Annotation of /trunk/openssl/patches/openssl-0.9.8e-CVE-2007-3108.patch
Parent Directory | Revision Log
Revision 367 -
(hide annotations)
(download)
Sat Oct 6 09:33:27 2007 UTC (16 years, 11 months ago) by niro
File size: 3107 byte(s)
Sat Oct 6 09:33:27 2007 UTC (16 years, 11 months ago) by niro
File size: 3107 byte(s)
-security updates
1 | niro | 367 | http://bugs.gentoo.org/188799 |
2 | |||
3 | -----BEGIN PGP SIGNED MESSAGE----- | ||
4 | Hash: SHA1 | ||
5 | |||
6 | - --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200 | ||
7 | +++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200 | ||
8 | @@ -176,7 +176,6 @@ | ||
9 | |||
10 | max=(nl+al+1); /* allow for overflow (no?) XXX */ | ||
11 | if (bn_wexpand(r,max) == NULL) goto err; | ||
12 | - - if (bn_wexpand(ret,max) == NULL) goto err; | ||
13 | |||
14 | r->neg=a->neg^n->neg; | ||
15 | np=n->d; | ||
16 | @@ -228,19 +227,70 @@ | ||
17 | } | ||
18 | bn_correct_top(r); | ||
19 | |||
20 | - - /* mont->ri will be a multiple of the word size */ | ||
21 | - -#if 0 | ||
22 | - - BN_rshift(ret,r,mont->ri); | ||
23 | - -#else | ||
24 | - - ret->neg = r->neg; | ||
25 | - - x=ri; | ||
26 | + /* mont->ri will be a multiple of the word size and below code | ||
27 | + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ | ||
28 | + if (r->top <= ri) | ||
29 | + { | ||
30 | + ret->top=0; | ||
31 | + retn=1; | ||
32 | + goto err; | ||
33 | + } | ||
34 | + al=r->top-ri; | ||
35 | + | ||
36 | +# define BRANCH_FREE 1 | ||
37 | +# if BRANCH_FREE | ||
38 | + if (bn_wexpand(ret,ri) == NULL) goto err; | ||
39 | + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); | ||
40 | + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ | ||
41 | + ret->neg=r->neg; | ||
42 | + | ||
43 | rp=ret->d; | ||
44 | - - ap= &(r->d[x]); | ||
45 | - - if (r->top < x) | ||
46 | - - al=0; | ||
47 | - - else | ||
48 | - - al=r->top-x; | ||
49 | + ap=&(r->d[ri]); | ||
50 | + | ||
51 | + { | ||
52 | + size_t m1,m2; | ||
53 | + | ||
54 | + v=bn_sub_words(rp,ap,np,ri); | ||
55 | + /* this ----------------^^ works even in al<ri case | ||
56 | + * thanks to zealous zeroing of top of the vector in the | ||
57 | + * beginning. */ | ||
58 | + | ||
59 | + /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ | ||
60 | + /* in other words if subtraction result is real, then | ||
61 | + * trick unconditional memcpy below to perform in-place | ||
62 | + * "refresh" instead of actual copy. */ | ||
63 | + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ | ||
64 | + m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ | ||
65 | + m1|=m2; /* (al!=ri) */ | ||
66 | + m1|=(0-(size_t)v); /* (al!=ri || v) */ | ||
67 | + m1&=~m2; /* (al!=ri || v) && !al>ri */ | ||
68 | + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); | ||
69 | + } | ||
70 | + | ||
71 | + /* 'i<ri' is chosen to eliminate dependency on input data, even | ||
72 | + * though it results in redundant copy in al<ri case. */ | ||
73 | + for (i=0,ri-=4; i<ri; i+=4) | ||
74 | + { | ||
75 | + BN_ULONG t1,t2,t3,t4; | ||
76 | + | ||
77 | + t1=nrp[i+0]; | ||
78 | + t2=nrp[i+1]; | ||
79 | + t3=nrp[i+2]; ap[i+0]=0; | ||
80 | + t4=nrp[i+3]; ap[i+1]=0; | ||
81 | + rp[i+0]=t1; ap[i+2]=0; | ||
82 | + rp[i+1]=t2; ap[i+3]=0; | ||
83 | + rp[i+2]=t3; | ||
84 | + rp[i+3]=t4; | ||
85 | + } | ||
86 | + for (ri+=4; i<ri; i++) | ||
87 | + rp[i]=nrp[i], ap[i]=0; | ||
88 | +# else | ||
89 | + if (bn_wexpand(ret,al) == NULL) goto err; | ||
90 | ret->top=al; | ||
91 | + ret->neg=r->neg; | ||
92 | + | ||
93 | + rp=ret->d; | ||
94 | + ap=&(r->d[ri]); | ||
95 | al-=4; | ||
96 | for (i=0; i<al; i+=4) | ||
97 | { | ||
98 | @@ -258,7 +308,7 @@ | ||
99 | al+=4; | ||
100 | for (; i<al; i++) | ||
101 | rp[i]=ap[i]; | ||
102 | - -#endif | ||
103 | +# endif | ||
104 | #else /* !MONT_WORD */ | ||
105 | BIGNUM *t1,*t2; | ||
106 | |||
107 | @@ -278,10 +328,12 @@ | ||
108 | if (!BN_rshift(ret,t2,mont->ri)) goto err; | ||
109 | #endif /* MONT_WORD */ | ||
110 | |||
111 | +#if !defined(BRANCH_FREE) || BRANCH_FREE==0 | ||
112 | if (BN_ucmp(ret, &(mont->N)) >= 0) | ||
113 | { | ||
114 | if (!BN_usub(ret,ret,&(mont->N))) goto err; | ||
115 | } | ||
116 | +#endif | ||
117 | retn=1; | ||
118 | bn_check_top(ret); | ||
119 | err: | ||
120 | -----BEGIN PGP SIGNATURE----- | ||
121 | Version: GnuPG v1.4.5 (GNU/Linux) | ||
122 | |||
123 | iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA | ||
124 | 7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj | ||
125 | zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz | ||
126 | iBDdynBpa+s= | ||
127 | =aquq | ||
128 | -----END PGP SIGNATURE----- |