[Pkg-openssl-changes] r166 - in openssl/trunk: . crypto/rsa debian
ssl
Kurt Roeckx
kroeckx at costa.debian.org
Sun Sep 17 13:29:27 UTC 2006
Author: kroeckx
Date: 2006-09-17 13:29:26 +0000 (Sun, 17 Sep 2006)
New Revision: 166
Modified:
openssl/trunk/Configure
openssl/trunk/Makefile.org
openssl/trunk/Makefile.shared
openssl/trunk/config
openssl/trunk/crypto/rsa/rsa_eay.c
openssl/trunk/crypto/rsa/rsa_sign.c
openssl/trunk/debian/changelog
openssl/trunk/ssl/t1_enc.c
Log:
* New upstream release
- block padding bug with compression now fixed upstream, using
their patch.
- Includes the RSA Signature Forgery (CVE-2006-4339) patch.
Modified: openssl/trunk/Configure
===================================================================
--- openssl/trunk/Configure 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/Configure 2006-09-17 13:29:26 UTC (rev 166)
@@ -156,7 +156,7 @@
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -196,7 +196,7 @@
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -286,7 +286,7 @@
# with debugging of the following config.
"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::bn-ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Legacy HPUX 9.X configs...
@@ -640,6 +640,7 @@
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment"
+ "camellia" => "default",
"gmp" => "default",
"mdc2" => "default",
"rc5" => "default",
@@ -653,7 +654,7 @@
# For symmetry, "disable-..." is a synonym for "no-...".
# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
my $no_sse2=0;
@@ -958,7 +959,7 @@
my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin");
+$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
$exe_ext=".pm" if ($target =~ /vos/);
@@ -1849,3 +1850,11 @@
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}
+
+# Attempt to detect MSYS environment
+
+sub is_msys
+ {
+ return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys");
+ return 0;
+ }
Modified: openssl/trunk/Makefile.org
===================================================================
--- openssl/trunk/Makefile.org 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/Makefile.org 2006-09-17 13:29:26 UTC (rev 166)
@@ -111,7 +111,7 @@
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd \
- des aes rc2 rc4 rc5 idea bf cast \
+ des aes rc2 rc4 rc5 idea bf cast camellia \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
Modified: openssl/trunk/Makefile.shared
===================================================================
--- openssl/trunk/Makefile.shared 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/Makefile.shared 2006-09-17 13:29:26 UTC (rev 166)
@@ -196,10 +196,14 @@
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
+# link_o.darwin produces .so, because we let it use dso_dlfcn module,
+# which has .so extension hard-coded. One can argue that one should
+# develop special dso module for MacOS X. At least manual encourages
+# to use native NSModule(3) API and refers to dlfcn as termporary hack.
link_o.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
- SHLIB_SUFFIX=.dylib; \
+ SHLIB_SUFFIX=.so; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
@@ -223,6 +227,7 @@
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
+ SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
$(LINK_SO_A)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
@@ -275,7 +280,7 @@
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
if [ -n "$$SHLIB_HIST" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_O)
@@ -296,7 +301,7 @@
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
if [ -n "$$SHLIB_HIST" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+ SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_A)
@@ -450,7 +455,7 @@
@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
- expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+ expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
@@ -499,7 +504,7 @@
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
$(LINK_SO_A_VIA_O)
link_app.aix:
- LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH)"; \
+ LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
$(LINK_APP)
link_o.reliantunix:
@@ -538,7 +543,7 @@
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
-symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
Modified: openssl/trunk/config
===================================================================
--- openssl/trunk/config 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/config 2006-09-17 13:29:26 UTC (rev 166)
@@ -717,9 +717,9 @@
fi
fi
elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
- OUT="hpux-parisc-${CC}
+ OUT="hpux-parisc-${CC}"
elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
- OUT="hpux-parisc-${CC}
+ OUT="hpux-parisc-${CC}"
else # Motorola(?) CPU
OUT="hpux-$CC"
fi
@@ -794,7 +794,7 @@
i386-*) options="$options 386" ;;
esac
-for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
+for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
do
if [ ! -d crypto/$i ]
then
Modified: openssl/trunk/crypto/rsa/rsa_eay.c
===================================================================
--- openssl/trunk/crypto/rsa/rsa_eay.c 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/crypto/rsa/rsa_eay.c 2006-09-17 13:29:26 UTC (rev 166)
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -238,40 +238,63 @@
return(r);
}
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, BIGNUM **r, int *local, BN_CTX *ctx)
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
BN_BLINDING *ret;
+ int got_write_lock = 0;
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+
if (rsa->blinding == NULL)
{
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+
if (rsa->blinding == NULL)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->blinding == NULL)
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->blinding;
if (ret == NULL)
- return NULL;
+ goto err;
- if (BN_BLINDING_get_thread_id(ret) != CRYPTO_thread_id())
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
{
- *local = 0;
+ /* rsa->blinding is ours! */
+
+ *local = 1;
+ }
+ else
+ {
+ /* resort to rsa->mt_blinding instead */
+
+ *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
+ * that the BN_BLINDING is shared, meaning that accesses
+ * require locks, and that the blinding factor must be
+ * stored outside the BN_BLINDING
+ */
+
if (rsa->mt_blinding == NULL)
{
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ if (!got_write_lock)
+ {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+ }
+
if (rsa->mt_blinding == NULL)
rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
ret = rsa->mt_blinding;
}
+
+ err:
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
else
- *local = 1;
-
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
return ret;
}
@@ -358,7 +381,7 @@
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
@@ -479,7 +502,7 @@
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
- blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
Modified: openssl/trunk/crypto/rsa/rsa_sign.c
===================================================================
--- openssl/trunk/crypto/rsa/rsa_sign.c 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/crypto/rsa/rsa_sign.c 2006-09-17 13:29:26 UTC (rev 166)
@@ -196,7 +196,7 @@
/* Parameters to the signature algorithm can also be used to
create forgeries */
if(sig->algor->parameter
- && sig->algor->parameter->type != V_ASN1_NULL)
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/debian/changelog 2006-09-17 13:29:26 UTC (rev 166)
@@ -1,10 +1,14 @@
-openssl (0.9.8b-4) unstable; urgency=low
+openssl (0.9.8c-1) unstable; urgency=low
+ * New upstream release
+ - block padding bug with compression now fixed upstream, using
+ their patch.
+ - Includes the RSA Signature Forgery (CVE-2006-4339) patch.
* Change the postinst script to check that ntp is installed instead
of ntp-refclock and ntp-simple. The binary is now in the ntp
package.
- -- Kurt Roeckx <kurt at roeckx.be> Tue, 5 Sep 2006 20:31:27 +0000
+ -- Kurt Roeckx <kurt at roeckx.be> Sun, 17 Sep 2006 13:28:02 +0000
openssl (0.9.8b-3) unstable; urgency=high
Modified: openssl/trunk/ssl/t1_enc.c
===================================================================
--- openssl/trunk/ssl/t1_enc.c 2006-09-17 12:19:53 UTC (rev 165)
+++ openssl/trunk/ssl/t1_enc.c 2006-09-17 13:29:26 UTC (rev 166)
@@ -628,13 +628,19 @@
{
ii=i=rec->data[l-1]; /* padding_length */
i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ /* NB: if compression is in operation the first packet
+ * may not be of even length so the padding bug check
+ * cannot be performed. This bug workaround has been
+ * around since SSLeay so hopefully it is either fixed
+ * now or no buggy implementation supports compression
+ * [steve]
+ */
+ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ && !s->expand)
{
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence,
- "\0\0\0\0\0\0\0\0",8) == 0) &&
- !(ii & 1) &&
- rec->data[l-i] != ii)
+ "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
i--;
More information about the Pkg-openssl-changes
mailing list