Contents of /trunk/openssl/patches/openssl-0.9.8e-CVE-2007-3108.patch
Parent Directory | Revision Log
Revision 367 -
(show annotations)
(download)
Sat Oct 6 09:33:27 2007 UTC (16 years, 11 months ago) by niro
File size: 3107 byte(s)
Sat Oct 6 09:33:27 2007 UTC (16 years, 11 months ago) by niro
File size: 3107 byte(s)
-security updates
1 | http://bugs.gentoo.org/188799 |
2 | |
3 | -----BEGIN PGP SIGNED MESSAGE----- |
4 | Hash: SHA1 |
5 | |
6 | - --- openssl-0.9.8e/crypto/bn/bn_mont.c 2006-06-16 03:01:14.000000000 +0200 |
7 | +++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c 2007-06-29 10:13:25.000000000 +0200 |
8 | @@ -176,7 +176,6 @@ |
9 | |
10 | max=(nl+al+1); /* allow for overflow (no?) XXX */ |
11 | if (bn_wexpand(r,max) == NULL) goto err; |
12 | - - if (bn_wexpand(ret,max) == NULL) goto err; |
13 | |
14 | r->neg=a->neg^n->neg; |
15 | np=n->d; |
16 | @@ -228,19 +227,70 @@ |
17 | } |
18 | bn_correct_top(r); |
19 | |
20 | - - /* mont->ri will be a multiple of the word size */ |
21 | - -#if 0 |
22 | - - BN_rshift(ret,r,mont->ri); |
23 | - -#else |
24 | - - ret->neg = r->neg; |
25 | - - x=ri; |
26 | + /* mont->ri will be a multiple of the word size and below code |
27 | + * is kind of BN_rshift(ret,r,mont->ri) equivalent */ |
28 | + if (r->top <= ri) |
29 | + { |
30 | + ret->top=0; |
31 | + retn=1; |
32 | + goto err; |
33 | + } |
34 | + al=r->top-ri; |
35 | + |
36 | +# define BRANCH_FREE 1 |
37 | +# if BRANCH_FREE |
38 | + if (bn_wexpand(ret,ri) == NULL) goto err; |
39 | + x=0-(((al-ri)>>(sizeof(al)*8-1))&1); |
40 | + ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ |
41 | + ret->neg=r->neg; |
42 | + |
43 | rp=ret->d; |
44 | - - ap= &(r->d[x]); |
45 | - - if (r->top < x) |
46 | - - al=0; |
47 | - - else |
48 | - - al=r->top-x; |
49 | + ap=&(r->d[ri]); |
50 | + |
51 | + { |
52 | + size_t m1,m2; |
53 | + |
54 | + v=bn_sub_words(rp,ap,np,ri); |
55 | + /* this ----------------^^ works even in al<ri case |
56 | + * thanks to zealous zeroing of top of the vector in the |
57 | + * beginning. */ |
58 | + |
59 | + /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */ |
60 | + /* in other words if subtraction result is real, then |
61 | + * trick unconditional memcpy below to perform in-place |
62 | + * "refresh" instead of actual copy. */ |
63 | + m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */ |
64 | + m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */ |
65 | + m1|=m2; /* (al!=ri) */ |
66 | + m1|=(0-(size_t)v); /* (al!=ri || v) */ |
67 | + m1&=~m2; /* (al!=ri || v) && !al>ri */ |
68 | + nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); |
69 | + } |
70 | + |
71 | + /* 'i<ri' is chosen to eliminate dependency on input data, even |
72 | + * though it results in redundant copy in al<ri case. */ |
73 | + for (i=0,ri-=4; i<ri; i+=4) |
74 | + { |
75 | + BN_ULONG t1,t2,t3,t4; |
76 | + |
77 | + t1=nrp[i+0]; |
78 | + t2=nrp[i+1]; |
79 | + t3=nrp[i+2]; ap[i+0]=0; |
80 | + t4=nrp[i+3]; ap[i+1]=0; |
81 | + rp[i+0]=t1; ap[i+2]=0; |
82 | + rp[i+1]=t2; ap[i+3]=0; |
83 | + rp[i+2]=t3; |
84 | + rp[i+3]=t4; |
85 | + } |
86 | + for (ri+=4; i<ri; i++) |
87 | + rp[i]=nrp[i], ap[i]=0; |
88 | +# else |
89 | + if (bn_wexpand(ret,al) == NULL) goto err; |
90 | ret->top=al; |
91 | + ret->neg=r->neg; |
92 | + |
93 | + rp=ret->d; |
94 | + ap=&(r->d[ri]); |
95 | al-=4; |
96 | for (i=0; i<al; i+=4) |
97 | { |
98 | @@ -258,7 +308,7 @@ |
99 | al+=4; |
100 | for (; i<al; i++) |
101 | rp[i]=ap[i]; |
102 | - -#endif |
103 | +# endif |
104 | #else /* !MONT_WORD */ |
105 | BIGNUM *t1,*t2; |
106 | |
107 | @@ -278,10 +328,12 @@ |
108 | if (!BN_rshift(ret,t2,mont->ri)) goto err; |
109 | #endif /* MONT_WORD */ |
110 | |
111 | +#if !defined(BRANCH_FREE) || BRANCH_FREE==0 |
112 | if (BN_ucmp(ret, &(mont->N)) >= 0) |
113 | { |
114 | if (!BN_usub(ret,ret,&(mont->N))) goto err; |
115 | } |
116 | +#endif |
117 | retn=1; |
118 | bn_check_top(ret); |
119 | err: |
120 | -----BEGIN PGP SIGNATURE----- |
121 | Version: GnuPG v1.4.5 (GNU/Linux) |
122 | |
123 | iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHVaJfKA |
124 | 7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bzrKqDj |
125 | zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp55UPz |
126 | iBDdynBpa+s= |
127 | =aquq |
128 | -----END PGP SIGNATURE----- |