subject:"CVS commit\: \[netbsd\-6\-0\] src\/crypto\/external\/bsd\/openssl\/dist\/crypto"

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto/evp

2017-02-04 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Sun Feb  5 05:52:42 UTC 2017

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/evp [netbsd-6-0]:
e_rc4_hmac_md5.c

Log Message:
Apply patch (requested by spz in ticket #1355):
Fix CVE-2017-3731.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1.2.2.4.2 -r1.1.1.1.2.2.4.3 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.2.2.4.2 src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.2.2.4.3
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c:1.1.1.1.2.2.4.2	Sun Jul 12 18:40:55 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c	Sun Feb  5 05:52:41 2017
@@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_
 len = p[arg - 2] << 8 | p[arg - 1];
 
 if (!ctx->encrypt) {
+if (len < MD5_DIGEST_LENGTH)
+return -1;
 len -= MD5_DIGEST_LENGTH;
 p[arg - 2] = len >> 8;
 p[arg - 1] = len;

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto

2014-10-26 Thread Soren Jacobsen

Module Name:src
Committed By:   snj
Date:   Sun Oct 26 19:54:53 UTC 2014

Added Files:
src/crypto/external/bsd/openssl/dist/crypto [netbsd-6-0]:
constant_time_locl.h

Log Message:
Apply patch (requested by spz in ticket 1170):
update of openssl to the next higher version, 1.0.1j

Upstream condensed log:
  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]

  o Fix for CVE-2014-3513
  o Fix for CVE-2014-3567
  o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
  o Fix for CVE-2014-3568


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1.4.2 \
src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h
diff -u /dev/null src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h:1.1.4.2
--- /dev/null	Sun Oct 26 19:54:53 2014
+++ src/crypto/external/bsd/openssl/dist/crypto/constant_time_locl.h	Sun Oct 26 19:54:53 2014
@@ -0,0 +1,216 @@
+/* crypto/constant_time_locl.h */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emi...@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * 
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *must display the following acknowledgement:
+ *This product includes cryptographic software written by
+ * Eric Young (e...@cryptsoft.com)
+ *The word 'cryptographic' can be left out if the rouines from the library
+ *being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *the apps directory (application code) you must include an acknowledgement:
+ *This product includes software written by Tim Hudson (t...@cryptsoft.com)
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+#define HEADER_CONSTANT_TIME_LOCL_H
+
+#include e_os.h  /* For 'inline' */
+
+#ifdef __cplusplus
+extern C {
+#endif
+
+/*
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a  b) {
+ *   c = a;
+ * } else {
+ *   c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a  b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a = b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto

2014-04-03 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Thu Apr  3 19:02:00 UTC 2014

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/bn [netbsd-6-0]: bn.h
bn_lib.c
src/crypto/external/bsd/openssl/dist/crypto/ec [netbsd-6-0]: ec2_mult.c

Log Message:
Pull up following revision(s) (requested by tron in ticket #1041):
crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/bn/bn.h: revision 1.2
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c: revision 1.2
Add fix for CVE-2014-0076 taken from OpenSSL GIT repository:
Fix for the attack described in the paper Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2.4.1 -r1.1.1.2.4.1.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.10.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
cvs rdiff -u -r1.1.1.2.4.1 -r1.1.1.2.4.1.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h:1.1.1.2.4.1 src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h:1.1.1.2.4.1.4.1
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h:1.1.1.2.4.1	Tue Aug 14 07:56:09 2012
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn.h	Thu Apr  3 19:02:00 2014
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf
 
 #define bn_fix_top(a)		bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+	do { \
+		const BIGNUM *_bnum2 = (bn); \
+		assert(words = (_bnum2)-dmax  words = (_bnum2)-top); \
+	} while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)		bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 

Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.1.1.2.10.1
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.1.1.2	Sun Jun  5 14:57:56 2011
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c	Thu Apr  3 19:02:00 2014
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a,
 		}
 	return bn_cmp_words(a,b,cl);
 	}
+
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+	{
+	BN_ULONG t;
+	int i;
+
+	bn_wcheck_size(a, nwords);
+	bn_wcheck_size(b, nwords);
+
+	assert(a != b);
+	assert((condition  (condition - 1)) == 0);
+	assert(sizeof(BN_ULONG) = sizeof(int));
+
+	condition = ((condition - 1)  (BN_BITS2 - 1)) - 1;
+
+	t = (a-top^b-top)  condition;
+	a-top ^= t;
+	b-top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+	do { \
+		t = (a-d[ind] ^ b-d[ind])  condition; \
+		a-d[ind] ^= t; \
+		b-d[ind] ^= t; \
+	} while (0)
+
+
+	switch (nwords) {
+	default:
+		for (i = 10; i  nwords; i++) 
+			BN_CONSTTIME_SWAP(i);
+		/* Fallthrough */
+	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+	case 1: BN_CONSTTIME_SWAP(0);
+	}
+#undef BN_CONSTTIME_SWAP
+}

Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.1.1.2.4.1 src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.1.1.2.4.1.4.1
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c:1.1.1.2.4.1	Tue Aug 14 07:56:23 2012
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c	Thu Apr  3

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto/evp

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto

CVS commit: [netbsd-6-0] src/crypto/external/bsd/openssl/dist/crypto

3 matches

Site Navigation

Mail list logo

Footer information