OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=7

2007-08-03 13:49:48 +00:00 · 2007-08-03 13:49:48 +00:00 · 4b865a26e1
commit 4b865a26e1
parent 3495fdf026
3 changed files with 135 additions and 3 deletions
--- a/openssl-CVE-2007-3108-bug296511.diff
+++ b/openssl-CVE-2007-3108-bug296511.diff
@ -0,0 +1,114 @@
 --- crypto/bn/bn_mont.c
 +++ crypto/bn/bn_mont.c	2007-08-02 11:49:15.251420366 +0200
@@ -176,7 +176,6 @@ int BN_from_montgomery(BIGNUM *ret, cons
 	max=(nl+al+1); /* allow for overflow (no?) XXX */
 	if (bn_wexpand(r,max) == NULL) goto err;
 -	if (bn_wexpand(ret,max) == NULL) goto err;
 	r->neg=a->neg^n->neg;
 	np=n->d;
@@ -228,19 +227,70 @@ int BN_from_montgomery(BIGNUM *ret, cons
 		}
 	bn_correct_top(r);
 -	/* mont->ri will be a multiple of the word size */
 -#if 0
 -	BN_rshift(ret,r,mont->ri);
 -#else
 -	ret->neg = r->neg;
 -	x=ri;
 +	/* mont->ri will be a multiple of the word size and below code
 +	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
 +	if (r->top <= ri)
 +		{
 +		ret->top=0;
 +		retn=1;
 +		goto err;
 +		}
 +	al=r->top-ri;
 +
 +# define BRANCH_FREE 1
 +# if BRANCH_FREE
 +	if (bn_wexpand(ret,ri) == NULL) goto err;
 +	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
 +	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
 +	ret->neg=r->neg;
 +
 	rp=ret->d;
 -	ap= &(r->d[x]);
 -	if (r->top < x)
 -		al=0;
 -	else
 -		al=r->top-x;
 +	ap=&(r->d[ri]);
 +
 +	{
 +	size_t m1,m2;
 +
 +	v=bn_sub_words(rp,ap,np,ri);
 +	/* this ----------------^^ works even in al<ri case
 +	 * thanks to zealous zeroing of top of the vector in the
 +	 * beginning. */
 +
 +	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
 +	/* in other words if subtraction result is real, then
 +	 * trick unconditional memcpy below to perform in-place
 +	 * "refresh" instead of actual copy. */
 +	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
 +	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
 +	m1|=m2;			/* (al!=ri) */
 +	m1|=(0-(size_t)v);	/* (al!=ri || v) */
 +	m1&=~m2;		/* (al!=ri || v) && !al>ri */
 +	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
 +	}
 +
 +	/* 'i<ri' is chosen to eliminate dependency on input data, even
 +	 * though it results in redundant copy in al<ri case. */
 +	for (i=0,ri-=4; i<ri; i+=4)
 +		{
 +		BN_ULONG t1,t2,t3,t4;
 +		
 +		t1=nrp[i+0];
 +		t2=nrp[i+1];
 +		t3=nrp[i+2];	ap[i+0]=0;
 +		t4=nrp[i+3];	ap[i+1]=0;
 +		rp[i+0]=t1;	ap[i+2]=0;
 +		rp[i+1]=t2;	ap[i+3]=0;
 +		rp[i+2]=t3;
 +		rp[i+3]=t4;
 +		}
 +	for (ri+=4; i<ri; i++)
 +		rp[i]=nrp[i], ap[i]=0;
 +# else
 +	if (bn_wexpand(ret,al) == NULL) goto err;
 	ret->top=al;
 +	ret->neg=r->neg;
 +
 +	rp=ret->d;
 +	ap=&(r->d[ri]);
 	al-=4;
 	for (i=0; i<al; i+=4)
 		{
@@ -258,7 +308,7 @@ int BN_from_montgomery(BIGNUM *ret, cons
 	al+=4;
 	for (; i<al; i++)
 		rp[i]=ap[i];
 -#endif
 +# endif
 #else /* !MONT_WORD */ 
 	BIGNUM *t1,*t2;
@@ -278,10 +328,12 @@ int BN_from_montgomery(BIGNUM *ret, cons
 	if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */
 +#if !defined(BRANCH_FREE) || BRANCH_FREE==0
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
 		{
 		if (!BN_usub(ret,ret,&(mont->N))) goto err;
 		}
 +#endif
 	retn=1;
 	bn_check_top(ret);
  err:
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Fri Aug  3 14:17:27 CEST 2007 - coolo@suse.de
 - provide the version obsoleted (#293401)
 -------------------------------------------------------------------
 Wed Aug  1 18:01:45 CEST 2007 - werner@suse.de
 - Add patch from CVS for RSA key reconstruction vulnerability 
  (CVE-2007-3108, VU#724968, bug #296511)
 -------------------------------------------------------------------
 Thu May 24 16:18:50 CEST 2007 - mkoenig@suse.de
--- a/openssl.spec
+++ b/openssl.spec
@ -14,12 +14,12 @@ Name:           openssl
 BuildRequires:  bc ed zlib-devel
 %define ssletcdir %{_sysconfdir}/ssl
 %define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
-License:        BSD License and BSD-like
+License:        BSD 3-Clause
 Group:          Productivity/Networking/Security
 Provides:       ssl
 Autoreqprov:    on
 Version:        0.9.8e
-Release:        25
+Release:        32
 Summary:        Secure Sockets and Transport Layer Security
 URL:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -29,6 +29,7 @@ Source21:       Equifax-root1.pem
 Patch0:         openssl-0.9.8-sparc.dif
 Patch1:         openssl-0.9.8-flags-priority.dif
 Patch2:         non-exec-stack.diff
 Patch4:         openssl-CVE-2007-3108-bug296511.diff
 Patch7:         openssl-0.9.7f-ppc64.diff
 Patch8:         openssl-hppa-config.diff
 Patch9:         openssl-0.9.6g-alpha.diff
@ -111,7 +112,7 @@ Group:          Development/Libraries/C and C++
 # openssl-devel last used in openSUSE 10.2
 Obsoletes:      openssl-devel <= 0.9.8e-8
 Requires:       libopenssl0_9_8 = %{version} zlib-devel
-Provides:       openssl-devel = %{version}-%{release}
+Provides:       openssl-devel = 0.9.8e-8
 %description -n libopenssl-devel
 This package contains all necessary include files and libraries needed
@ -189,6 +190,7 @@ Authors:
 %patch -p1
 %patch1 -p1
 %patch2
 %patch4
 %patch7 -p1
 %patch8
 %patch9 -p1
@ -413,6 +415,11 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %{ssletcdir}/certs
 %changelog
 * Fri Aug 03 2007 - coolo@suse.de
 - provide the version obsoleted (#293401)
 * Wed Aug 01 2007 - werner@suse.de
 - Add patch from CVS for RSA key reconstruction vulnerability
  (CVE-2007-3108, VU#724968, bug #296511)
 * Thu May 24 2007 - mkoenig@suse.de
 - fix build with gcc-4.2
  openssl-gcc42.patch