) Fix SSL memory handling for (EC)DH ciphersuites, in particular + for multi-threaded use of ECDH. + [Adam Langley (Google)] + + *) Fix x509_name_ex_d2i memory leak on bad inputs. + [Bodo Moeller] + + *) Add protection against ECDSA timing attacks as mentioned in the paper + by Billy Bob Brumley and Nicola Tuveri, see: + + http://eprint.iacr.org/2011/232.pdf + + [Billy Bob Brumley and Nicola Tuveri] + + Changes between 0.9.8q and 0.9.8r [8 Feb 2011] + + *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 + [Neel Mehta, Adam Langley, Bodo Moeller (Google)] + + *) Fix bug in string printing code: if *any* escaping is enabled we must + escape the escape character (backslash) or the resulting string is + ambiguous. + [Steve Henson] + Changes between 0.9.8p and 0.9.8q [2 Dec 2010] *) Disable code workaround for ancient and obsolete Netscape browsers Modified: releng/8.3/crypto/openssl/Configure ============================================================================== --- releng/8.3/crypto/openssl/Configure Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/Configure Tue Apr 2 17:34:42 2013 (r249029) @@ -162,6 +162,7 @@ my %table=( "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-64", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", @@ -172,10 +173,10 @@ my %table=( "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", @@ -371,6 +372,9 @@ my %table=( "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", +# Android: Linux but without -DTERMIO and pointers to headers and libs. +"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -425,8 +429,8 @@ my %table=( "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) Modified: releng/8.3/crypto/openssl/FAQ ============================================================================== --- releng/8.3/crypto/openssl/FAQ Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/FAQ Tue Apr 2 17:34:42 2013 (r249029) @@ -10,6 +10,7 @@ OpenSSL - Frequently Asked Questions * Why aren't tools like 'autoconf' and 'libtool' used? * What is an 'engine' version? * How do I check the authenticity of the OpenSSL distribution? +* How does the versioning scheme work? [LEGAL] Legal questions @@ -82,7 +83,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 1.0.0c was released on Dec 2nd, 2010. +OpenSSL 1.0.1d was released on Feb 5th, 2013. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -108,7 +109,9 @@ In addition, you can read the most curre <URL: http://www.openssl.org/docs/>. Note that the online documents refer to the very latest development versions of OpenSSL and may include features not present in released versions. If in doubt refer to the documentation -that came with the version of OpenSSL you are using. +that came with the version of OpenSSL you are using. The pod format +documentation is included in each OpenSSL distribution under the docs +directory. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's @@ -173,6 +176,19 @@ just do: pgp TARBALL.asc +* How does the versioning scheme work? + +After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter +releases (e.g. 1.0.1a) can only contain bug and security fixes and no +new features. Minor releases change the last number (e.g. 1.0.2) and +can contain new features that retain binary compatibility. Changes to +the middle number are considered major releases and neither source nor +binary compatibility is guaranteed. + +Therefore the answer to the common question "when will feature X be +backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear +in the next minor release. + [LEGAL] ======================================================================= * Do I need patent licenses to use OpenSSL? @@ -284,7 +300,7 @@ current directory in this case, but this Check out the CA.pl(1) manual page. This provides a simple wrapper round the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check out the manual pages for the individual utilities and the certificate -extensions documentation (currently in doc/openssl.txt). +extensions documentation (in ca(1), req(1), x509v3_config(5) ) * Why can't I create certificate requests? Modified: releng/8.3/crypto/openssl/LICENSE ============================================================================== --- releng/8.3/crypto/openssl/LICENSE Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/LICENSE Tue Apr 2 17:34:42 2013 (r249029) @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: releng/8.3/crypto/openssl/Makefile ============================================================================== --- releng/8.3/crypto/openssl/Makefile Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/Makefile Tue Apr 2 17:34:42 2013 (r249029) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8q +VERSION=0.9.8y MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 Modified: releng/8.3/crypto/openssl/NEWS ============================================================================== --- releng/8.3/crypto/openssl/NEWS Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/NEWS Tue Apr 2 17:34:42 2013 (r249029) @@ -5,6 +5,45 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: + + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix OCSP bad key DoS attack CVE-2013-0166 + + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: + + o Fix DTLS record length checking bug CVE-2012-2333 + + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: + + o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) + + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: + + o Fix for ASN1 overflow bug CVE-2012-2110 + + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: + + o Fix for DTLS DoS issue CVE-2012-0050 + + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Fix policy check double free error CVE-2011-4109 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + o Check for malformed RFC3779 data CVE-2011-4577 + + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: o Fix for security issue CVE-2010-4180 @@ -181,6 +220,11 @@ o Added initial support for Win64. o Added alternate pkg-config files. + Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: + + o FIPS 1.1.1 module linking. + o Various ciphersuite selection fixes. + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) Modified: releng/8.3/crypto/openssl/README ============================================================================== --- releng/8.3/crypto/openssl/README Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/README Tue Apr 2 17:34:42 2013 (r249029) @@ -1,7 +1,7 @@ - OpenSSL 0.9.8q 2 Dec 2010 + OpenSSL 0.9.8y 5 Feb 2013 - Copyright (c) 1998-2009 The OpenSSL Project + Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. Modified: releng/8.3/crypto/openssl/apps/apps.c ============================================================================== --- releng/8.3/crypto/openssl/apps/apps.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/apps.c Tue Apr 2 17:34:42 2013 (r249029) @@ -2052,7 +2052,7 @@ X509_NAME *parse_name(char *subject, lon X509_NAME *n = NULL; int nid; - if (!buf || !ne_types || !ne_values) + if (!buf || !ne_types || !ne_values || !mval) { BIO_printf(bio_err, "malloc error\n"); goto error; @@ -2156,6 +2156,7 @@ X509_NAME *parse_name(char *subject, lon OPENSSL_free(ne_values); OPENSSL_free(ne_types); OPENSSL_free(buf); + OPENSSL_free(mval); return n; error: @@ -2164,6 +2165,8 @@ error: OPENSSL_free(ne_values); if (ne_types) OPENSSL_free(ne_types); + if (mval) + OPENSSL_free(mval); if (buf) OPENSSL_free(buf); return NULL; Modified: releng/8.3/crypto/openssl/apps/asn1pars.c ============================================================================== --- releng/8.3/crypto/openssl/apps/asn1pars.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/asn1pars.c Tue Apr 2 17:34:42 2013 (r249029) @@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *g atyp = ASN1_generate_nconf(genstr, cnf); NCONF_free(cnf); + cnf = NULL; if (!atyp) return -1; Modified: releng/8.3/crypto/openssl/apps/cms.c ============================================================================== --- releng/8.3/crypto/openssl/apps/cms.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/cms.c Tue Apr 2 17:34:42 2013 (r249029) @@ -226,6 +226,8 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-camellia256")) cipher = EVP_camellia_256_cbc(); #endif + else if (!strcmp (*args, "-debug_decrypt")) + flags |= CMS_DEBUG_DECRYPT; else if (!strcmp (*args, "-text")) flags |= CMS_TEXT; else if (!strcmp (*args, "-nointern")) @@ -611,7 +613,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-certsout file certificate output file\n"); BIO_printf (bio_err, "-signer file signer certificate file\n"); BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); - BIO_printf (bio_err, "-skeyid use subject key identifier\n"); + BIO_printf (bio_err, "-keyid use subject key identifier\n"); BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); @@ -1013,6 +1015,8 @@ int MAIN(int argc, char **argv) ret = 4; if (operation == SMIME_DECRYPT) { + if (flags & CMS_DEBUG_DECRYPT) + CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); if (secret_key) { Modified: releng/8.3/crypto/openssl/apps/dhparam.c ============================================================================== --- releng/8.3/crypto/openssl/apps/dhparam.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/dhparam.c Tue Apr 2 17:34:42 2013 (r249029) @@ -332,7 +332,6 @@ bad: BIO_printf(bio_err,"This is going to take a long time\n"); if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { - if(dh) DH_free(dh); ERR_print_errors(bio_err); goto end; } Modified: releng/8.3/crypto/openssl/apps/openssl.cnf ============================================================================== --- releng/8.3/crypto/openssl/apps/openssl.cnf Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/openssl.cnf Tue Apr 2 17:34:42 2013 (r249029) @@ -142,7 +142,7 @@ localityName = Locality Name (eg, city organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = -commonName = Common Name (eg, YOUR name) +commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address Modified: releng/8.3/crypto/openssl/apps/pkcs12.c ============================================================================== --- releng/8.3/crypto/openssl/apps/pkcs12.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/pkcs12.c Tue Apr 2 17:34:42 2013 (r249029) @@ -659,7 +659,7 @@ int MAIN(int argc, char **argv) if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass); - if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); + if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); if(macver) { #ifdef CRYPTO_MDEBUG CRYPTO_push_info("verify MAC"); Modified: releng/8.3/crypto/openssl/apps/s_client.c ============================================================================== --- releng/8.3/crypto/openssl/apps/s_client.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/s_client.c Tue Apr 2 17:34:42 2013 (r249029) @@ -345,13 +345,7 @@ int MAIN(int argc, char **argv) char *jpake_secret = NULL; #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_client_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_client_method(); -#endif apps_startup(); c_Pause=0; Modified: releng/8.3/crypto/openssl/apps/s_server.c ============================================================================== --- releng/8.3/crypto/openssl/apps/s_server.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/s_server.c Tue Apr 2 17:34:42 2013 (r249029) @@ -781,13 +781,7 @@ int MAIN(int argc, char *argv[]) tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; #endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) - meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) - meth=SSLv2_server_method(); -#endif local_argc=argc; local_argv=argv; @@ -1556,6 +1550,12 @@ end: if (dpass) OPENSSL_free(dpass); #ifndef OPENSSL_NO_TLSEXT + if (tlscstatp.host) + OPENSSL_free(tlscstatp.host); + if (tlscstatp.port) + OPENSSL_free(tlscstatp.port); + if (tlscstatp.path) + OPENSSL_free(tlscstatp.path); if (ctx2 != NULL) SSL_CTX_free(ctx2); if (s_cert2) X509_free(s_cert2); Modified: releng/8.3/crypto/openssl/apps/x509.c ============================================================================== --- releng/8.3/crypto/openssl/apps/x509.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/apps/x509.c Tue Apr 2 17:34:42 2013 (r249029) @@ -969,7 +969,7 @@ bad: else { pk=load_key(bio_err, - keyfile, FORMAT_PEM, 0, + keyfile, keyformat, 0, passin, e, "request key"); if (pk == NULL) goto end; } Modified: releng/8.3/crypto/openssl/config ============================================================================== --- releng/8.3/crypto/openssl/config Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/config Tue Apr 2 17:34:42 2013 (r249029) @@ -790,6 +790,10 @@ esac # options="$options -DATALLA" #fi +($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \ + grep \\--noexecstack) 2>&1 > /dev/null && \ + options="$options -Wa,--noexecstack" + # gcc < 2.8 does not support -march=ultrasparc if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] then Modified: releng/8.3/crypto/openssl/crypto/asn1/a_object.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/a_object.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/a_object.c Tue Apr 2 17:34:42 2013 (r249029) @@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); goto err; } - if (!use_bn && l > (ULONG_MAX / 10L)) + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; if (!bl) @@ -294,7 +294,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT /* Sanity check OID encoding: can't have leading 0x80 in * subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + for (i = 0, p = *pp; i < len; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { Modified: releng/8.3/crypto/openssl/crypto/asn1/a_strex.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/a_strex.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/a_strex.c Tue Apr 2 17:34:42 2013 (r249029) @@ -74,6 +74,11 @@ #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. @@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, if(!io_ch(arg, tmphex, 3)) return -1; return 3; } + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if(!io_ch(arg, "\\\\", 2)) return -1; + return 2; + } if(!io_ch(arg, &chtmp, 1)) return -1; return 1; } @@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = { 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of @@ -560,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char ** if(mbflag == -1) return -1; mbflag |= MBSTRING_FLAG; stmp.data = NULL; + stmp.length = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; Modified: releng/8.3/crypto/openssl/crypto/asn1/a_strnid.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/a_strnid.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/a_strnid.c Tue Apr 2 17:34:42 2013 (r249029) @@ -96,7 +96,7 @@ unsigned long ASN1_STRING_get_default_ma * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; Modified: releng/8.3/crypto/openssl/crypto/asn1/a_verify.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/a_verify.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/a_verify.c Tue Apr 2 17:34:42 2013 (r249029) @@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it unsigned char *buf_in=NULL; int ret= -1,i,inl; + if (!pkey) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); Modified: releng/8.3/crypto/openssl/crypto/asn1/asn1.h ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/asn1.h Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/asn1.h Tue Apr 2 17:34:42 2013 (r249029) @@ -1051,7 +1051,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, int inform, unsigned long mask); Modified: releng/8.3/crypto/openssl/crypto/asn1/asn_mime.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/asn_mime.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/asn_mime.c Tue Apr 2 17:34:42 2013 (r249029) @@ -418,9 +418,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BI if(strcmp(hdr->value, "application/x-pkcs7-signature") && strcmp(hdr->value, "application/pkcs7-signature")) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); ERR_add_error_data(2, "type: ", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -790,12 +790,17 @@ static int mime_hdr_addparam(MIME_HEADER static int mime_hdr_cmp(const MIME_HEADER * const *a, const MIME_HEADER * const *b) { + if (!(*a)->name || !(*b)->name) + return !!(*a)->name - !!(*b)->name; + return(strcmp((*a)->name, (*b)->name)); } static int mime_param_cmp(const MIME_PARAM * const *a, const MIME_PARAM * const *b) { + if (!(*a)->param_name || !(*b)->param_name) + return !!(*a)->param_name - !!(*b)->param_name; return(strcmp((*a)->param_name, (*b)->param_name)); } Modified: releng/8.3/crypto/openssl/crypto/asn1/x_name.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/x_name.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/x_name.c Tue Apr 2 17:34:42 2013 (r249029) @@ -196,7 +196,9 @@ static int x509_name_ex_d2i(ASN1_VALUE * *val = nm.a; *in = p; return ret; - err: +err: + if (nm.x != NULL) + X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } Modified: releng/8.3/crypto/openssl/crypto/asn1/x_pubkey.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/asn1/x_pubkey.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/asn1/x_pubkey.c Tue Apr 2 17:34:42 2013 (r249029) @@ -367,7 +367,19 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *k goto err; } - key->pkey = ret; + /* Check to see if another thread set key->pkey first */ + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + if (key->pkey) + { + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_free(ret); + ret = key->pkey; + } + else + { + key->pkey = ret; + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + } CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return(ret); err: Modified: releng/8.3/crypto/openssl/crypto/bio/bf_buff.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/bio/bf_buff.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bio/bf_buff.c Tue Apr 2 17:34:42 2013 (r249029) @@ -209,7 +209,7 @@ start: /* add to buffer and return */ if (i >= inl) { - memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl); + memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl); ctx->obuf_len+=inl; return(num+inl); } @@ -219,7 +219,7 @@ start: { if (i > 0) /* lets fill it up if we can */ { - memcpy(&(ctx->obuf[ctx->obuf_len]),in,i); + memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i); in+=i; inl-=i; num+=i; @@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, case BIO_C_GET_BUFF_NUM_LINES: ret=0; p1=ctx->ibuf; - for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++) + for (i=0; i<ctx->ibuf_len; i++) { - if (p1[i] == '\n') ret++; + if (p1[ctx->ibuf_off + i] == '\n') ret++; } break; case BIO_CTRL_WPENDING: @@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, for (;;) { BIO_clear_retry_flags(b); - if (ctx->obuf_len > ctx->obuf_off) + if (ctx->obuf_len > 0) { r=BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), - ctx->obuf_len-ctx->obuf_off); + ctx->obuf_len); #if 0 -fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r); +fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r); #endif BIO_copy_next_retry(b); if (r <= 0) return((long)r); ctx->obuf_off+=r; + ctx->obuf_len-=r; } else { Modified: releng/8.3/crypto/openssl/crypto/bio/bio.h ============================================================================== --- releng/8.3/crypto/openssl/crypto/bio/bio.h Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bio/bio.h Tue Apr 2 17:34:42 2013 (r249029) @@ -145,6 +145,7 @@ extern "C" { /* #endif */ #define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 #define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ #define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for * MTU. want to use this @@ -321,6 +322,15 @@ DECLARE_STACK_OF(BIO) typedef struct bio_f_buffer_ctx_struct { + /* Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + /* BIO *bio; */ /* this is now in the BIO struct */ int ibuf_size; /* how big is the input buffer */ int obuf_size; /* how big is the output buffer */ Modified: releng/8.3/crypto/openssl/crypto/bio/bss_dgram.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/bio/bss_dgram.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bio/bss_dgram.c Tue Apr 2 17:34:42 2013 (r249029) @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_DGRAM #include <stdio.h> #include <errno.h> @@ -65,6 +64,7 @@ #include "cryptlib.h" #include <openssl/bio.h> +#ifndef OPENSSL_NO_DGRAM #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) #include <sys/timeb.h> @@ -288,7 +288,6 @@ static int dgram_read(BIO *b, char *out, */ dgram_adjust_rcv_timeout(b); ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); - dgram_reset_rcv_timeout(b); if ( ! data->connected && ret >= 0) BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); @@ -302,6 +301,8 @@ static int dgram_read(BIO *b, char *out, data->_errno = get_last_socket_error(); } } + + dgram_reset_rcv_timeout(b); } return(ret); } @@ -493,6 +494,9 @@ static long dgram_ctrl(BIO *b, int cmd, ret = 0; #endif break; + case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: + ret = 576 - 20 - 8; + break; case BIO_CTRL_DGRAM_GET_MTU: return data->mtu; break; @@ -654,9 +658,13 @@ static int BIO_dgram_should_retry(int i) { err=get_last_socket_error(); -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); +#if defined(OPENSSL_SYS_WINDOWS) + /* If the socket return value (i) is -1 + * and err is unexpectedly 0 at this point, + * the error code was overwritten by + * another system call before this error + * handling is called. + */ #endif return(BIO_dgram_non_fatal_error(err)); @@ -719,7 +727,6 @@ int BIO_dgram_non_fatal_error(int err) } return(0); } -#endif static void get_current_time(struct timeval *t) { @@ -737,3 +744,5 @@ static void get_current_time(struct time gettimeofday(t, NULL); #endif } + +#endif Modified: releng/8.3/crypto/openssl/crypto/bn/asm/mo-586.pl ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/asm/mo-586.pl Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bn/asm/mo-586.pl Tue Apr 2 17:34:42 2013 (r249029) @@ -539,8 +539,10 @@ $sbit=$num; &jle (&label("sqradd")); &mov ($carry,"edx"); - &lea ("edx",&DWP(0,$sbit,"edx",2)); + &add ("edx","edx"); &shr ($carry,31); + &add ("edx",$sbit); + &adc ($carry,0); &set_label("sqrlast"); &mov ($word,$_n0); &mov ($inp,$_np); Modified: releng/8.3/crypto/openssl/crypto/bn/asm/ppc.pl ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/asm/ppc.pl Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bn/asm/ppc.pl Tue Apr 2 17:34:42 2013 (r249029) @@ -1039,7 +1039,7 @@ sub data { addze r11,r0 #mul_add_c(a[3],b[2],c3,c1,c2); $LD r6,`3*$BNSZ`(r4) - $LD r7,`2*$BNSZ`(r4) + $LD r7,`2*$BNSZ`(r5) $UMULL r8,r6,r7 $UMULH r9,r6,r7 addc r12,r8,r12 Modified: releng/8.3/crypto/openssl/crypto/bn/bn_blind.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/bn_blind.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bn/bn_blind.c Tue Apr 2 17:34:42 2013 (r249029) @@ -123,7 +123,7 @@ struct bn_blinding_st BIGNUM *mod; /* just a reference */ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ - unsigned int counter; + int counter; unsigned long flags; BN_MONT_CTX *m_ctx; int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -157,7 +157,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNU if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); - ret->counter = BN_BLINDING_COUNTER; + /* Set the counter to the special value -1 + * to indicate that this is never-used fresh blinding + * that does not need updating before first use. */ + ret->counter = -1; return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); @@ -186,7 +189,10 @@ int BN_BLINDING_update(BN_BLINDING *b, B goto err; } - if (--(b->counter) == 0 && b->e != NULL && + if (b->counter == -1) + b->counter = 0; + + if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && !(b->flags & BN_BLINDING_NO_RECREATE)) { /* re-create blinding parameters */ @@ -201,8 +207,8 @@ int BN_BLINDING_update(BN_BLINDING *b, B ret=1; err: - if (b->counter == 0) - b->counter = BN_BLINDING_COUNTER; + if (b->counter == BN_BLINDING_COUNTER) + b->counter = 0; return(ret); } @@ -223,6 +229,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BI return(0); } + if (b->counter == -1) + /* Fresh blinding, doesn't need updating. */ + b->counter = 0; + else if (!BN_BLINDING_update(b,ctx)) + return(0); + if (r != NULL) { if (!BN_copy(r, b->Ai)) ret=0; @@ -243,22 +255,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, con int ret; bn_check_top(n); - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); - return(0); - } if (r != NULL) ret = BN_mod_mul(n, n, r, b->mod, ctx); else - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); - - if (ret >= 0) { - if (!BN_BLINDING_update(b,ctx)) + if (b->Ai == NULL) + { + BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); return(0); + } + ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); } + bn_check_top(n); return(ret); } Modified: releng/8.3/crypto/openssl/crypto/bn/bn_gf2m.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/bn_gf2m.c Tue Apr 2 17:29:17 2013 (r249028) +++ releng/8.3/crypto/openssl/crypto/bn/bn_gf2m.c Tue Apr 2 17:34:42 2013 (r249029) @@ -607,6 +607,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIG { while (!BN_is_odd(u)) { *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304021734.r32HYgxX076233>