debian/0000755000000000000000000000000013401517363007171 5ustar debian/openssl.files0000644000000000000000000000023010323246103011662 0ustar usr/share/man/man1 usr/share/man/man5 usr/share/man/man7 usr/bin usr/lib/ssl/misc usr/lib/ssl/certs usr/lib/ssl/openssl.cnf usr/lib/ssl/private etc/ssl debian/libssl-dev.files0000644000000000000000000000016411632643401012257 0ustar usr/lib/*/libssl.so usr/lib/*/libcrypto.so usr/lib/*/libssl.a usr/lib/*/libcrypto.a usr/lib/*/pkgconfig usr/include debian/rules0000755000000000000000000001672112263335306010260 0ustar #!/usr/bin/make -f # Sample debian.rules file - for GNU Hello (1.3). # Copyright 1994,1995 by Ian Jackson. # I hereby give you perpetual unlimited permission to copy, # modify and relicense this file, provided that you do not remove # my name from the file itself. (I assert my moral right of # paternity under the Copyright, Designs and Patents Act 1988.) # This file may have to be extensively modified # # Modified to be a prototype for debmake by Christoph Lameter SHELL=/bin/bash package=openssl # For generating the manpages export VERSION=$(shell dpkg-parsechangelog | grep '^Version:' | sed -e 's/^.*://' -e 's/-.*//') # The binary architeture DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH) DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) DEB_HOST_MULTIARCH=$(shell dpkg-architecture -qDEB_HOST_MULTIARCH) DEB_HOST_ARCH_CPU=$(shell dpkg-architecture -qDEB_HOST_ARCH_CPU) DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CROSS=CC=$(DEB_HOST_GNU_TYPE)-gcc MAKE_TEST=: else CROSS=CC=$(CC) MAKE_TEST=make test endif ifeq ($(DEB_HOST_ARCH),amd64) ARCH_CONFARGS := enable-ec_nistp_64_gcc_128 endif CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib enable-tlsext no-ssl2 $(ARCH_CONFARGS) OPT_alpha = ev4 ev5 ARCHOPTS = OPT_$(DEB_HOST_ARCH) OPTS = $($(ARCHOPTS)) WANTED_LIBC_VERSION = 2.3.1-10 ifeq ($(DEB_HOST_ARCH_CPU), amd64) CONFARGS += enable-ec_nistp_64_gcc_128 endif ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) MAKE_TEST = : endif build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir # perl util/ssldir.pl /usr/lib/ssl # chmod +x debian/libtool ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH) $(if $(filter enable-ec_nistp_64_gcc_128, $(CONFARGS)), make $(CROSS) -f Makefile depend) make $(CROSS) -f Makefile all $(MAKE_TEST) mv libcrypto.a libcrypto.static mv libssl.a libssl.static make -f Makefile clean test -z "$(OPTS)" || for opt in $(OPTS); \ do \ set -xe; \ ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \ make $(CROSS) -f Makefile all; \ $(MAKE_TEST); \ mkdir -p $$opt; \ mv libcrypto.so* libssl.so* $$opt/; \ make -f Makefile clean; \ done ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH) #make $(CROSS) -f Makefile depend ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ # make $(CROSS) -f Makefile linux-shared make $(CROSS) -f Makefile all $(MAKE_TEST) # strip apps/openssl # make -f Makefile clean # ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH) # make $(CROSS) -f Makefile all touch build-stamp clean: dh_testdir dh_testroot -rm -f build-stamp -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH) -sed -i -e 's/rm -f/rm -rf/' Makefile [ ! -f Makefile ] || make -f Makefile clean clean-shared #-make -f Makefile dclean # perl util/ssldir.pl /usr/local/ssl -rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl -rm -f util/mk1mf.bak Makefile.bak `find . -name Makefile.save` -rm -f crypto/pem/ctx_size -rm -f `find . -name "*~"` -rm -f `find . -name "*.orig" -o -name "*.rej"` -rm -f certs/*.0 certs/*.1 # -rm -rf debian/tmp debian/files* core `find debian/* -type d` -rm -rf core $(OPTS) -rm doc/*.pod -rm -f libcrypto.* libssl.* -cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest ecdsatest ecdhtest ideatest md2test md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest jpaketest srptest wp_test asn1test -rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S rm -f test/asn1test test/wp_test test/srptest test/jpaketest rm -f certs/demo/*.0 rm -rf crypto/aes/aes-armv4.S crypto/bn/armv4-gf2m.S crypto/modes/ghash-armv4.S crypto/sha/*.S dh_clean install: build dh_testdir dh_testroot dh_clean dh_installdirs make -f Makefile $(CROSS) install INSTALL_PREFIX=`pwd`/debian/tmp binary-indep: build install dh_testdir dh_testroot dh_installdirs -i dh_installman -plibssl-doc dh_installdocs -i dh_movefiles -i dh_installchangelogs -i CHANGES dh_compress -i dh_fixperms -i dh_gencontrol -i dh_installdeb -i dh_md5sums -i dh_builddeb -i binary-arch: build install dh_testdir dh_testroot dh_installdirs -a # pic static libraries, nobody should need them # mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a # mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a cp -pf libcrypto.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.a cp -pf libssl.static debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.a # move runtime libraries to /lib install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH) mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/lib*.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so mkdir -p debian/tmp/etc/ssl mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.0.0-udeb/lib/ cp -pf debian/tmp/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.0.0-udeb/lib/ for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$opt/; done mkdir -p debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl mv debian/tmp/usr/include/openssl/opensslconf.h debian/tmp/usr/include/$(DEB_HOST_MULTIARCH)/openssl/ install debian/copyright debian/libssl1.0.0/usr/share/doc/libssl1.0.0/ install debian/changelog debian/libssl1.0.0/usr/share/doc/libssl1.0.0/changelog.Debian install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/ install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian dh_installdocs -a CHANGES.SSLeay README NEWS debian/README.optimization dh_installexamples -a dh_installchangelogs -a CHANGES dh_installman -popenssl dh_installdebconf -a dh_movefiles -a dh_compress -a # symlink doc files for p in openssl libssl-dev; do \ for f in changelog.Debian.gz changelog.gz copyright; do \ ln -sf ../libssl1.0.0/$$f debian/$$p/usr/share/doc/$$p/$$f; \ done; \ done chmod 700 debian/openssl/etc/ssl/private dh_fixperms -a -X etc/ssl/private dh_strip -plibssl1.0.0 --dbg-package=libssl1.0.0-dbg dh_strip -a -Nlibssl1.0.0 dh_perl -a -d dpkg-gensymbols -Pdebian/libssl1.0.0/ -plibssl1.0.0 -c4 dh_makeshlibs -a -V "libssl1.0.0 (>= 1.0.1d)" --add-udeb="libcrypto1.0.0-udeb" -Xengines sed -i '/^udeb: libssl/s/libcrypto1.0.0-udeb/libssl1.0.0-udeb/' debian/libssl1.0.0/DEBIAN/shlibs dh_shlibdeps -a -L libssl1.0.0 -l debian/libssl1.0.0/lib/$(DEB_HOST_MULTIARCH) dh_gencontrol -a dh_installdeb -a dh_md5sums -a dh_builddeb -a echo -en "\a" # Below here is fairly generic really binary: binary-indep binary-arch .PHONY: binary binary-arch binary-indep clean install debian/libssl1.0.0-udeb.dirs0000644000000000000000000000000412263334623012631 0ustar lib debian/control0000644000000000000000000000742112263334623010601 0ustar Source: openssl Build-Depends: debhelper (>= 9), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Christoph Martin , Kurt Roeckx Standards-Version: 3.9.5 XS-Debian-Vcs-Browser: http://svn.debian.org/wsvn/pkg-openssl/openssl XS-Debian-Vcs-Svn: svn://svn.debian.org/pkg-openssl/openssl/ Package: openssl Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends} Suggests: ca-certificates Description: Secure Sockets Layer toolkit - cryptographic utility This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains the general-purpose command line binary /usr/bin/openssl, useful for cryptographic operations such as: * creating RSA, DH, and DSA key parameters; * creating X.509 certificates, CSRs, and CRLs; * calculating message digests; * encrypting and decrypting with ciphers; * testing SSL/TLS clients and servers; * handling S/MIME signed or encrypted mail. Package: libssl1.0.0 Section: libs Priority: important Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - shared libraries This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It provides the libssl and libcrypto shared libraries. Package: libcrypto1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - libcrypto udeb This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains a version of the libcrypto shared library for use with the Debian Installer. Do not install it on a normal system. Package: libssl1.0.0-udeb XC-Package-Type: udeb Section: debian-installer Priority: optional Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: ssl shared library - udeb libssl shared library. . Do not install it on a normal system. Package: libssl-dev Section: libdevel Priority: optional Architecture: any Multi-Arch: same Recommends: libssl-doc Depends: libssl1.0.0 (= ${binary:Version}), zlib1g-dev, ${misc:Depends} Description: Secure Sockets Layer toolkit - development files This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains development libraries, header files, and manpages for libssl and libcrypto. Package: libssl-doc Section: doc Priority: optional Architecture: all Replaces: libssl-dev (<< 1.0.0) Breaks: libssl-dev (<< 1.0.0) Depends: ${shlibs:Depends}, ${perl:Depends}, ${misc:Depends} Description: Secure Sockets Layer toolkit - development documentation This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains manpages and demo files for libssl and libcrypto. Package: libssl1.0.0-dbg Section: debug Priority: extra Architecture: any Multi-Arch: same Depends: libssl1.0.0 (= ${binary:Version}), ${misc:Depends} Description: Secure Sockets Layer toolkit - debug information This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the Internet. . It contains debugging symbols for libssl and libcrypto. debian/watch0000644000000000000000000000015512257407544010232 0ustar version=3 opts=pgpsigurlmangle=s/$/.asc/ ftp://ftp.openssl.org/source/openssl-(\d+\.\d+\.\d+[a-z]?)\.tar\.gz debian/openssl.postinst0000644000000000000000000000020310323246103012443 0ustar #!/bin/sh -e if [ ! -e /usr/lib/ssl ] then echo Linking /usr/lib/ssl to /etc/ssl ln -sf /etc/ssl /usr/lib/ssl fi #DEBHELPER# debian/libssl-doc.docs0000644000000000000000000000000611501477301012066 0ustar demos debian/patches/0000755000000000000000000000000013401517260010614 5ustar debian/patches/CVE-2016-2107.patch0000644000000000000000000000217412710423664013241 0ustar Backport of: From 9e79d38892dc30c874934e0aef7409d31d4bf37f Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sat, 16 Apr 2016 23:08:56 +0200 Subject: [PATCH] Check that we have enough padding characters. CVE-2016-2107 --- crypto/evp/e_aes_cbc_hmac_sha1.c | 3 +++ crypto/evp/e_aes_cbc_hmac_sha256.c | 3 +++ 2 files changed, 6 insertions(+), 0 deletions(-) Index: openssl-1.0.1f/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-28 11:07:16.893905840 -0400 +++ openssl-1.0.1f/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-28 11:08:18.394824532 -0400 @@ -59,6 +59,7 @@ #include #include #include "evp_locl.h" +#include "constant_time_locl.h" #ifndef EVP_CIPH_FLAG_AEAD_CIPHER #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -278,6 +279,8 @@ maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA_DIGEST_LENGTH+pad+1); mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1))); inp_len &= mask; debian/patches/c_rehash-compat.patch0000644000000000000000000000242511551405233014675 0ustar From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Wed, 21 Apr 2010 15:52:10 +0200 Subject: [PATCH] also create old hash for compatibility --- tools/c_rehash.in | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) Index: openssl-1.0.0d/tools/c_rehash.in =================================================================== --- openssl-1.0.0d.orig/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 +++ openssl-1.0.0d/tools/c_rehash.in 2011-04-13 20:41:28.000000000 +0000 @@ -86,6 +86,7 @@ } } link_hash_cert($fname) if($cert); + link_hash_cert_old($fname) if($cert); link_hash_crl($fname) if($crl); } } @@ -119,8 +120,9 @@ sub link_hash_cert { my $fname = $_[0]; + my $hashopt = $_[1] || '-subject_hash'; $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; + my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; @@ -150,6 +152,10 @@ $hashlist{$hash} = $fprint; } +sub link_hash_cert_old { + link_hash_cert($_[0], '-subject_hash_old'); +} + # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { debian/patches/CVE-2018-0739.patch0000644000000000000000000002010413256507024013244 0ustar Backport of: From 9310d45087ae546e27e61ddf8f6367f29848220d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 22 Mar 2018 10:05:40 +0000 Subject: [PATCH] Limit ASN.1 constructed types recursive definition depth Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz --- crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_err.c | 3 ++- crypto/asn1/tasn_dec.c | 62 +++++++++++++++++++++++++++++++++----------------- 3 files changed, 44 insertions(+), 22 deletions(-) Index: openssl-1.0.1f/crypto/asn1/asn1.h =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/asn1.h 2018-03-27 14:19:20.998302344 -0400 +++ openssl-1.0.1f/crypto/asn1/asn1.h 2018-03-27 14:20:14.630380358 -0400 @@ -1359,6 +1359,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 #define ASN1_R_NESTED_ASN1_STRING 197 +#define ASN1_R_NESTED_TOO_DEEP 219 #define ASN1_R_NON_HEX_CHARACTERS 141 #define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 Index: openssl-1.0.1f/crypto/asn1/asn1_err.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/asn1_err.c 2018-03-27 14:19:20.998302344 -0400 +++ openssl-1.0.1f/crypto/asn1/asn1_err.c 2018-03-27 14:20:57.018439709 -0400 @@ -269,6 +269,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, +{ERR_REASON(ASN1_R_NESTED_TOO_DEEP) ,"nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, Index: openssl-1.0.1f/crypto/asn1/tasn_dec.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/tasn_dec.c 2018-03-27 14:19:20.998302344 -0400 +++ openssl-1.0.1f/crypto/asn1/tasn_dec.c 2018-03-27 14:31:33.899280578 -0400 @@ -65,6 +65,14 @@ #include #include +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -82,11 +90,11 @@ static int asn1_check_tlen(long *olen, i static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -143,7 +151,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval, { ASN1_TLC c; asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); } @@ -151,9 +159,9 @@ int ASN1_template_d2i(ASN1_VALUE **pval, * If 'opt' set and tag mismatch return -1 to handle OPTIONAL */ -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_COMPAT_FUNCS *cf; @@ -177,6 +185,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, asn1_cb = aux->asn1_cb; else asn1_cb = 0; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP); + goto err; + } + switch(it->itype) { case ASN1_ITYPE_PRIMITIVE: @@ -195,7 +208,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, goto err; } return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx); + it->templates, opt, ctx, depth); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -335,7 +348,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, /* We mark field as OPTIONAL so its absence * can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); /* If field not present, try the next one */ if (ret == -1) continue; @@ -466,7 +479,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, * OPTIONAL */ ret = asn1_template_ex_d2i(pseqval, &p, len, - seqtt, isopt, ctx); + seqtt, isopt, ctx, + depth); if (!ret) { errtt = seqtt; @@ -546,6 +560,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, return 0; } +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); +} + /* Templates are handled with two separate functions. * One handles any EXPLICIT tag and the other handles the rest. */ @@ -553,7 +574,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -593,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VAL return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, @@ -626,7 +647,7 @@ static int asn1_template_ex_d2i(ASN1_VAL } else return asn1_template_noexp_d2i(val, in, inlen, - tt, opt, ctx); + tt, opt, ctx, depth); *in = p; return 1; @@ -639,7 +660,7 @@ static int asn1_template_ex_d2i(ASN1_VAL static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -724,9 +745,9 @@ static int asn1_template_noexp_d2i(ASN1_ break; } skfield = NULL; - if (!ASN1_item_ex_d2i(&skfield, &p, len, + if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, 0, ctx)) + -1, 0, 0, ctx, depth)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); @@ -750,8 +771,9 @@ static int asn1_template_noexp_d2i(ASN1_ else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); + ret = asn1_item_ex_d2i(val, &p, len, + ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, + ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, @@ -764,8 +786,8 @@ static int asn1_template_noexp_d2i(ASN1_ else { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, debian/patches/CVE-2016-2178-1.patch0000644000000000000000000000307612770753426013421 0ustar Backport of: From d168705e11526a4b487640c7cac5b53ee3646cbc Mon Sep 17 00:00:00 2001 From: Cesar Pereida Date: Mon, 23 May 2016 12:45:25 +0300 Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. CVE-2016-2178 Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 621eaf49a289bfac26d4cbcdb7396e796784c534) --- crypto/dsa/dsa_ossl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2016-09-22 09:04:16.056322736 -0400 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2016-09-22 09:05:04.792946673 -0400 @@ -241,10 +241,6 @@ do if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); - if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) - { - BN_set_flags(&k, BN_FLG_CONSTTIME); - } if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { @@ -273,11 +269,14 @@ } K = &kq; + + BN_set_flags(K, BN_FLG_CONSTTIME); } else { K = &k; } + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; debian/patches/CVE-2015-3195.patch0000644000000000000000000000331612630311454013241 0ustar Backport of: From b29ffa392e839d05171206523e84909146f7a77c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 10 Nov 2015 19:03:07 +0000 Subject: [PATCH] Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte --- crypto/asn1/tasn_dec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/crypto/asn1/tasn_dec.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/tasn_dec.c 2015-12-04 07:36:53.038690220 -0500 +++ openssl-1.0.1f/crypto/asn1/tasn_dec.c 2015-12-04 07:38:24.187694186 -0500 @@ -169,6 +169,8 @@ int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -534,7 +536,8 @@ auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -762,7 +765,7 @@ { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, debian/patches/pod_x509setflags.misspell.patch0000644000000000000000000000073611575361117016602 0ustar --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -113,7 +113,7 @@ to examine the valid policy tree and perform additional checks or simply log it for debugging purposes. -By default some addtional features such as indirect CRLs and CRLs signed by +By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If B is set they are enabled. debian/patches/CVE-2018-0734-1.patch0000644000000000000000000000175413401516440013401 0ustar Backport of: From 43e6a58d4991a451daf4891ff05a48735df871ac Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 29 Oct 2018 08:24:22 +1000 Subject: [PATCH] Merge DSA reallocation timing fix CVE-2018-0734. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7513) --- crypto/dsa/dsa_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2018-12-04 10:28:30.175965323 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2018-12-04 10:28:30.171965316 -0500 @@ -242,7 +242,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C if ((r=BN_new()) == NULL) goto err; /* Preallocate space */ - q_bits = BN_num_bits(dsa->q); + q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; if (!BN_set_bit(&k, q_bits) || !BN_set_bit(&l, q_bits) || !BN_set_bit(&m, q_bits)) debian/patches/CVE-2015-0287.patch0000644000000000000000000000337312502553627013253 0ustar Backport of: commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 Author: Dr. Stephen Henson Date: Mon Feb 23 02:32:44 2015 +0000 Free up ADB and CHOICE if already initialised. CVE-2015-0287 Reviewed-by: Tim Hudson Reviewed-by: Emilia Käsper Index: openssl-1.0.1f/crypto/asn1/tasn_dec.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/tasn_dec.c 2015-03-17 14:51:39.279500075 -0400 +++ openssl-1.0.1f/crypto/asn1/tasn_dec.c 2015-03-17 14:51:39.275500049 -0400 @@ -310,9 +316,16 @@ case ASN1_ITYPE_CHOICE: if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; - - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); @@ -407,6 +420,17 @@ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { debian/patches/CVE-2014-0198.patch0000644000000000000000000000144312330770220013234 0ustar Description: fix denial of service via null pointer dereference Origin: vendor, http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21 Bug: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2014-05-02 15:00:28.216467809 -0400 +++ openssl-1.0.1f/ssl/s3_pkt.c 2014-05-02 15:02:06.192469397 -0400 @@ -657,6 +657,10 @@ if (i <= 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; } if (len == 0 && !create_empty_fragment) debian/patches/CVE-2016-2181-3.patch0000644000000000000000000000201612770756463013412 0ustar Backport of: From 5802758eb480c5f14a768f6a061df1dd20aec8c4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 17 Aug 2016 17:55:36 +0100 Subject: [PATCH] Update function error code A function error code needed updating due to merge issues. Reviewed-by: Richard Levitte --- ssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2016-09-22 09:30:43.831805772 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2016-09-22 09:31:00.404003527 -0400 @@ -2091,7 +2091,7 @@ #define SSL_F_DTLS1_HEARTBEAT 305 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 -#define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404 +#define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 #define SSL_F_DTLS1_PROCESS_RECORD 257 #define SSL_F_DTLS1_READ_BYTES 258 debian/patches/CVE-2015-0205.patch0000644000000000000000000000243512453766144013244 0ustar From 98a0f9660d374f58f79ee0efcc8c1672a805e8e8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 23 Oct 2014 20:36:17 +0100 Subject: [PATCH] Unauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell --- ssl/s3_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2015-01-09 08:02:35.078281706 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2015-01-09 08:02:35.074281680 -0500 @@ -2933,7 +2933,7 @@ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type & EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); debian/patches/CVE-2015-0289.patch0000644000000000000000000001257212502067262013251 0ustar Backport of: commit d3d52c73544bba800c2a8f5ef3376358158cf2ca Author: Emilia Kasper Date: Fri Feb 27 16:52:23 2015 +0100 PKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson Index: openssl-1.0.1f/crypto/pkcs7/pk7_doit.c =================================================================== --- openssl-1.0.1f.orig/crypto/pkcs7/pk7_doit.c 2015-03-17 13:23:47.074826586 -0400 +++ openssl-1.0.1f/crypto/pkcs7/pk7_doit.c 2015-03-17 13:30:41.074900145 -0400 @@ -272,6 +272,25 @@ PKCS7_RECIP_INFO *ri=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -433,6 +452,16 @@ unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -747,6 +776,16 @@ STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -791,6 +830,7 @@ /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -801,6 +841,7 @@ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -873,24 +914,31 @@ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) - { - char *cont; - long contlen; - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + if (!PKCS7_is_detached(p7)) { + /* + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. + */ + if (os == NULL) goto err; + if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; } - contlen = BIO_get_mem_data(btmp, &cont); - /* Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. - */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy of the data + * instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); } + } ret=1; err: EVP_MD_CTX_cleanup(&ctx_tmp); @@ -965,6 +1013,16 @@ STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert=p7->d.sign->cert; Index: openssl-1.0.1f/crypto/pkcs7/pk7_lib.c =================================================================== --- openssl-1.0.1f.orig/crypto/pkcs7/pk7_lib.c 2015-03-17 13:23:47.074826586 -0400 +++ openssl-1.0.1f/crypto/pkcs7/pk7_lib.c 2015-03-17 13:23:47.074826586 -0400 @@ -71,6 +71,7 @@ switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { @@ -459,6 +460,8 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return(p7->d.sign->signer_info); debian/patches/CVE-2018-5407.patch0000644000000000000000000002554213401517260013247 0ustar Backport of: From b18162a7c9bbfb57112459a4d6631fa258fd8c0c Mon Sep 17 00:00:00 2001 From: Billy Brumley Date: Thu, 8 Nov 2018 13:57:54 +0200 Subject: [PATCH] CVE-2018-5407 fix: ECC ladder Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/7593) --- CHANGES | 13 +++ crypto/bn/bn_lib.c | 32 +++++++ crypto/ec/ec_mult.c | 246 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 291 insertions(+) #diff --git a/CHANGES b/CHANGES #index b574074..fde66b5 100644 #--- a/CHANGES #+++ b/CHANGES #@@ -9,6 +9,19 @@ # # Changes between 1.0.2p and 1.0.2q [xx XXX xxxx] # #+ *) Microarchitecture timing vulnerability in ECC scalar multiplication #+ #+ OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been #+ shown to be vulnerable to a microarchitecture timing side channel attack. #+ An attacker with sufficient access to mount local timing attacks during #+ ECDSA signature generation could recover the private key. #+ #+ This issue was reported to OpenSSL on 26th October 2018 by Alejandro #+ Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and #+ Nicola Tuveri. #+ (CVE-2018-5407) #+ [Billy Brumley] #+ # *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object # Module, accidentally introduced while backporting security fixes from the # development branch and hindering the use of ECC in FIPS mode. Index: openssl-1.0.1f/crypto/bn/bn_lib.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_lib.c 2018-12-04 10:30:09.188158053 -0500 +++ openssl-1.0.1f/crypto/bn/bn_lib.c 2018-12-04 10:35:08.856793986 -0500 @@ -850,6 +850,32 @@ void BN_consttime_swap(BN_ULONG conditio a->top ^= t; b->top ^= t; + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + */ + + t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + a->flags ^= t; + b->flags ^= t; + #define BN_CONSTTIME_SWAP(ind) \ do { \ t = (a->d[ind] ^ b->d[ind]) & condition; \ Index: openssl-1.0.1f/crypto/ec/ec_mult.c =================================================================== --- openssl-1.0.1f.orig/crypto/ec/ec_mult.c 2018-12-04 10:30:09.188158053 -0500 +++ openssl-1.0.1f/crypto/ec/ec_mult.c 2018-12-04 10:33:24.916566063 -0500 @@ -68,6 +68,224 @@ #include "ec_lcl.h" +#define EC_POINT_BN_set_flags(P, flags) do { \ + BN_set_flags(&(P)->X, (flags)); \ + BN_set_flags(&(P)->Y, (flags)); \ + BN_set_flags(&(P)->Z, (flags)); \ +} while(0) + +/*- + * This functions computes (in constant time) a point multiplication over the + * EC group. + * + * At a high level, it is Montgomery ladder with conditional swaps. + * + * It performs either a fixed scalar point multiplication + * (scalar * generator) + * when point is NULL, or a generic scalar point multiplication + * (scalar * point) + * when point is not NULL. + * + * scalar should be in the range [0,n) otherwise all constant time bets are off. + * + * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, + * which of course are not constant time themselves. + * + * The product is stored in r. + * + * Returns 1 on success, 0 otherwise. + */ +static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) +{ + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *s = NULL; + BIGNUM *k = NULL; + BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + + s = EC_POINT_new(group); + if (s == NULL) + goto err; + + if (point == NULL) { + if (!EC_POINT_copy(s, group->generator)) + goto err; + } else { + if (!EC_POINT_copy(s, point)) + goto err; + } + + EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); + + cardinality = BN_CTX_get(ctx); + lambda = BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + if (k == NULL || !BN_mul(cardinality, &group->order, &group->cofactor, ctx)) + goto err; + + /* + * Group cardinalities are often on a word boundary. + * So when we pad the scalar, some timing diff might + * pop if it needs to be expanded due to carries. + * So expand ahead of time. + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = cardinality->top; + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) + goto err; + + if (!BN_copy(k, scalar)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { + /*- + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(k, k, cardinality, ctx)) + goto err; + } + + if (!BN_add(lambda, k, cardinality)) + goto err; + BN_set_flags(lambda, BN_FLG_CONSTTIME); + if (!BN_add(k, lambda, cardinality)) + goto err; + /* + * lambda := scalar + cardinality + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); + BN_consttime_swap(kbit, k, lambda, group_top + 2); + + group_top = group->field.top; + if ((bn_wexpand(&s->X, group_top) == NULL) + || (bn_wexpand(&s->Y, group_top) == NULL) + || (bn_wexpand(&s->Z, group_top) == NULL) + || (bn_wexpand(&r->X, group_top) == NULL) + || (bn_wexpand(&r->Y, group_top) == NULL) + || (bn_wexpand(&r->Z, group_top) == NULL)) + goto err; + + /* top bit is a 1, in a fixed pos */ + if (!EC_POINT_copy(r, s)) + goto err; + + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); + + if (!EC_POINT_dbl(group, s, s, ctx)) + goto err; + + pbit = 0; + +#define EC_POINT_CSWAP(c, a, b, w, t) do { \ + BN_consttime_swap(c, &(a)->X, &(b)->X, w); \ + BN_consttime_swap(c, &(a)->Y, &(b)->Y, w); \ + BN_consttime_swap(c, &(a)->Z, &(b)->Z, w); \ + t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ + (a)->Z_is_one ^= (t); \ + (b)->Z_is_one ^= (t); \ +} while(0) + + /*- + * The ladder step, with branches, is + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * Swapping R, S conditionally on k[i] leaves you with state + * + * k[i] == 0: T, U = R, S + * k[i] == 1: T, U = S, R + * + * Then perform the ECC ops. + * + * U = add(T, U) + * T = dbl(T) + * + * Which leaves you with state + * + * k[i] == 0: U = add(R, S), T = dbl(R) + * k[i] == 1: U = add(S, R), T = dbl(S) + * + * Swapping T, U conditionally on k[i] leaves you with state + * + * k[i] == 0: R, S = T, U + * k[i] == 1: R, S = U, T + * + * Which leaves you with state + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * So we get the same logic, but instead of a branch it's a + * conditional swap, followed by ECC ops, then another conditional swap. + * + * Optimization: The end of iteration i and start of i-1 looks like + * + * ... + * CSWAP(k[i], R, S) + * ECC + * CSWAP(k[i], R, S) + * (next iteration) + * CSWAP(k[i-1], R, S) + * ECC + * CSWAP(k[i-1], R, S) + * ... + * + * So instead of two contiguous swaps, you can merge the condition + * bits and do a single swap. + * + * k[i] k[i-1] Outcome + * 0 0 No Swap + * 0 1 Swap + * 1 0 Swap + * 1 1 No Swap + * + * This is XOR. pbit tracks the previous bit of k. + */ + + for (i = cardinality_bits - 1; i >= 0; i--) { + kbit = BN_is_bit_set(k, i) ^ pbit; + EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); + if (!EC_POINT_add(group, s, r, s, ctx)) + goto err; + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + /* + * pbit logic merges this cswap with that of the + * next iteration + */ + pbit ^= kbit; + } + /* one final cswap to move the right value into r */ + EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); +#undef EC_POINT_CSWAP + + ret = 1; + + err: + EC_POINT_free(s); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + return ret; +} + +#undef EC_POINT_BN_set_flags + /* * This file implements the wNAF-based interleaving multi-exponentation method * (); @@ -380,6 +598,37 @@ int ec_wNAF_mul(const EC_GROUP *group, E return EC_POINT_set_to_infinity(group, r); } + if (!BN_is_zero(&group->order) && !BN_is_zero(&group->cofactor)) + { + /*- + * Handle the common cases where the scalar is secret, enforcing a constant + * time scalar multiplication algorithm. + */ + if ((scalar != NULL) && (num == 0)) + { + /*- + * In this case we want to compute scalar * GeneratorPoint: this + * codepath is reached most prominently by (ephemeral) key generation + * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH + * keygen/first half), where the scalar is always secret. This is why + * we ignore if BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return ec_mul_consttime(group, r, scalar, NULL, ctx); + } + if ((scalar == NULL) && (num == 1)) + { + /*- + * In this case we want to compute scalar * GenericPoint: this codepath + * is reached most prominently by the second half of ECDH, where the + * secret scalar is multiplied by the peer's public point. To protect + * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and + * we always call the constant time version. + */ + return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + } + } + for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) debian/patches/openssl-pod-misspell.patch0000644000000000000000000001313111731055330015724 0ustar Index: openssl-1.0.1/apps/ca.c =================================================================== --- openssl-1.0.1.orig/apps/ca.c 2012-01-12 16:28:02.000000000 +0000 +++ openssl-1.0.1/apps/ca.c 2012-03-17 09:31:48.000000000 +0000 @@ -148,7 +148,7 @@ static const char *ca_usage[]={ "usage: ca args\n", "\n", -" -verbose - Talk alot while doing things\n", +" -verbose - Talk a lot while doing things\n", " -config file - A config file\n", " -name arg - The particular CA definition to use\n", " -gencrl - Generate a new CRL\n", Index: openssl-1.0.1/apps/ecparam.c =================================================================== --- openssl-1.0.1.orig/apps/ecparam.c 2010-06-15 17:25:02.000000000 +0000 +++ openssl-1.0.1/apps/ecparam.c 2012-03-17 09:31:48.000000000 +0000 @@ -105,7 +105,7 @@ * in the asn1 der encoding * possible values: named_curve (default) * explicit - * -no_seed - if 'explicit' parameters are choosen do not use the seed + * -no_seed - if 'explicit' parameters are chosen do not use the seed * -genkey - generate ec key * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device @@ -286,7 +286,7 @@ BIO_printf(bio_err, " " " explicit\n"); BIO_printf(bio_err, " -no_seed if 'explicit'" - " parameters are choosen do not" + " parameters are chosen do not" " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); Index: openssl-1.0.1/crypto/evp/encode.c =================================================================== --- openssl-1.0.1.orig/crypto/evp/encode.c 2010-06-15 17:25:09.000000000 +0000 +++ openssl-1.0.1/crypto/evp/encode.c 2012-03-17 09:31:48.000000000 +0000 @@ -250,7 +250,7 @@ /* We parse the input data */ for (i=0; i 80 characters, scream alot */ + /* If the current line is > 80 characters, scream a lot */ if (ln >= 80) { rv= -1; goto end; } /* Get char and put it into the buffer */ Index: openssl-1.0.1/doc/apps/config.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/config.pod 2004-11-25 17:47:29.000000000 +0000 +++ openssl-1.0.1/doc/apps/config.pod 2012-03-17 09:31:48.000000000 +0000 @@ -119,7 +119,7 @@ information. The section pointed to by B is a table of engine names (though see -B below) and further sections containing configuration informations +B below) and further sections containing configuration information specific to each ENGINE. Each ENGINE specific section is used to set default algorithms, load Index: openssl-1.0.1/doc/apps/req.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/req.pod 2009-04-10 16:42:28.000000000 +0000 +++ openssl-1.0.1/doc/apps/req.pod 2012-03-17 09:31:48.000000000 +0000 @@ -159,7 +159,7 @@ the algorithm is determined by the parameters. B use algorithm B and parameter file B: the two algorithms must match or an error occurs. B just uses algorithm B, and parameters, -if neccessary should be specified via B<-pkeyopt> parameter. +if necessary should be specified via B<-pkeyopt> parameter. B generates a DSA key using the parameters in the file B. B generates EC key (usable both with Index: openssl-1.0.1/doc/apps/ts.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/ts.pod 2009-04-10 11:25:54.000000000 +0000 +++ openssl-1.0.1/doc/apps/ts.pod 2012-03-17 09:31:48.000000000 +0000 @@ -352,7 +352,7 @@ This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default -section can be overriden with the B<-section> command line switch. (Optional) +section can be overridden with the B<-section> command line switch. (Optional) =item B @@ -453,7 +453,7 @@ =head1 ENVIRONMENT VARIABLES B contains the path of the configuration file and can be -overriden by the B<-config> command line option. +overridden by the B<-config> command line option. =head1 EXAMPLES Index: openssl-1.0.1/doc/apps/tsget.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/tsget.pod 2010-01-05 17:17:20.000000000 +0000 +++ openssl-1.0.1/doc/apps/tsget.pod 2012-03-17 09:31:48.000000000 +0000 @@ -124,7 +124,7 @@ =item [request]... List of files containing B DER-encoded time stamp requests. If no -requests are specifed only one request will be sent to the server and it will be +requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) =back Index: openssl-1.0.1/doc/apps/x509v3_config.pod =================================================================== --- openssl-1.0.1.orig/doc/apps/x509v3_config.pod 2006-11-07 13:44:03.000000000 +0000 +++ openssl-1.0.1/doc/apps/x509v3_config.pod 2012-03-17 09:31:48.000000000 +0000 @@ -174,7 +174,7 @@ The value of B should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by -preceeding the name with a B<+> character. +preceding the name with a B<+> character. otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard debian/patches/series0000644000000000000000000000622613401516573012045 0ustar ca.patch config-hurd.patch debian-targets.patch engines-path.patch man-dir.patch man-section.patch no-rpath.patch no-symbolic.patch pic.patch valgrind.patch rehash-crt.patch rehash_pod.patch shared-lib-ext.patch stddef.patch version-script.patch gnu_source.patch c_rehash-compat.patch libdoc-manpgs-pod-spell.patch libssl-misspell.patch openssl-pod-misspell.patch pod_req_misspell2.patch pod_pksc12.misspell.patch pod_s_server.misspell.patch pod_x509setflags.misspell.patch pod_ec.misspell.patch pkcs12-doc.patch dgst_hmac.patch block_diginotar.patch block_digicert_malaysia.patch #padlock_conf.patch defaults.patch openssl_fix_for_x32.patch fix-pod-errors.patch req_bits.patch perlpath-quilt.patch ppc64-support CVE-2014-0076.patch CVE-2014-0160.patch CVE-2010-5298.patch CVE-2014-0198.patch CVE-2014-0195.patch CVE-2014-0221.patch CVE-2014-0224-1.patch CVE-2014-0224-2.patch CVE-2014-3470.patch CVE-2014-0224-3.patch CVE-2014-0224-regression.patch CVE-2014-0224-regression2.patch CVE-2014-3505.patch CVE-2014-3506.patch CVE-2014-3507.patch CVE-2014-3508.patch CVE-2014-3509.patch CVE-2014-3510.patch CVE-2014-3511.patch CVE-2014-3512.patch CVE-2014-5139.patch tls_fallback_scsv_support.patch CVE-2014-3513.patch CVE-2014-3567.patch CVE-2014-3568.patch CVE-2014-3569.patch CVE-2014-3570.patch CVE-2014-3571-1.patch CVE-2014-3571-2.patch CVE-2014-3572.patch CVE-2014-8275.patch CVE-2015-0204.patch CVE-2015-0205.patch CVE-2015-0206.patch CVE-2015-0209.patch CVE-2015-0286.patch CVE-2015-0287.patch CVE-2015-0288.patch CVE-2015-0289.patch CVE-2015-0292.patch CVE-2015-0293.patch CVE-2015-0209-2.patch CVE-2015-0293-2.patch disable_export_ciphers.patch reject_small_dh.patch CVE-2014-8176.patch CVE-2015-1791.patch CVE-2015-1788.patch CVE-2015-1789.patch CVE-2015-1790.patch CVE-2015-1792.patch CVE-2015-1791-2.patch CVE-2015-1791-3.patch CVE-2015-3194.patch CVE-2015-3195.patch CVE-2015-3196.patch alt-cert-chains-1.patch alt-cert-chains-2.patch alt-cert-chains-3.patch alt-cert-chains-4.patch alt-cert-chains-5.patch alt-cert-chains-6.patch alt-cert-chains-7.patch alt-cert-chains-8.patch CVE-2016-0705.patch CVE-2016-0798.patch CVE-2016-0799.patch CVE-2016-0797.patch CVE-2016-0702.patch preserve_digests_for_sni.patch CVE-2016-2105.patch CVE-2016-2106.patch CVE-2016-2107.patch CVE-2016-2108-1.patch CVE-2016-2108-2.patch CVE-2016-2109.patch min_1024_dh_size.patch CVE-2016-2178-1.patch CVE-2016-2178-2.patch CVE-2016-2179.patch CVE-2016-2180.patch CVE-2016-2181-1.patch CVE-2016-2181-2.patch CVE-2016-2181-3.patch CVE-2016-2182.patch CVE-2016-2183.patch CVE-2016-6302.patch CVE-2016-6303.patch CVE-2016-6304.patch CVE-2016-6306-1.patch CVE-2016-6306-2.patch update-expired-smime-test-certs.patch CVE-2014-3571-3.patch CVE-2016-2182-2.patch CVE-2016-2177-pre.patch CVE-2016-2177-pre2.patch CVE-2016-2177-pre3.patch CVE-2016-2177.patch CVE-2016-7056.patch CVE-2016-8610.patch CVE-2016-8610-2.patch CVE-2017-3731-pre.patch CVE-2017-3731.patch CVE-2017-3735.patch CVE-2018-0739.patch CVE-2018-0495.patch CVE-2018-0732.patch CVE-2018-0737-1.patch CVE-2018-0737-2.patch CVE-2018-0737-3.patch CVE-2018-0737-4.patch CVE-2018-0734-pre1.patch CVE-2018-0734-1.patch CVE-2018-0734-2.patch CVE-2018-0734-3.patch CVE-2018-5407.patch debian/patches/alt-cert-chains-8.patch0000644000000000000000000000355712655244117015002 0ustar Backport of: From cb22d2ae5a5b6069dbf66dbcce07223ac15a16de Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 24 Jun 2015 00:12:38 +0100 Subject: [PATCH] Fix alt chains bug This is a follow up to the alternate chains certificate forgery issue (CVE-2015-1793). That issue is exacerbated in 1.0.1 by a related bug which means that we *always* check for an alternative chain, even if we have already found a chain. The code is supposed to stop as soon as it has found one (and does do in master and 1.0.2). Reviewed-by: Stephen Henson --- crypto/x509/verify_extra_test.c | 3 ++- crypto/x509/x509_vfy.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/test/verify_extra_test.c =================================================================== --- openssl-1.0.1f.orig/test/verify_extra_test.c 2016-02-05 16:13:04.021333419 -0500 +++ openssl-1.0.1f/test/verify_extra_test.c 2016-02-05 16:13:04.017333373 -0500 @@ -168,7 +168,8 @@ i = X509_verify_cert(sctx); - if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + if(i == 0 && X509_STORE_CTX_get_error(sctx) + == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) { /* This is the result we were expecting: Test passed */ ret = 1; } Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2016-02-05 16:13:04.021333419 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2016-02-05 16:13:28.365608276 -0500 @@ -316,7 +316,7 @@ * if the user hasn't switched off alternate chain checking */ retry = 0; - if (j == ctx->last_untrusted && + if (num == ctx->last_untrusted && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { while (j-- > 1) { xtmp2 = sk_X509_value(ctx->chain, j - 1); debian/patches/no-symbolic.patch0000644000000000000000000000116211501173436014072 0ustar Index: openssl-1.0.0c/Makefile.shared =================================================================== --- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 +++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 @@ -151,7 +151,7 @@ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" DO_GNU_APP=LDFLAGS="$(CFLAGS)" debian/patches/no-rpath.patch0000644000000000000000000000123511501173436013370 0ustar Index: openssl-1.0.0c/Makefile.shared =================================================================== --- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 +++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 @@ -153,7 +153,7 @@ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" +DO_GNU_APP=LDFLAGS="$(CFLAGS)" #This is rather special. It's a special target with which one can link #applications without bothering with any features that have anything to debian/patches/padlock_conf.patch0000644000000000000000000000130611763506600014264 0ustar --- openssl/apps/openssl.cnf.orig 2012-06-06 00:45:56.000000000 +0200 +++ openssl/apps/openssl.cnf 2012-06-06 00:46:46.000000000 +0200 @@ -19,6 +19,8 @@ # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) +openssl_conf = openssl_def + [ new_oids ] # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. @@ -348,3 +350,16 @@ # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) + +[openssl_def] +engines = engine_section + +[engine_section] +padlock = padlock_section + +[padlock_section] +soft_load=1 +init=1 +default_algorithms = ALL +dynamic_path=padlock + debian/patches/gnu_source.patch0000644000000000000000000000167211503421631014011 0ustar From: Kurt Roeckx Subject: Always define _GNU_SOURCE We need this atleast for kfreebsd because they also use glibc. There shouldn't be a problem defining this on systems not using glibc. Index: openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c =================================================================== --- openssl-1.0.0c.obsolete.0.297891860202984.orig/crypto/dso/dso_dlfcn.c 2010-12-19 16:18:36.000000000 +0100 +++ openssl-1.0.0c.obsolete.0.297891860202984/crypto/dso/dso_dlfcn.c 2010-12-19 16:19:01.000000000 +0100 @@ -60,10 +60,8 @@ that handle _GNU_SOURCE and other similar macros. Defining it later is simply too late, because those headers are protected from re- inclusion. */ -#ifdef __linux -# ifndef _GNU_SOURCE -# define _GNU_SOURCE /* make sure dladdr is declared */ -# endif +#ifndef _GNU_SOURCE +# define _GNU_SOURCE /* make sure dladdr is declared */ #endif #include debian/patches/CVE-2015-0292.patch0000644000000000000000000000154512502067267013246 0ustar From d0666f289ac013094bbbf547bfbcd616199b7d2d Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 4 May 2014 18:44:14 -0400 Subject: [PATCH] evp: prevent underflow in base64 decoding This patch resolves RT ticket #2608. Thanks to Robert Dugal for originally spotting this, and to David Ramos for noticing that the ball had been dropped. Signed-off-by: Geoff Thorpe --- crypto/evp/encode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 28546a8..4654bdc 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, v=EVP_DecodeBlock(out,d,n); n=0; if (v < 0) { rv=0; goto end; } + if (eof > v) { rv=-1; goto end; } ret+=(v-eof); } else -- 1.9.1 debian/patches/block_digicert_malaysia.patch0000644000000000000000000000200511664774704016477 0ustar From: Raphael Geissert Description: make X509_verify_cert indicate that any certificate whose name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. Forwarded: not-needed Origin: vendor Last-Update: 2011-11-05 Index: openssl-1.0.0e/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.0e.orig/crypto/x509/x509_vfy.c +++ openssl-1.0.0e/crypto/x509/x509_vfy.c @@ -833,10 +833,11 @@ static int check_ca_blacklist(X509_STORE for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { x = sk_X509_value(ctx->chain, i); - /* Mark DigiNotar certificates as revoked, no matter - * where in the chain they are. + /* Mark certificates containing the following names as + * revoked, no matter where in the chain they are. */ - if (x->name && strstr(x->name, "DigiNotar")) + if (x->name && (strstr(x->name, "DigiNotar") || + strstr(x->name, "Digicert Sdn. Bhd."))) { ctx->error = X509_V_ERR_CERT_REVOKED; ctx->error_depth = i; debian/patches/CVE-2016-2178-2.patch0000644000000000000000000000302312770753665013417 0ustar Backport of: From 3681a4558c13198944e6f7f149c4be188e076e14 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 7 Jun 2016 09:12:51 +0100 Subject: [PATCH] More fix DSA, preserve BN_FLG_CONSTTIME The previous "fix" still left "k" exposed to constant time problems in the later BN_mod_inverse() call. Ensure both k and kq have the BN_FLG_CONSTTIME flag set at the earliest opportunity after creation. CVE-2016-2178 Reviewed-by: Rich Salz (cherry picked from commit b7d0f2834e139a20560d64c73e2565e93715ce2b) --- crypto/dsa/dsa_ossl.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2016-09-22 09:06:08.809762435 -0400 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2016-09-22 09:07:27.510759765 -0400 @@ -242,6 +242,11 @@ if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_set_flags(&k, BN_FLG_CONSTTIME); + } + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -256,6 +261,8 @@ { if (!BN_copy(&kq, &k)) goto err; + BN_set_flags(&kq, BN_FLG_CONSTTIME); + /* We do not want timing information to leak the length of k, * so we compute g^k using an equivalent exponent of fixed length. * @@ -269,8 +276,6 @@ } K = &kq; - - BN_set_flags(K, BN_FLG_CONSTTIME); } else { debian/patches/CVE-2014-3567.patch0000644000000000000000000000203112417523404013237 0ustar From 7fd4ce6a997be5f5c9e744ac527725c2850de203 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 15 Oct 2014 01:53:55 +0100 Subject: [PATCH] Fix for session tickets memory leak. CVE-2014-3567 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320) --- ssl/t1_lib.c | 3 +++ 1 file changed, 3 insertions(+) Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2014-10-15 12:55:29.709323681 -0400 +++ openssl-1.0.1f/ssl/t1_lib.c 2014-10-15 12:55:29.705323647 -0400 @@ -2319,7 +2319,10 @@ HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) + { + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); debian/patches/CVE-2016-2108-1.patch0000644000000000000000000000305112710424364013371 0ustar Backport of: From 32d3b0f52f77ce86d53f38685336668d47c5bdfe Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 16 Apr 2015 16:43:09 +0100 Subject: [PATCH] Fix encoding bug in i2c_ASN1_INTEGER MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala and Hanno Böck for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit a0eed48d37a4b7beea0c966caf09ad46f4a92a44) --- crypto/asn1/a_int.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/crypto/asn1/a_int.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_int.c 2016-04-28 11:10:07.936460107 -0400 +++ openssl-1.0.1f/crypto/asn1/a_int.c 2016-04-28 11:11:06.633336133 -0400 @@ -124,6 +124,8 @@ { ret=a->length; i=a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad=1; pb=0; @@ -157,7 +159,7 @@ p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while(!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -415,7 +417,7 @@ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); debian/patches/alt-cert-chains-6.patch0000644000000000000000000011113312655245401014763 0ustar Backport of: From d42d1004332f40c1098946b0804791fd3da3e378 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 2 Jul 2015 00:15:56 +0100 Subject: [PATCH] Add test for CVE-2015-1793 This adds a test for CVE-2015-1793. This adds a new test file verify_extra_test.c, which could form the basis for additional verification tests. Reviewed-by: Stephen Henson Conflicts: test/Makefile --- crypto/x509/Makefile | 2 +- crypto/x509/verify_extra_test.c | 208 ++++++++++++++++++++++++++++++++++++++++ test/Makefile | 31 +++++- test/certs/bad.key | 27 ++++++ test/certs/bad.pem | 21 ++++ test/certs/interCA.key | 27 ++++++ test/certs/interCA.pem | 21 ++++ test/certs/leaf.key | 27 ++++++ test/certs/leaf.pem | 21 ++++ test/certs/rootCA.key | 27 ++++++ test/certs/rootCA.pem | 21 ++++ test/certs/roots.pem | 42 ++++++++ test/certs/subinterCA-ss.pem | 21 ++++ test/certs/subinterCA.key | 27 ++++++ test/certs/subinterCA.pem | 21 ++++ test/certs/untrusted.pem | 42 ++++++++ 16 files changed, 581 insertions(+), 5 deletions(-) create mode 100644 crypto/x509/verify_extra_test.c create mode 100644 test/certs/bad.key create mode 100644 test/certs/bad.pem create mode 100644 test/certs/interCA.key create mode 100644 test/certs/interCA.pem create mode 100644 test/certs/leaf.key create mode 100644 test/certs/leaf.pem create mode 100644 test/certs/rootCA.key create mode 100644 test/certs/rootCA.pem create mode 100644 test/certs/roots.pem create mode 100644 test/certs/subinterCA-ss.pem create mode 100644 test/certs/subinterCA.key create mode 100644 test/certs/subinterCA.pem create mode 100644 test/certs/untrusted.pem Index: openssl-1.0.1f/test/verify_extra_test.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/verify_extra_test.c 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,208 @@ +/* + * Written by Matt Caswell for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +static STACK_OF(X509) *load_certs_from_file(const char *filename) +{ + STACK_OF(X509) *certs; + BIO *bio; + X509 *x; + + bio = BIO_new_file(filename, "r"); + + if (bio == NULL) { + return NULL; + } + + certs = sk_X509_new_null(); + if (certs == NULL) { + BIO_free(bio); + return NULL; + } + + ERR_set_mark(); + do { + x = PEM_read_bio_X509(bio, NULL, 0, NULL); + if (x != NULL && !sk_X509_push(certs, x)) { + sk_X509_pop_free(certs, X509_free); + BIO_free(bio); + return NULL; + } else if (x == NULL) { + /* + * We probably just ran out of certs, so ignore any errors + * generated + */ + ERR_pop_to_mark(); + } + } while (x != NULL); + + BIO_free(bio); + + return certs; +} + +/* + * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) + * + * Chain is as follows: + * + * rootCA (self-signed) + * | + * interCA + * | + * subinterCA subinterCA (self-signed) + * | | + * leaf ------------------ + * | + * bad + * + * rootCA, interCA, subinterCA, subinterCA (ss) all have CA=TRUE + * leaf and bad have CA=FALSE + * + * subinterCA and subinterCA (ss) have the same subject name and keys + * + * interCA (but not rootCA) and subinterCA (ss) are in the trusted store + * (roots.pem) + * leaf and subinterCA are in the untrusted list (untrusted.pem) + * bad is the certificate being verified (bad.pem) + * + * Versions vulnerable to CVE-2015-1793 will fail to detect that leaf has + * CA=FALSE, and will therefore incorrectly verify bad + * + */ +static int test_alt_chains_cert_forgery(void) +{ + int ret = 0; + int i; + X509 *x = NULL; + STACK_OF(X509) *untrusted = NULL; + BIO *bio = NULL; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + if(!X509_LOOKUP_load_file(lookup, "certs/roots.pem", X509_FILETYPE_PEM)) + goto err; + + untrusted = load_certs_from_file("certs/untrusted.pem"); + + if ((bio = BIO_new_file("certs/bad.pem", "r")) == NULL) + goto err; + + if((x = PEM_read_bio_X509(bio, NULL, 0, NULL)) == NULL) + goto err; + + sctx = X509_STORE_CTX_new(); + if (sctx == NULL) + goto err; + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if(i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + /* This is the result we were expecting: Test passed */ + ret = 1; + } + err: + X509_STORE_CTX_free(sctx); + X509_free(x); + BIO_free(bio); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_digests(); + + if (!test_alt_chains_cert_forgery()) { + fprintf(stderr, "Test alt chains cert forgery failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} Index: openssl-1.0.1f/test/Makefile =================================================================== --- openssl-1.0.1f.orig/test/Makefile 2016-02-05 16:08:32.834278985 -0500 +++ openssl-1.0.1f/test/Makefile 2016-02-05 16:09:49.619142352 -0500 @@ -63,6 +63,7 @@ JPAKETEST= jpaketest SRPTEST= srptest ASN1TEST= asn1test +VERIFYEXTRATEST= verify_extra_test TESTS= alltests @@ -74,7 +75,7 @@ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ - $(ASN1TEST)$(EXE_EXT) + $(ASN1TEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -86,7 +87,7 @@ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o + $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(VERIFYEXTRATEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c $(WPTEST).c \ @@ -94,7 +95,8 @@ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c + $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ + $(VERIFYEXTRATEST).c EXHEADER= HEADER= $(EXHEADER) @@ -137,7 +139,7 @@ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ - test_jpake test_srp test_cms + test_jpake test_srp test_cms test_verify_extra test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -318,6 +320,10 @@ @echo "Test SRP" ../util/shlib_wrap.sh ./srptest +test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -469,6 +475,9 @@ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) @target=$(SRPTEST); $(BUILD_CMD) +$(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o + @target=$(VERIFYEXTRATEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -722,6 +731,21 @@ ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ssltest.c +verify_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +verify_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +verify_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +verify_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +verify_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +verify_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify_extra_test.o: ../include/openssl/objects.h +verify_extra_test.o: ../include/openssl/opensslconf.h +verify_extra_test.o: ../include/openssl/opensslv.h +verify_extra_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify_extra_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify_extra_test.o: verify_extra_test.c wp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h Index: openssl-1.0.1f/test/certs/bad.key =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/bad.key 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwTqNko5vQiQ5BQohPJ3sySrjT6JedjsKtt1OZ8ndR2C1asUi +HgpVO8QDHKID88Qklx6UCieeKAwIY0VzqWzTyZWTwdqTU9t8arHHJu7IcFlmWsAL +fwTmARWJmpY+K8fGnQx1Kxfi6nQJ8Whq4bcAqJ2HXzG69Wjs3Ki70ScNbQ9RUwXJ +n/FeNrsphKAv5K22zBqjWAQdYMg6vtKZAXCET8jw6OkPVnUb/QvyoBEijWt0+HBh +7wLkSUvMj/7fc88+xtvGqZPyG2Py4DdWW1stpgiZ3TTohEk84t1u5L3qQaRQmVE6 +y5RMImyVY8hegC4zc6aGZDFRv8MR+gk6prcuUwIDAQABAoIBAEkz4YZwJ34rMt7R +452PRrE/ajY1EQxBeeGlHZr8QrRT0ubMIAy5ZWjq7TLfvhePaz1E/FiMgcIyLMtO ++G5rKCDqZbu/DqlqMUxKZWQ+efj2JWyj7LcGKAypGCRUXuE/IeNFYO4ecnzX0Rx/ +rl4scjdu1mYd9PIb+f/ufJjT7qYtykmwlb0MbEJ25yjTC4iHzacvFLJgdXrPp8b9 +ZGlVBKyuk9ZrZDC8/a4QrKt7Hp2SqqO4WqaTgM1G+cQFYuVBmj74bQhJHMmQ+Opr +5KXwBKEHMtJkq1GPVZ34W90V82d+8MJAxymuPomwRXKl1dKgnvny+0eobXkiBDcF +XCBCmIECgYEA8c/fE7Sa1vLZriw0Meq+TxU5hru4YM6OmQ+idc6diCp2U9lW+KJr +YrIRTZFcmhEGmRjAEZrdK0oFY7h5RhsZ+gTftmNZuL8WJCK9+y2DE9dB++md3oVC +PK0d4SmQKsivOTTeiK/VYFGoLc8t8Ud/anu2Q1kFdC+7cH/TrRseV4MCgYEAzJDw +MTil055rYlrAAH8ePEuONomu2MoZRRCX/tWuVvz+eIzA35mryW3OR45l5qNluQoZ +AdpVE68kBak2wIrF2oyWcF1s8VzSbAJCoqK42lKiSGVDVnr6jb69WUujCkYUZIwR +Q20QYBUUQu0JiFBU22tRgILIAK+rRah37EP4RPECgYBN3hKH1fDGpw1R+QoVyPHf +pYYQzQJiqiFhSJeYOCCiaIoSFjrbdfH+pjjMMbMQKctmIYI4KRZvijaSFiV3XeLP +kCI6KWQLCf2nRUjISa+cBAVLib88mMzrnROyHiA+psFGOrAuc/DSQ3lUxxKUT+HH ++G6I4XHQKE7Du2X+qGzs4QKBgBZyJNjRxWhF7rR5Dq4/RHsLM0yKqPPCoSkx2+ur +WJjU47sofpVKUE4mzUaOumGnNicqk3nfkgw54HL6kTZpQ7JqUKt9pNGLBM+zI8qi +njPec04MRmo7zjg1YKNmqDodXGl38QD7+5r/VRzO04fwgI8e5G98aiOhIuLezGHR +R3GRAoGAAyhwtKoC87fSGrpyZQ16UAYuqNy0fVAQtrDgRgP5Nu4esr9QxS/hWjcR +8s2P82wsR4gZna6l6vSz4awGVG4PGKnVjteAtZxok3nBHxPmRke5o7IpdObPjpQP +RJNZYbJ9G/PbYDhciEoTjVyig6Ol5BRe9stSbO7+JIxEYr7VSpA= +-----END RSA PRIVATE KEY----- Index: openssl-1.0.1f/test/certs/bad.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/bad.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIJAJgwOOciuxjSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBGxlYWYwHhcNMTUwNzAyMTMyMDQ2WhcN +MzUwNzAyMTMyMDQ2WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNi +YWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBOo2Sjm9CJDkFCiE8 +nezJKuNPol52Owq23U5nyd1HYLVqxSIeClU7xAMcogPzxCSXHpQKJ54oDAhjRXOp +bNPJlZPB2pNT23xqsccm7shwWWZawAt/BOYBFYmalj4rx8adDHUrF+LqdAnxaGrh +twConYdfMbr1aOzcqLvRJw1tD1FTBcmf8V42uymEoC/krbbMGqNYBB1gyDq+0pkB +cIRPyPDo6Q9WdRv9C/KgESKNa3T4cGHvAuRJS8yP/t9zzz7G28apk/IbY/LgN1Zb +Wy2mCJndNOiESTzi3W7kvepBpFCZUTrLlEwibJVjyF6ALjNzpoZkMVG/wxH6CTqm +ty5TAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJoH29IULbskIG8BwYp4 +9yD+q7wbMB8GA1UdIwQYMBaAFBwdxP7xJUYhGU31hO4z2uXPtRl/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBl0tHkWMBHW6r3ywBlWWFdok04xlt2QD8eA4ywwz97t/8JgLht +OpuHO1bQtrZR6bxAgYT1+yHQnYBTfjKxFq+S9EP6nxBe94mEgizLmMv9pf7x5q+H +pfT8ejcY54E/oXlFXSbLDE1BDpfgkWll2/TIsTRJNoM2n8mytEdPqzRburwWnoFR +VchcfO968asdc9/8glSLJSNO+Wh9vQlbtcPzfbd4ZVE5E/P6drQzSwNjWvHQdswJ +ujkY1zkTP2rtVBGN4OyOfkE6enVKpt5lN6AqjEMhJ5i/yFM/jDndTrgd/JkAvyUJ +O2ELtifCd8DeSYNA9Qm8/MEUYq1xXQrGJHCE +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/interCA.key =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/interCA.key 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu7NHo76UDp738A/nuEfvVkKL7a7Kjk8PJIYkRKouSZZgBW6Q +xBWptfJ6UZLeoDnBjJ47hc7s+ohLkJnnsodAalgMKTIFjDLXhMyzgGqpBJf/ydvl +oEWwP/KZsB32z1v3fn926euBaA9YUAHpwc15i8VaIREPQQPsRA0ZC/3AN2PpPztQ +vTkYUkKyTbAfWhN8ymxR3fZjph+GjUrBfDp90qpUVTgkIp3uXOgAkndB1BI2MvWj +m6mOO8kjVC281auculTozLNFvthv16q3FZMc3/W1aslQa6wCa529+f8v4itM1oCQ +T/h14cK+ZjE7zbhIqwXlWLs/uoVHq1G7iYa9BQIDAQABAoIBABa8FldNBB3pP1rC +cmytud2W3eACJeKqzMi9vrLachTTs/m0dLBrd0zke9BZm8GIfVsM52TDtYx66bww +CBJls3WuCHsM5gMfPV+Gc8+AG8zEpGTMz7lj938nYVolpvliyE14Hu0ia2AxS58V +PD0PKEO3ubz7lf9n/DwZ4gjDyX5r1Cq+thwPlIf4PbEcGHk5SYxNm2DGR0DNL676 +X7CrRu3JBa2mY+moTV/pMrjvwAInmSxs4RBO7ggdYEief/4cBYyzMdiQ1v0UxvdO +674dBJJFG32akPrnPqza7U41ivoDPlgCpKWHDaZadI0Joozd2pw0Mq0a8cyig0BJ +Wa3d9xkCgYEA9T3j8F52u+QMaMzV1VENUAwo0Sqhk8xU0r/4l5PsvCjOuJ7NZkkW +EQnNOI++zaPCeBRV55X0A5E8Pi3uEdKt6m+wsncJzGEVNRwixfd0Ul7Itntq7u9L +/DHTlwpQ4t4PLNu8/uSBDN9A2slY2WsoXkJsdYPgjkrS2rYkt5bHFN8CgYEAw+8w +Qw/zTCBmerzYLJSsjz9rcD2hTtDw72UF1rvEg4QP/9v0I/OU7Lu0ds0KmKJcJfay +ZDMeBT8tW6LFztqdFi24tKISfodfYdET32lNd4QnMtWhoqXXXNiJY5gQC16YmSJm +R7Dgw9hBrr0323/lhhwDDysq1lgD9QbUVEacJpsCgYAoau/TIK5u3vHQn9mqE3af +N7HObzk785QTO8JLsPx2Mj+Hm9x8PBVf736cEMzAdXnKcoeJ6GPT5q7IDKfM1i0F +kyzK7OV3gpSNMTrl55eLL8XilUqVYGjkgo29udyE11Ym7XwjgiNmrLCynjZ/drKr +fkUDxR1QNjK0CwrYGwhqfwKBgQDAYGn3foK4nRthqWdrJjLjlzZLBwgJldbqhjsc +YlIJezImWnU0k2YGpioDd0DPKqLlV3pCLXptVmGXlpM3jags7YlsObGE8C+zoBAu +DHtWPLgsDltckg6Jh8YltlkSgLe9q2vXOhEF2aBsDDb62nGmonxSeWTe/Z4tB56U +fJu2vwKBgFnGbZIcH8sDR7Vwh0sjSKnFkZ1v0T4qsBKpDz9yCvZVIgIFXPkKnALT ++OEpQTuLVN/MZxVlc8qo8UFflJprDsK1/Rm3iPaw+lwErswgddNUKNLnLPjlxcEe +nTinsfyf4i48+IW55UFVU118nyufNeDdasoU6SSBH/MdeNq4hrTa +-----END RSA PRIVATE KEY----- Index: openssl-1.0.1f/test/certs/interCA.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/interCA.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/leaf.key =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/leaf.key 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAv0Qo9WC/BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1 +sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs +0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttR +yY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2 +QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4F +auF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPobQIDAQABAoIBAB1fCiskQDElqgnT +uesWcOb7u55lJstlrVb97Ab0fgtR8tvADTq0Colw1F4a7sXnVxpab+l/dJSzFFWX +aPAXc1ftH/5sxU4qm7lb8Qx6xr8TCRgxslwgkvypJ8zoN6p32DFBTr56mM3x1Vx4 +m41Y92hPa9USL8n8f9LpImT1R5Q9ShI/RUCowPyzhC6OGkFSBJu72nyA3WK0znXn +q5TNsTRdJLOug7eoJJvhOPfy3neNQV0f2jQ+2wDKCYvn6i4j9FSLgYC/vorqofEd +vFBHxl374117F6DXdBChyD4CD5vsplB0zcExRUCT5+iBqf5uc8CbLHeyNk6vSaf5 +BljHWsECgYEA93QnlKsVycgCQqHt2q8EIZ5p7ksGYRVfBEzgetsNdpxvSwrLyLQE +L5AKG3upndOofCeJnLuQF1j954FjCs5Y+8Sy2H1D1EPrHSBp4ig2F5aOxT3vYROd +v+/mF4ZUzlIlv3jNDz5IoLaxm9vhXTtLLUtQyTueGDmqwlht0Kr3/gcCgYEAxd86 +Q23jT4DmJqUl+g0lWdc2dgej0jwFfJ2BEw/Q55vHjqj96oAX5QQZFOUhZU8Otd/D +lLzlsFn0pOaSW/RB4l5Kv8ab+ZpxfAV6Gq47nlfzmEGGx4wcoL0xkHufiXg0sqaG +UtEMSKFhxPQZhWojUimK/+YIF69molxA6G9miOsCgYEA8mICSytxwh55qE74rtXz +1AJZfKJcc0f9tDahQ3XBsEb29Kh0h/lciEIsxFLTB9dFF6easb0/HL98pQElxHXu +z14SWOAKSqbka7lOPcppgZ1l52oNSiduw4z28mAQPbBVbUGkiqPVfCa3vhUYoLvt +nUZCsXoGF3CVBJydpGFzXI0CgYEAtt3Jg72PoM8YZEimI0R462F4xHXlEYtE6tjJ +C+vG/fU65P4Kw+ijrJQv9d6YEX+RscXdg51bjLJl5OvuAStopCLOZBPR3Ei+bobF +RNkW4gyYZHLSc6JqZqbSopuNYkeENEKvyuPFvW3f5FxPJbxkbi9UdZCKlBEXAh/O +IMGregcCgYBC8bS7zk6KNDy8q2uC/m/g6LRMxpb8G4jsrcLoyuJs3zDckBjQuLJQ +IOMXcQBWN1h+DKekF2ecr3fJAJyEv4pU4Ct2r/ZTYFMdJTyAbjw0mqOjUR4nsdOh +t/vCbt0QW3HXYTcVdCnFqBtelKnI12KoC0jAO9EAJGZ6kE/NwG6dQg== +-----END RSA PRIVATE KEY----- Index: openssl-1.0.1f/test/certs/leaf.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/leaf.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/rootCA.key =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/rootCA.key 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwPFrd4isNd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/ +m8TJEtHkC0WX5QbNZjrh4OIr36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyD +Xq5CknSlK+cAwanc1bFTBw9z946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7 +w6jBiLJ3/5zb/GpERET3hewILNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTM +uR4hoGzEq1mwQDm7+Yit/d+NtAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXV +ddTFezpANQafxIS0bJMMrzdar7ZBTSYjHLgCswIDAQABAoIBAC1EdwJEfqLlOgmE +qtSkXn3N919y76Wsfqf+eh5M8Tf4YajCSSIyuTpBJE/AtDJ3thkWF4i7h6+gcLNL +GfR0D+h6MMLBgx259iTZu3V+b9fEMbBHykqcd+IEm/wA5pyJTdaVE/XEGmEqiFEH +g6wT9XwQ4uRo49X0JfvVlZCNcumapYfPY+BwPQloydm/cLtgUtc1RKUCG7i27aHM +VaUm+NdYZIwwCQs0Aof/h7PkEWvHq0idaxY9qkLbbZHb1Np/IkmvqCo/PSS1whDj +/KIQGJDBGuXX/V+cZ+DYkCXAq1fCto9MjarEVmlLW5Hr5QojdbpvwsxSmrGfCqdH +bfc/9gECgYEA6y6EcYBuvCibmO4G2OA1sNSe5lJF911xUHuUl3CRORdeVFDi9Ch+ +LKzE+XEOlvA+qFSIA/KztevX3dvmvvBMwu0PUWDtBKJZ1mXt4Mgo63MHpYnKIzWz +YuDaMKpvbl3iTFJlKPUkPlv+/uDccd0QYYvk4gbBrWVQDghV3ya9LqMCgYEA0gW6 +Cu5yRWodehCh0z8VtFfOGDkhZEav6B5mZvyDCk5f+zVeRlsTJwY4BsgnoMUJ+SjQ +iQwQX3FbWrwcyYPOIA+ja6Hisgb9p/f+hxsQOOhN9nFsk2MNIHkwrMRcE8pj7pc1 +uBoYqpdX8blEs8wkJI+bTI3/SIZw6vjbogSqbLECgYEAhXuQho9byoXN0p3+2ude +8e+sBJPbzEuH/iM2MkIc2ueNjZOfTO8Sti6VWfK2UisnlQjtbjg5kd67Vdvy+pqP +Ju/ACvNVc5TmIo8V1cglmYVfaLBtP1DCcTOoA4ko196Hi8QUUIvat14lu+pKlIHh +Q0xQa41kLhNbvaszegWVyLsCgYEAxhuGySbw/U9CbNDhhL1eANZOXoUNXWRcK6z5 +VS3dgcw6N2C5A86G+2mfUa5dywXyCWgZhRyvGQh5btZApUlCFvYJZc63Ysy7WkTQ +f6rkm3ltiQimrURirn4CjwVOAZEIwJc7oeRj3g6Scz4acysd8KrRh93trwC55LtH +mcWi6JECgYAlqCQvaAnvaWpR0RX7m/UMpqWOVgIperGR7hrN3d04RaWG4yv1+66T +xANNBA8aDxhFwXjAKev4iOE/rp8SEjYXh3lbKmx+p9dk8REUdIFqoClX9tqctW9g +AkDF34S0mSE4T34zhs2+InfohJa6ojsuiNJSQMBPBxfr6wV2C+UWMQ== +-----END RSA PRIVATE KEY----- Index: openssl-1.0.1f/test/certs/rootCA.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/rootCA.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/roots.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/roots.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/subinterCA-ss.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/subinterCA-ss.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIJAJTed6XmFiu/MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMMCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMy +MTU4WhcNMzUwNzAyMTMyMTU4WjBaMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29t +ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDDApzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04 +wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG +64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3G +Vc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn2 +90aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh +6VbJGb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBTpZ30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+ +HHAV3R8aTzANBgkqhkiG9w0BAQsFAAOCAQEAF8UAMtV1DClUWRw1h+THdAhjeo8S +9BOp6QphtlYuc9o+tQri5m+WqbyUZKIBEtumNhFb7QI1e4hO64y1kKbSs2AjWcJ2 +QxAyGiMM3wl2UfxPohDtgNhm0GFgQ1tUTeSnW3kAom9NqI7U/2lPpLh4rrFYTepR +wy0FV3NpRuHPtJE0VfqYnwWiTRdCJ7w1XzknKOUSHP/hRbyJVlwQp3VEQ9SIOYU6 +C+QEVGIgQiST6MRlCvoNP43guaRtrMuBZJaHKy/hLPvkdRpXHoUeKQFDuH77sZsF +sBv3EHNKoBvpSpSJndZN6UcH7Z1yn41Y6AnO4u492jiRAjQpP9+Nf/x1eg== +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/subinterCA.key =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/subinterCA.key 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA/zQjvhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb +2ARVkYZP5e9gHb04wPVz2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1n +JeSv3na8gyOoCheG64kWVbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/C +pdCHE3DKAzAiri3GVc90OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMy +wtz4hhY/XZTvdEn290aL857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRF +HONWZG1T4mRY1Drh6VbJGb+0GNIldNLQqigkfwIDAQABAoIBAQDg14MWGu+F4gqg +nwI1OPt95UjmXaz7Sd0NmoNxTKJjgN/9v33emBL7n6YNIxU/nlK+ToLBGo0tPjfO +ZHoskA1H/aiiMfKowcpV4PHbUZvpE0oYM/rIu+7mxR3ZPDT0jz3jjmgLHrEKFCXd +SfTtwOSJVzYvGdCdDE1nUXiRMcGlrJYxPf+0k3sGK7G90rYJkgffz92yuJote/s5 +P5nsK1h30yjKaWEzvf3ABladplykFN3GkICRGaCq0Nj5YWiG7qX9H9smYrioG0VH +VqgIbV2sHnmUYZaOTmC0RnwDWSZR25xOHVbugZ7rGnf4NdoM2S/oTI/SAXcDsaDX +lDpiEEuBAoGBAP/TISpeDRtUWzfVQxH+wbMdSbABjawf5sT7op7IsWsurY7u+KVh +ubhaSdeR7YbTyVUqbAc4mg9TIZxDe6+/I2S8LibQAa8wnv5aR1iPj/tZJOKrtu+Z +uHUyXMDR+8pIjQS0N+ukFp0tw9nicPNUt23JpqDFMvpASF+kUlnHOWAvAoGBAP9g +5rDid235QnnAhNJGkxE1ZwICPSo66AD/kF8XsMnAVasR0EPJCQ1+Zmh7wsXGq6Im +S65F4m0tsw4jeD67D1o5yuAnk/LLcdOdHW1w7iHuIhYKuWf1fqsOIqJLy7gdzwj4 +hImECoE40cqlLTge7xByxeHJwKF9ssXcwHFBIJyxAoGBAI5SeyUC5e/KYmURdBrS +zBhFtvUAKD0WEmCMTdBgfrPOaCgYsqPvVk9Fi8cuHCLiOCP1UdxClRLpgM1ajbkc +cShduJ9HIWjBd/KxbvfKBqQi1+5y8Xci4gfxWMC9EYNcEXgIewPRafNPvqG85HG7 +M8EUamsOymmG0bzDwjzIJRdpAoGAOUoVtmy3ehZG0WVc5ocqitu+BfdWnViln0O1 +sX9xC3F4Rm4ymGJLA5ntg1bwNMoCytdodun6h5+O4YcXfIseQJFib7KxP/Bf0qcW +aOzCnx36y5MQUMAD8H+1SU9TnjQhs9N8eBUE/kQu3BT99e8KllgJCEPoUNIP/s8s +5LtFg6ECgYEAgLwJoJ3hBwr0LmUi3kpFYdbZ+tAKIvKQH3xYMnQulOqtlXJFy0bu +ZcIAwsigRUqdCC2JuyAUw52HCtVVlpQjNs4BnUzaKooLOCm3w3i6X27mnHE0200S +zqC0rcB0xNz/IltGc7IP+T8UK5xX38uhJ/vUW75OvAjqheJSBwR9h5c= +-----END RSA PRIVATE KEY----- Index: openssl-1.0.1f/test/certs/subinterCA.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/subinterCA.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- Index: openssl-1.0.1f/test/certs/untrusted.pem =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/test/certs/untrusted.pem 2016-02-05 16:08:32.834278985 -0500 @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- debian/patches/CVE-2014-3507.patch0000644000000000000000000001024512370666007013244 0ustar Description: fix DTLS memory leak from zero-length fragments Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=9871417fb74dca48ea1dc85ae666a6529d113ff8 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=099ccdb8084aff60efad0c91185cb465f9123859 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0c37aed3f327782645d68964cd7a714df6b8880d Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4e0fbdc4ecc81c99cd9e63f907039b4b323e642b Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2014-08-07 07:58:40.758807742 -0400 +++ openssl-1.0.1f/ssl/d1_both.c 2014-08-07 07:59:04.754808385 -0400 @@ -599,7 +599,7 @@ } static int -dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) +dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok) { hm_fragment *frag = NULL; pitem *item = NULL; @@ -611,6 +611,9 @@ msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; + if (frag_len == 0) + return DTLS1_HM_FRAGMENT_RETRY; + /* Try to find item in queue */ memset(seq64be,0,sizeof(seq64be)); seq64be[6] = (unsigned char) (msg_hdr->seq>>8); @@ -660,7 +663,9 @@ /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) + if ((unsigned long)i!=frag_len) + i=-1; + if (i<=0) goto err; RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, @@ -677,10 +682,6 @@ if (item == NULL) { - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char)(msg_hdr->seq>>8); - seq64be[7] = (unsigned char)(msg_hdr->seq); - item = pitem_new(seq64be, frag); if (item == NULL) { @@ -688,7 +689,12 @@ i = -1; } - pqueue_insert(s->d1->buffered_messages, item); + item = pqueue_insert(s->d1->buffered_messages, item); + /* pqueue_insert fails iff a duplicate item is inserted. + * However, |item| cannot be a duplicate. If it were, + * |pqueue_find|, above, would have returned it and control + * would never have reached this branch. */ + OPENSSL_assert(item != NULL); } return DTLS1_HM_FRAGMENT_RETRY; @@ -701,7 +707,7 @@ static int -dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) +dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok) { int i=-1; hm_fragment *frag = NULL; @@ -721,7 +727,7 @@ /* If we already have an entry and this one is a fragment, * don't discard it and rather try to reassemble it. */ - if (item != NULL && frag_len < msg_hdr->msg_len) + if (item != NULL && frag_len != msg_hdr->msg_len) item = NULL; /* Discard the message if sequence number was already there, is @@ -746,7 +752,7 @@ } else { - if (frag_len && frag_len < msg_hdr->msg_len) + if (frag_len != msg_hdr->msg_len) return dtls1_reassemble_fragment(s, msg_hdr, ok); if (frag_len > dtls1_max_handshake_message_len(s)) @@ -763,19 +769,25 @@ /* read the body of the fragment (header has already been read */ i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, frag->fragment,frag_len,0); - if (i<=0 || (unsigned long)i!=frag_len) + if ((unsigned long)i!=frag_len) + i = -1; + if (i<=0) goto err; } - memset(seq64be,0,sizeof(seq64be)); - seq64be[6] = (unsigned char)(msg_hdr->seq>>8); - seq64be[7] = (unsigned char)(msg_hdr->seq); - item = pitem_new(seq64be, frag); if ( item == NULL) goto err; - pqueue_insert(s->d1->buffered_messages, item); + item = pqueue_insert(s->d1->buffered_messages, item); + /* pqueue_insert fails iff a duplicate item is inserted. + * However, |item| cannot be a duplicate. If it were, + * |pqueue_find|, above, would have returned it. Then, either + * |frag_len| != |msg_hdr->msg_len| in which case |item| is set + * to NULL and it will have been processed with + * |dtls1_reassemble_fragment|, above, or the record will have + * been discarded. */ + OPENSSL_assert(item != NULL); } return DTLS1_HM_FRAGMENT_RETRY; debian/patches/rehash_pod.patch0000644000000000000000000000570711575362145013774 0ustar Index: openssl-0.9.8k/doc/apps/c_rehash.pod =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200 @@ -0,0 +1,55 @@ + +=pod + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B +[directory] ... + +=head1 DESCRIPTION + +c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. + +If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed. + +For each directory that is to be processed he user must have write permissions on the directory, if they do not then nothing will be printed for that directory. + +Note that this program deletes all the symbolic links that look like ones that it creates before processing a directory. Beware that if you run the program on a directory that contains symbolic links for other purposes that are named in the same format as those created by this program they will be lost. + +The hashes for certificate files are of the form . where n is an integer. If the hash value already exists then n will be incremented, unless the file is a duplicate. Duplicates are detected using the fingerprint of the certificate. A warning will be printed if a duplicate is detected. The hashes for CRL files are of the form .r and have the same behavior. + +The program will also warn if there are files with extension .pem which are not certificate or CRL files. + +The program uses the openssl program to compute the hashes and fingerprints. It expects the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment variable is defined then this is used instead as the executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash -fingerprint -noout -in $file it must output the hash of $file on the first line followed by the fingerprint on the second line, optionally prefixed with some text and an equals sign (=). + +=head1 OPTIONS + +None + +=head1 ENVIRONMENT + +=over 4 + +=item B + +The name (and path) of an executable to use to generate hashes and fingerprints (see above). + +=item B + +Colon separated list of directories to operate on. Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L, L + +=head1 BUGS + +No known bugs + +=cut debian/patches/CVE-2015-1791-3.patch0000644000000000000000000001062112536271074013406 0ustar From 907f04a30354615e54beaa2bc0b986083f7793ee Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 11 Jun 2015 01:30:06 +0100 Subject: [PATCH] More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson --- ssl/ssl_sess.c | 73 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 36 deletions(-) Index: openssl-1.0.1f/ssl/ssl_sess.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_sess.c 2015-06-11 07:06:21.265463102 -0400 +++ openssl-1.0.1f/ssl/ssl_sess.c 2015-06-11 07:09:50.663720016 -0400 @@ -238,12 +238,39 @@ } memcpy(dest, src, sizeof(*dest)); -#ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = src->krb5_client_princ_len; - if (src->krb5_client_princ_len > 0) - memcpy(dest->krb5_client_princ, src->krb5_client_princ, - src->krb5_client_princ_len); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif #endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; +#endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { @@ -251,33 +278,19 @@ if (dest->psk_identity_hint == NULL) { goto err; } - } else { - dest->psk_identity_hint = NULL; } if (src->psk_identity) { dest->psk_identity = BUF_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } - } else { - dest->psk_identity = NULL; } #endif - if (src->sess_cert != NULL) - CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); - - if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -285,18 +298,12 @@ goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - #ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } # ifndef OPENSSL_NO_EC if (src->tlsext_ecpointformatlist) { @@ -305,8 +312,6 @@ src->tlsext_ecpointformatlist_length); if (dest->tlsext_ecpointformatlist == NULL) goto err; - dest->tlsext_ecpointformatlist_length = - src->tlsext_ecpointformatlist_length; } if (src->tlsext_ellipticcurvelist) { dest->tlsext_ellipticcurvelist = @@ -314,29 +319,25 @@ src->tlsext_ellipticcurvelist_length); if (dest->tlsext_ellipticcurvelist == NULL) goto err; - dest->tlsext_ellipticcurvelist_length = - src->tlsext_ellipticcurvelist_length; } # endif #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } #ifndef OPENSSL_NO_SRP - dest->srp_username = NULL; if (src->srp_username) { dest->srp_username = BUF_strdup(src->srp_username); if (dest->srp_username == NULL) { goto err; } - } else { - dest->srp_username = NULL; } #endif debian/patches/CVE-2016-6306-2.patch0000644000000000000000000000412312770760724013410 0ustar Backport of: From bb1a4866034255749ac578adb06a76335fc117b1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 21 Sep 2016 13:26:01 +0100 Subject: [PATCH] Make message buffer slightly larger than message. Grow TLS/DTLS 16 bytes more than strictly necessary as a precaution against OOB reads. In most cases this will have no effect because the message buffer will be large enough already. Reviewed-by: Matt Caswell (cherry picked from commit 006a788c84e541c8920dd2ad85fb62b52185c519) --- ssl/d1_both.c | 5 ++++- ssl/s3_both.c | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2016-09-22 09:48:16.944729463 -0400 +++ openssl-1.0.1f/ssl/d1_both.c 2016-09-22 09:49:30.845631101 -0400 @@ -507,8 +507,11 @@ if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ { /* msg_len is limited to 2^24, but is effectively checked - * against max above */ - if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH)) + * against max above + * + * Make buffer slightly larger than message length as a precaution + * against small OOB reads e.g. CVE-2016-6306 */ + if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH+16)) { SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); return SSL_AD_INTERNAL_ERROR; Index: openssl-1.0.1f/ssl/s3_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_both.c 2016-09-22 09:48:16.944729463 -0400 +++ openssl-1.0.1f/ssl/s3_both.c 2016-09-22 09:50:25.002291272 -0400 @@ -518,7 +518,11 @@ SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); goto f_err; } - if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4)) + /* + * Make buffer slightly larger than message length as a precaution + * against small OOB reads e.g. CVE-2016-6306 + */ + if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4+16)) { SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); goto err; debian/patches/CVE-2015-0286.patch0000644000000000000000000000177112502067245013246 0ustar Backport of: commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 Author: Dr. Stephen Henson Date: Mon Mar 9 23:11:45 2015 +0000 Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte Index: openssl-1.0.1f/crypto/asn1/a_type.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_type.c 2015-03-17 12:59:03.530216557 -0400 +++ openssl-1.0.1f/crypto/asn1/a_type.c 2015-03-17 12:59:41.238523537 -0400 @@ -124,6 +124,9 @@ case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; debian/patches/libdoc-manpgs-pod-spell.patch0000644000000000000000000001203612255603224016255 0ustar Index: openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.691836721 +0100 @@ -61,7 +61,7 @@ =item B, B Encodes an ASN1 B type. The B string represents -the value of the integer, it can be preceeded by a minus sign and +the value of the integer, it can be preceded by a minus sign and is normally interpreted as a decimal value unless the prefix B<0x> is included. Index: openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.691836721 +0100 @@ -48,7 +48,7 @@ BN_BLINDING_convert_ex() multiplies B with the blinding factor B. If B is not NULL a copy the inverse blinding factor B will be -returned in B (this is useful if a B object is shared amoung +returned in B (this is useful if a B object is shared among several threads). BN_BLINDING_invert_ex() multiplies B with the inverse blinding factor B. If B is not NULL it will be used as the inverse blinding. Index: openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.691836721 +0100 @@ -17,7 +17,7 @@ EVP_BytesToKey() derives a key and IV from various parameters. B is the cipher to derive the key and IV for. B is the message digest to use. -The B paramter is used as a salt in the derivation: it should point to +The B parameter is used as a salt in the derivation: it should point to an 8 byte buffer or NULL if no salt is used. B is a buffer containing B bytes which is used to derive the keying data. B is the iteration count to use. The derived key and IV will be written to B Index: openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.691836721 +0100 @@ -152,7 +152,7 @@ EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and -EVP_CipherInit_ex() except the B paramter does not need to be +EVP_CipherInit_ex() except the B parameter does not need to be initialized and they always use the default cipher implementation. EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a Index: openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.691836721 +0100 @@ -26,7 +26,7 @@ The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys B and B. -The funcion EVP_PKEY_cmp() compares the public key components and paramters +The funcion EVP_PKEY_cmp() compares the public key components and parameters (if present) of keys B and B. =head1 NOTES Index: openssl-1.0.1e/doc/crypto/pem.pod =================================================================== --- openssl-1.0.1e.orig/doc/crypto/pem.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/crypto/pem.pod 2013-12-22 16:16:44.691836721 +0100 @@ -201,7 +201,7 @@ PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption -algorithms. The B argument specifies the encryption algoritm to +algorithms. The B argument specifies the encryption algorithm to use: unlike all other PEM routines the encryption is applied at the PKCS#8 level and not in the PEM headers. If B is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100 @@ -169,8 +169,8 @@ failure, if wished. The callback realizes a verification depth limit with more informational output. -All verification errors are printed, informations about the certificate chain -are printed on request. +All verification errors are printed; information about the certificate chain +is printed on request. The example is realized for a server that does allow but not require client certificates. debian/patches/alt-cert-chains-1.patch0000644000000000000000000001352512655206246014770 0ustar Backport of: From f7bf8e02dfcb2c02bc12a59276d0a3ba43e6c204 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Jan 2015 10:03:29 +0000 Subject: [PATCH] In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Kurt Roeckx --- crypto/x509/x509_vfy.c | 165 +++++++++++++++++++++++++++++-------------------- 1 file changed, 98 insertions(+), 67 deletions(-) Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2016-02-05 15:45:12.062806522 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2016-02-05 15:55:56.873867283 -0500 @@ -153,11 +153,11 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { - X509 *x,*xtmp,*chain_ss=NULL; + X509 *x,*xtmp,*xtmp2,*chain_ss=NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth,i,ok=0; - int num; + int num,j,retry; int (*cb)(int xok,X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp=NULL; if (ctx->cert == NULL) @@ -231,82 +231,114 @@ break; } + /* Remember how many untrusted certs we have */ + j = num; /* at this point, chain should contain a list of untrusted * certificates. We now need to add at least one trusted one, * if possible, otherwise we complain. */ - /* Examine last certificate in chain and see if it - * is self signed. - */ - - i=sk_X509_num(ctx->chain); - x=sk_X509_value(ctx->chain,i-1); - if (ctx->check_issued(ctx, x, x)) - { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) - { - /* We have a single self signed certificate: see if - * we can find it in the store. We must have an exact - * match to avoid possible impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) - { - ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert=x; - ctx->error_depth=i-1; - if (ok == 1) X509_free(xtmp); - bad_chain = 1; - ok=cb(0,ctx); - if (!ok) goto end; - } - else - { - /* We have a match: replace certificate with store version - * so we get any trust settings. + do { + /* + * Examine last certificate in chain and see if it is self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (ctx->check_issued(ctx, x, x)) { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) { + /* + * We have a single self signed certificate: see if we can + * find it in the store. We must have an exact match to avoid + * possible impersonation. */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted=0; + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace certificate with store + * version so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; } + } else { + /* extract and save self signed certificate for later use + */ + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } - else - { - /* extract and save self signed certificate for later use */ - chain_ss=sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x=sk_X509_value(ctx->chain,num-1); + + } + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (ctx->check_issued(ctx, x, x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); + if (ok < 0) + return ok; + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + return 0; } + num++; } - /* We now lookup certs from the certificate store */ - for (;;) - { - /* If we have enough, we break */ - if (depth < num) break; - - /* If we are self signed, we break */ - if (ctx->check_issued(ctx,x,x)) break; - - ok = ctx->get_issuer(&xtmp, ctx, x); - - if (ok < 0) return ok; - if (ok == 0) break; - - x = xtmp; - if (!sk_X509_push(ctx->chain,x)) - { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - return 0; + /* + * If we haven't got a least one certificate from our store then check + * if there is an alternative chain that could be used. + */ + retry = 0; + if (j == ctx->last_untrusted) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert we'll add it again later + */ + X509_free(xtmp); + + /* + * Dump all the certs above this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + ctx->last_untrusted--; + } + retry = 1; + break; + } } - num++; } - - /* we now have our chain, lets check it... */ + } while (retry); /* Is last certificate looked up self signed? */ if (!ctx->check_issued(ctx,x,x)) debian/patches/CVE-2015-3194.patch0000644000000000000000000000243212630311450013232 0ustar Backport of: From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 2 Oct 2015 13:10:29 +0100 Subject: [PATCH] Add PSS parameter check. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Matt Caswell --- crypto/rsa/rsa_ameth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/rsa/rsa_ameth.c =================================================================== --- openssl-1.0.1f.orig/crypto/rsa/rsa_ameth.c 2015-12-04 07:35:43.437923518 -0500 +++ openssl-1.0.1f/crypto/rsa/rsa_ameth.c 2015-12-04 07:36:26.458397427 -0500 @@ -287,7 +287,7 @@ { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length; debian/patches/CVE-2016-2177.patch0000644000000000000000000001341113043665666013256 0ustar Backport of: From 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 5 May 2016 11:10:26 +0100 Subject: [PATCH] Avoid some undefined pointer arithmetic A common idiom in the codebase is: if (p + len > limit) { return; /* Too long */ } Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit! Issue reported by Guido Vranken. CVE-2016-2177 Reviewed-by: Rich Salz --- ssl/s3_srvr.c | 14 +++++++------- ssl/ssl_sess.c | 2 +- ssl/t1_lib.c | 48 ++++++++++++++++++++++++++---------------------- 3 files changed, 34 insertions(+), 30 deletions(-) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2017-01-30 11:23:10.675902912 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2017-01-30 11:25:06.797479525 -0500 @@ -984,7 +984,7 @@ session_length = *(p + SSL3_RANDOM_SIZE); - if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1002,7 +1002,7 @@ /* get the session-id */ j= *(p++); - if (p + j > d + n) { + if ((d + n) - p < j) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1046,14 +1046,14 @@ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { /* cookie stuff */ - if (p + 1 > d + n) { + if ((d + n) - p < 1) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; } cookie_len = *(p++); - if (p + cookie_len > d + n) { + if ((d + n ) - p < cookie_len) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1105,7 +1105,7 @@ p += cookie_len; } - if (p + 2 > d + n) { + if ((d + n ) - p < 2) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; @@ -1120,7 +1120,7 @@ } /* i bytes of cipher data + 1 byte for compression length later */ - if ((p + i + 1) > (d + n)) + if ((d + n) - p < i + 1) { /* not enough data */ al=SSL_AD_DECODE_ERROR; @@ -1187,7 +1187,7 @@ /* compression */ i= *(p++); - if ((p+i) > (d+n)) + if ((d + n) - p < i) { /* not enough data */ al=SSL_AD_DECODE_ERROR; Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2017-01-30 11:23:10.675902912 -0500 +++ openssl-1.0.1f/ssl/t1_lib.c 2017-01-30 11:36:15.086404473 -0500 @@ -899,11 +899,11 @@ 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (limit-2)) + if (limit - data <= 2) return; data += 2; - if (data > (limit-4)) + if (limit - data < 4) return; n2s(data,type); n2s(data,size); @@ -911,7 +911,7 @@ if (type != TLSEXT_TYPE_server_name) return; - if (data+size > limit) + if (limit - data < size) return; data += size; @@ -920,7 +920,7 @@ const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != limit) + if (limit - data != (int)(len1 + len2)) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -931,7 +931,7 @@ { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != limit) + if (limit - data != (int)(len)) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -966,19 +966,19 @@ ssl_check_for_safari(s, data, limit); #endif /* !OPENSSL_NO_EC */ - if (data >= (limit-2)) + if (limit - data <= 2) goto ri_check; n2s(data,len); - if (data + len != limit) + if (limit - data != len) goto ri_check; - while (data <= (limit-4)) + while (limit - data >= 4) { n2s(data,type); n2s(data,size); - if (data+size > (limit)) + if (limit - data < size) goto ri_check; #if 0 fprintf(stderr,"Received extension type %d size %d\n",type,size); @@ -1493,22 +1493,22 @@ SSL_TLSEXT_HB_DONT_SEND_REQUESTS); #endif - if (data >= (d+n-2)) + if ((d + n) - data <= 2) goto ri_check; n2s(data,length); - if (data+length != d+n) + if ((d + n) - data != length) { *al = SSL_AD_DECODE_ERROR; return 0; } - while(data <= (d+n-4)) + while ((d + n) - data >= 4) { n2s(data,type); n2s(data,size); - if (data+size > (d+n)) + if ((d + n) - data < size) goto ri_check; if (s->tlsext_debug_cb) @@ -2196,30 +2196,34 @@ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { i = *(p++); - p+= i; - if (p >= limit) + + if (limit - p <= i) return -1; + + p += i; } /* Skip past cipher list */ n2s(p, i); - p+= i; - if (p >= limit) + if (limit - p <= i) return -1; + p+= i; + /* Skip past compression algorithm list */ i = *(p++); - p += i; - if (p > limit) + if (limit - p < i) return -1; + p += i; + /* Now at start of extensions */ - if ((p + 2) >= limit) + if (limit - p <= 2) return 0; n2s(p, i); - while ((p + 4) <= limit) + while (limit - p >= 4) { unsigned short type, size; n2s(p, type); n2s(p, size); - if (p + size > limit) + if (limit - p < size) return 0; if (type == TLSEXT_TYPE_session_ticket) { debian/patches/CVE-2018-0737-3.patch0000644000000000000000000000201313312440365013376 0ustar Backport of: From 0d6710289307d277ebc3354105c965b6e8ba8eb0 Mon Sep 17 00:00:00 2001 From: Samuel Weiser Date: Fri, 9 Feb 2018 14:11:47 +0100 Subject: [PATCH] consttime flag changed Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 7150a4720af7913cae16f2e4eaf768b578c0b298) --- crypto/rsa/rsa_gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.1f.orig/crypto/rsa/rsa_gen.c 2018-06-20 07:56:07.498724686 -0400 +++ openssl-1.0.1f/crypto/rsa/rsa_gen.c 2018-06-20 07:56:26.970739830 -0400 @@ -130,7 +130,7 @@ static int rsa_builtin_keygen(RSA *rsa, BN_copy(rsa->e, e_value); - BN_set_flags(rsa->e, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { debian/patches/debian-targets.patch0000644000000000000000000002456512255614625014553 0ustar Index: openssl-1.0.1e/Configure =================================================================== --- openssl-1.0.1e.orig/Configure 2013-08-24 07:46:42.292313320 +0000 +++ openssl-1.0.1e/Configure 2013-08-24 07:49:19.252316478 +0000 @@ -105,6 +105,10 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; +$debian_cflags =~ s/\n/ /g; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -340,6 +344,53 @@ "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", +# Debian GNU/* (various architectures) +"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", + #### #### Variety of LINUX:-) #### debian/patches/CVE-2014-3470.patch0000644000000000000000000000143012343104335013226 0ustar commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86 Author: Dr. Stephen Henson Date: Thu May 29 15:00:05 2014 +0100 Fix CVE-2014-3470 Check session_cert is not NULL before dereferencing it. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d35376d..4324f8d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? debian/patches/CVE-2017-3731-pre.patch0000644000000000000000000001027113043677332014032 0ustar Backport of: From 1a3701f4fe0530a40ec073cd78d02cfcc26c0f8e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 27 Apr 2015 11:07:06 +0100 Subject: [PATCH] Sanity check EVP_CTRL_AEAD_TLS_AAD The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at least 13 bytes long. Add sanity checks to ensure that the length is at least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov (cherry picked from commit c8269881093324b881b81472be037055571f73f3) Conflicts: ssl/record/ssl3_record.c --- apps/speed.c | 5 +++-- crypto/evp/e_aes.c | 2 +- crypto/evp/e_aes_cbc_hmac_sha1.c | 9 ++++++--- crypto/evp/e_aes_cbc_hmac_sha256.c | 7 +++++-- crypto/evp/e_rc4_hmac_md5.c | 7 ++++++- crypto/evp/evp.h | 3 +++ ssl/t1_enc.c | 7 +++++-- 7 files changed, 29 insertions(+), 11 deletions(-) Index: openssl-1.0.1f/crypto/evp/e_aes.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/e_aes.c 2017-01-30 12:51:26.025768464 -0500 +++ openssl-1.0.1f/crypto/evp/e_aes.c 2017-01-30 12:53:31.351405247 -0500 @@ -791,7 +791,7 @@ case EVP_CTRL_AEAD_TLS1_AAD: /* Save the AAD for later use */ - if (arg != 13) + if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; Index: openssl-1.0.1f/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2017-01-30 12:51:26.025768464 -0500 +++ openssl-1.0.1f/crypto/evp/e_aes_cbc_hmac_sha1.c 2017-01-30 12:54:26.100120138 -0500 @@ -492,7 +492,12 @@ case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p=ptr; - unsigned int len=p[arg-2]<<8|p[arg-1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (ctx->encrypt) { @@ -510,7 +515,6 @@ } else { - if (arg>13) arg = 13; memcpy(key->aux.tls_aad,ptr,arg); key->payload_length = arg; Index: openssl-1.0.1f/crypto/evp/e_rc4_hmac_md5.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/e_rc4_hmac_md5.c 2017-01-30 12:51:26.025768464 -0500 +++ openssl-1.0.1f/crypto/evp/e_rc4_hmac_md5.c 2017-01-30 12:55:01.004571988 -0500 @@ -253,7 +253,12 @@ case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p=ptr; - unsigned int len=p[arg-2]<<8|p[arg-1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { Index: openssl-1.0.1f/crypto/evp/evp.h =================================================================== --- openssl-1.0.1f.orig/crypto/evp/evp.h 2017-01-30 12:51:26.025768464 -0500 +++ openssl-1.0.1f/crypto/evp/evp.h 2017-01-30 12:56:24.225632169 -0500 @@ -394,6 +394,9 @@ /* Set the GCM invocation field, decrypt only */ #define EVP_CTRL_GCM_SET_IV_INV 0x18 +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ #define EVP_GCM_TLS_FIXED_IV_LEN 4 Index: openssl-1.0.1f/ssl/t1_enc.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_enc.c 2017-01-30 12:51:26.025768464 -0500 +++ openssl-1.0.1f/ssl/t1_enc.c 2017-01-30 12:57:52.862762269 -0500 @@ -756,7 +756,7 @@ if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) { - unsigned char buf[13],*seq; + unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq; seq = send?s->s3->write_sequence:s->s3->read_sequence; @@ -783,7 +783,10 @@ buf[10]=(unsigned char)(s->version); buf[11]=rec->length>>8; buf[12]=rec->length&0xff; - pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf); + pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, buf); + if (pad <= 0) + return -1; if (send) { l+=pad; debian/patches/CVE-2014-0224-1.patch0000644000000000000000000000602312343110563013361 0ustar commit eaa71076511eab5e84ed36ddecbfc6cc20a48952 Author: Dr. Stephen Henson Date: Fri May 16 12:49:48 2014 +0100 Fix for CVE-2014-0224 Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on. Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2014-06-02 10:22:53.832617748 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2014-06-02 10:22:53.824617748 -0400 @@ -559,6 +559,7 @@ case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2014-06-02 10:22:53.832617748 -0400 +++ openssl-1.0.1f/ssl/s3_pkt.c 2014-06-02 10:22:53.824617748 -0400 @@ -1301,6 +1301,15 @@ goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2014-06-02 10:22:53.832617748 -0400 +++ openssl-1.0.1f/ssl/s3_srvr.c 2014-06-02 10:22:53.824617748 -0400 @@ -673,6 +673,7 @@ case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -700,6 +701,7 @@ case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; @@ -770,7 +772,10 @@ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) + { + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; + } else s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #endif Index: openssl-1.0.1f/ssl/ssl3.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl3.h 2014-06-02 10:22:53.832617748 -0400 +++ openssl-1.0.1f/ssl/ssl3.h 2014-06-02 10:22:53.824617748 -0400 @@ -388,6 +388,7 @@ #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us debian/patches/CVE-2016-2106.patch0000644000000000000000000000407212710423373013234 0ustar Backport of: From 3e17fe7e40ed2eeb4f0892d376ac40d279780aa9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 3 Mar 2016 23:36:23 +0000 Subject: [PATCH] Fix encrypt overflow An overflow can occur in the EVP_EncryptUpdate function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate function all usage is one of two forms. The first form is like this: EVP_EncryptInit() EVP_EncryptUpdate() i.e. where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, I believe that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). Therefore I have checked all instances of these calls too, and came to the same conclusion, i.e. there are no instances in internal usage where an overflow could occur. This could still represent a security issue for end user code that calls this function directly. CVE-2016-2106 Issue reported by Guido Vranken. --- crypto/evp/evp_enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/evp/evp_enc.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/evp_enc.c 2016-04-28 11:05:42.148489950 -0400 +++ openssl-1.0.1f/crypto/evp/evp_enc.c 2016-04-28 11:06:12.360941529 -0400 @@ -343,7 +343,7 @@ OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { - if (i+inl < bl) + if (bl - i > inl) { memcpy(&(ctx->buf[i]),in,inl); ctx->buf_len+=inl; debian/patches/CVE-2016-6302.patch0000644000000000000000000000312212770757420013242 0ustar Backport of: From 1bbe48ab149893a78bf99c8eb8895c928900a16f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 23 Aug 2016 18:14:54 +0100 Subject: [PATCH] Sanity check ticket length. If a ticket callback changes the HMAC digest to SHA512 the existing sanity checks are not sufficient and an attacker could perform a DoS attack with a malformed ticket. Add additional checks based on HMAC size. Thanks to Shi Lei for reporting this bug. CVE-2016-6302 Reviewed-by: Rich Salz (cherry picked from commit baaabfd8fdcec04a691695fad9a664bea43202b6) --- ssl/t1_lib.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2016-09-22 09:38:11.357302420 -0400 +++ openssl-1.0.1f/ssl/t1_lib.c 2016-09-22 09:39:10.306028712 -0400 @@ -2276,9 +2276,6 @@ HMAC_CTX hctx; EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; - /* Need at least keyname + iv + some encrypted data */ - if (eticklen < 48) - return 2; /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); @@ -2313,6 +2310,14 @@ EVP_CIPHER_CTX_cleanup(&ctx); return -1; } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ + if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) + { + HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_cleanup(&ctx); + return 2; + } + eticklen -= mlen; /* Check HMAC of encrypted ticket */ HMAC_Update(&hctx, etick, eticklen); debian/patches/CVE-2018-0734-2.patch0000644000000000000000000000501313401516304013371 0ustar Backport of: From ebf65dbe1a67682d7e1f58db9c53ef737fb37f32 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 29 Oct 2018 07:18:09 +1000 Subject: [PATCH] Merge to 1.0.2: DSA mod inverse fix. There is a side channel attack against the division used to calculate one of the modulo inverses in the DSA algorithm. This change takes advantage of the primality of the modulo and Fermat's little theorem to calculate the inverse without leaking information. Thanks to Samuel Weiser for finding and reporting this. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7512) --- crypto/dsa/dsa_ossl.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2018-12-04 10:24:18.003533898 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2018-12-04 10:26:34.659755577 -0500 @@ -72,6 +72,8 @@ static int dsa_do_verify(const unsigned DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -298,8 +300,8 @@ static int dsa_sign_setup(DSA *dsa, BN_C dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv=dsa_mod_inverse_fermat(&k, dsa->q, ctx)) == NULL) goto err; if (*kinvp != NULL) BN_clear_free(*kinvp); *kinvp=kinv; @@ -428,3 +430,31 @@ static int dsa_finish(DSA *dsa) return(1); } + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_init(&e); + + if (BN_set_word(r, 2) + && BN_sub(&e, q, r) + && BN_mod_exp_mont(r, k, &e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_free(&e); + return res; +} debian/patches/CVE-2016-2177-pre2.patch0000644000000000000000000000160313043663516014114 0ustar Backport of: From e4840c88c516d959785fcd842d8658d3b7a6ae43 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Fri, 2 Oct 2015 14:38:30 +0200 Subject: [PATCH] Validate ClientHello extension field length MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit RT#4069 Reviewed-by: Emilia Käsper Reviewed-by: Matt Caswell --- ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2017-01-30 11:17:32.467273420 -0500 +++ openssl-1.0.1f/ssl/t1_lib.c 2017-01-30 11:18:05.119716960 -0500 @@ -970,7 +970,7 @@ goto ri_check; n2s(data,len); - if (data > (d+n-len)) + if (data + len != d + n) goto ri_check; while (data <= (d+n-4)) debian/patches/CVE-2015-0293.patch0000644000000000000000000001024012502067273013234 0ustar Backport of: commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2 Author: Emilia Kasper Date: Wed Mar 4 09:05:02 2015 -0800 Fix reachable assert in SSLv2 servers. This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson Index: openssl-1.0.1f/ssl/s2_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/s2_lib.c 2015-03-17 13:14:36.205692415 -0400 +++ openssl-1.0.1f/ssl/s2_lib.c 2015-03-17 13:15:04.013912530 -0400 @@ -488,7 +488,7 @@ OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < (int)sizeof(s->session->master_key)); + <= (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; Index: openssl-1.0.1f/ssl/s2_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s2_srvr.c 2015-03-17 13:14:36.205692415 -0400 +++ openssl-1.0.1f/ssl/s2_srvr.c 2015-03-17 13:19:46.788393812 -0400 @@ -446,9 +446,6 @@ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); return(-1); } - i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, - &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); is_export=SSL_C_IS_EXPORT(s->session->cipher); @@ -467,21 +464,60 @@ else ek=5; + /* + * The format of the CLIENT-MASTER-KEY message is + * 1 byte message type + * 3 bytes cipher + * 2-byte clear key length (stored in s->s2->tmp.clear) + * 2-byte encrypted key length (stored in s->s2->tmp.enc) + * 2-byte key args length (IV etc) + * clear key + * encrypted key + * key args + * + * If the cipher is an export cipher, then the encrypted key bytes + * are a fixed portion of the total key (5 or 8 bytes). The size of + * this portion is in |ek|. If the cipher is not an export cipher, + * then the entire key material is encrypted (i.e., clear key length + * must be zero). + */ + if ((!is_export && s->s2->tmp.clear != 0) || + (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); + return -1; + } + /* + * The encrypted blob must decrypt to the encrypted portion of the key. + * Decryption can't be expanding, so if we don't have enough encrypted + * bytes to fit the key in the buffer, stop now. + */ + if ((is_export && s->s2->tmp.enc < ek) || + (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); + return -1; + } + + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, + &(p[s->s2->tmp.clear]), + &(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : + RSA_PKCS1_PADDING); + /* bad decrypt */ #if 1 /* If a bad decrypt, continue with protocol but with a * random master secret (Bleichenbacher attack) */ - if ((i < 0) || - ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != - (unsigned int)EVP_CIPHER_key_length(c)))))) + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) + || (is_export && i != ek))) { ERR_clear_error(); if (is_export) i=ek; else i=EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p,i) <= 0) + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) return 0; } #else @@ -505,7 +541,7 @@ } #endif - if (is_export) i+=s->s2->tmp.clear; + if (is_export) i = EVP_CIPHER_key_length(c); if (i > SSL_MAX_MASTER_KEY_LENGTH) { debian/patches/CVE-2016-2108-2.patch0000644000000000000000000000620112710424334013367 0ustar Description: fix Memory corruption in the ASN.1 encoder Origin: backport, c5e4bc81c5a142cab7f46f69824fa35367999ee8 Origin: backport, ddf29e9b413a12b778ae39d3682b99da201540b1 Index: openssl-1.0.1f/crypto/asn1/a_type.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_type.c 2016-04-28 11:11:46.401929512 -0400 +++ openssl-1.0.1f/crypto/asn1/a_type.c 2016-04-28 11:12:26.310524862 -0400 @@ -131,9 +131,7 @@ result = 0; /* They do not have content. */ break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: case V_ASN1_SEQUENCE: Index: openssl-1.0.1f/crypto/asn1/asn1.h =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/asn1.h 2016-04-28 11:11:46.401929512 -0400 +++ openssl-1.0.1f/crypto/asn1/asn1.h 2016-04-28 11:13:42.355658959 -0400 @@ -96,13 +96,11 @@ #define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ #define V_ASN1_ANY -4 /* used in ASN1 template code */ -#define V_ASN1_NEG 0x100 /* negative flag */ - #define V_ASN1_UNDEF -1 +/* ASN.1 tag values */ #define V_ASN1_EOC 0 #define V_ASN1_BOOLEAN 1 /**/ #define V_ASN1_INTEGER 2 -#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) #define V_ASN1_BIT_STRING 3 #define V_ASN1_OCTET_STRING 4 #define V_ASN1_NULL 5 @@ -111,7 +109,6 @@ #define V_ASN1_EXTERNAL 8 #define V_ASN1_REAL 9 #define V_ASN1_ENUMERATED 10 -#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) #define V_ASN1_UTF8STRING 12 #define V_ASN1_SEQUENCE 16 #define V_ASN1_SET 17 @@ -130,6 +127,16 @@ #define V_ASN1_UNIVERSALSTRING 28 /**/ #define V_ASN1_BMPSTRING 30 +/* + * NB the constants below are used internally by ASN1_INTEGER + * and ASN1_ENUMERATED to indicate the sign. They are *not* on + * the wire tag values. + */ + +#define V_ASN1_NEG 0x100 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + /* For use with d2i_ASN1_type_bytes() */ #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 Index: openssl-1.0.1f/crypto/asn1/tasn_dec.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/tasn_dec.c 2016-04-28 11:11:46.401929512 -0400 +++ openssl-1.0.1f/crypto/asn1/tasn_dec.c 2016-04-28 11:13:59.523914939 -0400 @@ -1006,9 +1006,7 @@ break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: tint = (ASN1_INTEGER **)pval; if (!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; Index: openssl-1.0.1f/crypto/asn1/tasn_enc.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/tasn_enc.c 2016-04-28 11:11:46.401929512 -0400 +++ openssl-1.0.1f/crypto/asn1/tasn_enc.c 2016-04-28 11:14:12.164103391 -0400 @@ -638,9 +638,7 @@ break; case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: /* These are all have the same content format * as ASN1_INTEGER */ debian/patches/CVE-2018-0734-pre1.patch0000644000000000000000000000666713401516402014116 0ustar Backport of: From b96bebacfe814deb99fb64a3ed2296d95c573600 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 1 Nov 2017 06:58:13 +1000 Subject: [PATCH] Address a timing side channel whereby it is possible to determine some information about the length of a value used in DSA operations from a large number of signatures. This doesn't rate as a CVE because: * For the non-constant time code, there are easier ways to extract more information. * For the constant time code, it requires a significant number of signatures to leak a small amount of information. Thanks to Neals Fournaise, Eliane Jaulmes and Jean-Rene Reinhard for reporting this issue. Original commit by Paul Dale. Backported to 1.0.2 by Matt Caswell Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/4642) --- crypto/dsa/dsa_ossl.c | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2018-12-04 10:14:21.307177249 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2018-12-04 10:22:24.079376912 -0500 @@ -217,7 +217,9 @@ static int dsa_sign_setup(DSA *dsa, BN_C { BN_CTX *ctx; BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; + BIGNUM l, m; int ret=0; + int q_bits; if (!dsa->p || !dsa->q || !dsa->g) { @@ -227,6 +229,8 @@ static int dsa_sign_setup(DSA *dsa, BN_C BN_init(&k); BN_init(&kq); + BN_init(&l); + BN_init(&m); if (ctx_in == NULL) { @@ -237,6 +241,13 @@ static int dsa_sign_setup(DSA *dsa, BN_C if ((r=BN_new()) == NULL) goto err; + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + if (!BN_set_bit(&k, q_bits) + || !BN_set_bit(&l, q_bits) + || !BN_set_bit(&m, q_bits)) + goto err; + /* Get random k */ do if (!BN_rand_range(&k, dsa->q)) goto err; @@ -259,21 +270,22 @@ static int dsa_sign_setup(DSA *dsa, BN_C if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { - if (!BN_copy(&kq, &k)) goto err; - - BN_set_flags(&kq, BN_FLG_CONSTTIME); - - /* We do not want timing information to leak the length of k, - * so we compute g^k using an equivalent exponent of fixed length. + /* We do not want timing information to leak the length of k, so we + * compute G^k using an equivalent scalar of fixed bit-length. * - * (This is a kludge that we need because the BN_mod_exp_mont() - * does not let us specify the desired timing behaviour.) */ + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ + + if (!BN_add(&l, &k, dsa->q) + || !BN_add(&m, &l, dsa->q) + || !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m)) + goto err; - if (!BN_add(&kq, &kq, dsa->q)) goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) - { - if (!BN_add(&kq, &kq, dsa->q)) goto err; - } + BN_set_flags(&kq, BN_FLG_CONSTTIME); K = &kq; } @@ -305,7 +317,9 @@ err: if (ctx_in == NULL) BN_CTX_free(ctx); BN_clear_free(&k); BN_clear_free(&kq); - return(ret); + BN_clear_free(&l); + BN_clear_free(&m); + return ret; } static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, debian/patches/CVE-2014-3572.patch0000644000000000000000000000417412453766121013252 0ustar Backport of: From ef28c6d6767a6a30df5add36171894c96628fe98 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 24 Oct 2014 12:30:33 +0100 Subject: [PATCH] ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) --- CHANGES | 7 +++++++ ssl/s3_clnt.c | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2015-01-09 07:56:21.527753974 -0500 +++ openssl-1.0.1f/ssl/s3_clnt.c 2015-01-09 07:59:51.177173529 -0500 @@ -1295,6 +1295,8 @@ int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1305,14 +1307,26 @@ &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kEDH|SSL_kEECDH)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1355,9 +1369,7 @@ } param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) debian/patches/CVE-2016-2105.patch0000644000000000000000000002411612710423255013233 0ustar Description: fix EVP_EncodeUpdate overflow Origin: backport, 33c99f2c8169807660b46d49c3e735cfa09a6e0c Origin: backport, 700daeecb890721176bd23effc4166221cdd0271 Origin: backport, 29188216f818e5b34f3b17ee8ed31e8336f3817e Origin: backport, f332816ef87556b7e89b98206c14df1f128b6d9f Index: openssl-1.0.1f/crypto/evp/encode.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/encode.c 2016-04-28 11:01:12.568457198 -0400 +++ openssl-1.0.1f/crypto/evp/encode.c 2016-04-28 11:04:01.374983163 -0400 @@ -132,12 +132,12 @@ const unsigned char *in, int inl) { int i,j; - unsigned int total=0; + size_t total = 0; *outl=0; - if (inl == 0) return; + if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if ((ctx->num+inl) < ctx->length) + if (ctx->length - ctx->num > inl) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); ctx->num+=inl; @@ -156,7 +156,7 @@ *out='\0'; total=j+1; } - while (inl >= ctx->length) + while (inl >= ctx->length && total <= INT_MAX) { j=EVP_EncodeBlock(out,in,ctx->length); in+=ctx->length; @@ -166,6 +166,12 @@ *out='\0'; total+=j+1; } + if (total > INT_MAX) + { + /* Too much output data! */ + *outl = 0; + return; + } if (inl != 0) memcpy(&(ctx->enc_data[0]),in,inl); ctx->num=inl; Index: openssl-1.0.1f/doc/crypto/EVP_EncodeInit.pod =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/doc/crypto/EVP_EncodeInit.pod 2016-04-28 11:01:12.564457139 -0400 @@ -0,0 +1,145 @@ +=pod + +=head1 NAME + +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit, +EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, +EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode +routines + +=head1 SYNOPSIS + + #include + + EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); + void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); + int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); + void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); + void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); + int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + + void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); + int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); + int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); + int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +=head1 DESCRIPTION + +The EVP encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 +bytes of binary data provided approximately 4 bytes of base 64 encoded data will +be produced (see below). If the input data length is not a multiple of 3 then +the output data will be padded at the end using the "=" character. + +EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for +the encode/decode functions. + +EVP_ENCODE_CTX_free() cleans up an encode/decode context B and frees up the +space allocated to it. + +Encoding of binary base 64 data is performed in blocks of 48 input bytes (or +less for the final block). For each 48 byte input block encoded 64 bytes of base +64 data is output plus an additional newline character (i.e. 65 bytes in total). +The final block (which may be less than 48 bytes) will output 4 bytes for every +3 bytes of input. If the data length is not divisible by 3 then a full 4 bytes +is still output for the final 1 or 2 bytes of input. Similarly a newline +character will also be output. + +EVP_EncodeInit() initialises B for the start of a new encoding operation. + +EVP_EncodeUpdate() encode B bytes of data found in the buffer pointed to by +B. The output is stored in the buffer B and the number of bytes output +is stored in B<*outl>. It is the caller's responsibility to ensure that the +buffer at B is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the B object and will be processed by a +subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the +required size of the output buffer add together the value of B with the +amount of unprocessed data held in B and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a NUL terminator. EVP_EncodeUpdate() may be called +repeatedly to process large amounts of input data. In the event of an error +EVP_EncodeUpdate() will set B<*outl> to 0. + +EVP_EncodeFinal() must be called at the end of an encoding operation. It will +process any partial block of data remaining in the B object. The output +data will be stored in B and the length of the data written will be stored +in B<*outl>. It is the caller's responsibility to ensure that B is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional NUL terminator (i.e. 66 bytes in total). + +EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the B object. + +EVP_EncodeBlock() encodes a full block of input data in B and of length +B and stores it in B. For every 3 bytes of input provided 4 bytes of +output data will be produced. If B is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a NUL terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of +the data generated I the NUL terminator is returned from the function. + +EVP_DecodeInit() initialises B for the start of a new decoding operation. + +EVP_DecodeUpdate() decodes B bytes of data found in the buffer pointed to +by B. The output is stored in the buffer B and the number of bytes +output is stored in B<*outl>. It is the caller's responsibility to ensure that +the buffer at B is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the B object and processed by a subsequent call to EVP_DecodeUpdate(). If +any illegal base 64 characters are encountered or if the base 64 padding +character "=" is encountered in the middle of the data then the function returns +-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character "=" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character "=" has been used). + +EVP_DecodeFinal() must be called at the end of a decoding operation. If there +is any unprocessed data still in B then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return -1 +in this case. Otherwise the function returns 1 on success. + +EVP_DecodeBlock() will decode the block of B bytes of base 64 data contained +in B and store the result in B. Any leading whitespace will be trimmed as +will any trailing whitespace, newlines, carriage returns or EOF characters. +After such trimming the length of the data in B must be divisbile by 4. For +every 4 input bytes exactly 3 output bytes will be produced. The output will be +padded with 0 bits if necessary to ensure that the output is always 3 bytes for +every 4 input bytes. This function will return the length of the data decoded or +-1 on error. + +=head1 RETURN VALUES + +EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX +object or NULL on error. + +EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in +B. + +EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL +terminator. + +EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. + +EVP_DecodeFinal() returns -1 on error or 1 on success. + +EVP_DecodeBlock() returns the length of the data decoded or -1 on error. + +=head1 SEE ALSO + +L + +=cut Index: openssl-1.0.1f/doc/crypto/evp.pod =================================================================== --- openssl-1.0.1f.orig/doc/crypto/evp.pod 2016-04-28 11:01:12.568457198 -0400 +++ openssl-1.0.1f/doc/crypto/evp.pod 2016-04-28 11:01:12.564457139 -0400 @@ -27,6 +27,10 @@ Algorithms are loaded with OpenSSL_add_all_algorithms(3). +The LI<...>|EVP_EncodeInit(3)> and +LI<...>|EVP_EncodeInit(3)> functions implement base 64 encoding +and decoding. + All the symmetric algorithms (ciphers), digests and asymmetric algorithms (public key algorithms) can be replaced by ENGINE modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered @@ -48,6 +52,7 @@ L, L, L, +L, L, L, L debian/patches/pod_ec.misspell.patch0000644000000000000000000000103011575361110014710 0ustar --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -41,7 +41,7 @@ This specifies the input format. The B option with a private key uses an ASN.1 DER encoded SEC1 private key. When used with a public key it -uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +uses the SubjectPublicKeyInfo structure as specified in RFC 3280. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. In the case of a private key PKCS#8 format is also accepted. debian/patches/CVE-2016-0799.patch0000644000000000000000000003442112664064711013262 0ustar Backport of: From a801bf263849a2ef773e5bc0c86438cbba720835 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 25 Feb 2016 13:09:46 +0000 Subject: [PATCH] Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. These issues will only occur on certain platforms where sizeof(size_t) > sizeof(int). E.g. many 64 bit systems. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. CVE-2016-0799 Issue reported by Guido Vranken. Reviewed-by: Andy Polyakov (cherry picked from commit 578b956fe741bf8e84055547b1e83c28dd902c73) --- crypto/bio/b_print.c | 187 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 116 insertions(+), 71 deletions(-) Index: openssl-1.0.1f/crypto/bio/b_print.c =================================================================== --- openssl-1.0.1f.orig/crypto/bio/b_print.c 2016-02-26 09:50:10.598587200 -0500 +++ openssl-1.0.1f/crypto/bio/b_print.c 2016-02-26 10:05:21.762908573 -0500 @@ -125,16 +125,16 @@ #define LLONG long #endif -static void fmtstr (char **, char **, size_t *, size_t *, +static int fmtstr (char **, char **, size_t *, size_t *, const char *, int, int, int); -static void fmtint (char **, char **, size_t *, size_t *, +static int fmtint (char **, char **, size_t *, size_t *, LLONG, int, int, int, int); -static void fmtfp (char **, char **, size_t *, size_t *, +static int fmtfp (char **, char **, size_t *, size_t *, LDOUBLE, int, int, int); -static void doapr_outch (char **, char **, size_t *, size_t *, int); -static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int doapr_outch (char **, char **, size_t *, size_t *, int); +static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -165,7 +165,7 @@ #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static void +static int _dopr( char **sbuffer, char **buffer, @@ -200,7 +200,8 @@ if (ch == '%') state = DP_S_FLAGS; else - doapr_outch(sbuffer,buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; ch = *format++; break; case DP_S_FLAGS: @@ -306,8 +307,9 @@ value = va_arg(args, int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 10, min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, + max, flags)) + return 0; break; case 'X': flags |= DP_F_UP; @@ -332,17 +334,19 @@ unsigned int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, + ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), + min, max, flags)) + return 0; break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); else fvalue = va_arg(args, double); - fmtfp(sbuffer, buffer, &currlen, maxlen, - fvalue, min, max, flags); + if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, + flags)) + return 0; break; case 'E': flags |= DP_F_UP; @@ -361,8 +365,9 @@ fvalue = va_arg(args, double); break; case 'c': - doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) + return 0; break; case 's': strvalue = va_arg(args, char *); @@ -372,13 +377,15 @@ else max = *maxlen; } - fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max); + if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, + flags, min, max)) + return 0; break; case 'p': value = (long)va_arg(args, void *); - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags|DP_F_NUM); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, + value, 16, min, max, flags | DP_F_NUM)) + return 0; break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -400,7 +407,8 @@ } break; case '%': - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; break; case 'w': /* not supported yet, treat as next char */ @@ -424,12 +432,13 @@ *truncated = (currlen > *maxlen - 1); if (*truncated) currlen = *maxlen - 1; - doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) + return 0; *retlen = currlen - 1; - return; + return 1; } -static void +static int fmtstr( char **sbuffer, char **buffer, @@ -440,36 +449,44 @@ int min, int max) { - int padlen, strln; + int padlen; + size_t strln; int cnt = 0; if (value == 0) value = ""; - for (strln = 0; value[strln]; ++strln) - ; + + strln = strlen(value); + if (strln > INT_MAX) + strln = INT_MAX; + padlen = min - strln; - if (padlen < 0) + if (min < 0 || padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; while ((padlen > 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; ++cnt; } while (*value && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + return 0; ++cnt; } while ((padlen < 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; ++cnt; } + return 1; } -static void +static int fmtint( char **sbuffer, char **buffer, @@ -533,37 +550,44 @@ /* spaces */ while (spadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --spadlen; } /* sign */ if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; /* prefix */ while (*prefix) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) + return 0; prefix++; } /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } } /* digits */ - while (place > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); + while (place > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) + return 0; + } /* left justified spaces */ while (spadlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++spadlen; } - return; + return 1; } static LDOUBLE @@ -597,7 +621,7 @@ return intpart; } -static void +static int fmtfp( char **sbuffer, char **buffer, @@ -682,47 +706,61 @@ if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; --padlen; signvalue = 0; } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --padlen; } } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; } - if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; - while (iplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); + while (iplace > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) + return 0; + } /* * Decimal point. This should probably use locale to find the correct * char to print out. */ if (max > 0 || (flags & DP_F_NUM)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) + return 0; - while (fplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); + while (fplace > 0) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, + fconvert[--fplace])) + return 0; + } } while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } while (padlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; } + return 1; } -static void +#define BUFFER_INC 1024 + +static int doapr_outch( char **sbuffer, char **buffer, @@ -733,24 +771,30 @@ /* If we haven't at least one buffer, someone has doe a big booboo */ assert(*sbuffer != NULL || buffer != NULL); - if (buffer) { - while (*currlen >= *maxlen) { - if (*buffer == NULL) { - if (*maxlen == 0) - *maxlen = 1024; - *buffer = OPENSSL_malloc(*maxlen); - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - *maxlen += 1024; - *buffer = OPENSSL_realloc(*buffer, *maxlen); - } + /* |currlen| must always be <= |*maxlen| */ + assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { + if (*maxlen > INT_MAX - BUFFER_INC) + return 0; + + *maxlen += BUFFER_INC; + if (*buffer == NULL) { + *buffer = OPENSSL_malloc(*maxlen); + if (*buffer == NULL) + return 0; + if (*currlen > 0) { + assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); + } + *sbuffer = NULL; + } else { + char *tmpbuf; + tmpbuf = OPENSSL_realloc(*buffer, *maxlen); + if (tmpbuf == NULL) + return 0; + *buffer = tmpbuf; } - /* What to do if *buffer is NULL? */ - assert(*sbuffer != NULL || *buffer != NULL); } if (*currlen < *maxlen) { @@ -760,7 +804,7 @@ (*buffer)[(*currlen)++] = (char)c; } - return; + return 1; } /***************************************************************************/ @@ -792,8 +836,11 @@ dynbuf = NULL; CRYPTO_push_info("doapr()"); - _dopr(&hugebufp, &dynbuf, &hugebufsize, - &retlen, &ignored, format, args); + if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, + args)) { + OPENSSL_free(dynbuf); + return -1; + } if (dynbuf) { ret=BIO_write(bio, dynbuf, (int)retlen); @@ -829,7 +876,8 @@ size_t retlen; int truncated; - _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); + if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) + return -1; if (truncated) /* In case of truncation, return -1 like traditional snprintf. debian/patches/CVE-2016-2181-2.patch0000644000000000000000000002113612770756316013412 0ustar Backport of: From b77ab018b79a00f789b0fb85596b446b08be4c9d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 5 Jul 2016 12:04:37 +0100 Subject: [PATCH] Fix DTLS replay protection The DTLS implementation provides some protection against replay attacks in accordance with RFC6347 section 4.1.2.6. A sliding "window" of valid record sequence numbers is maintained with the "right" hand edge of the window set to the highest sequence number we have received so far. Records that arrive that are off the "left" hand edge of the window are rejected. Records within the window are checked against a list of records received so far. If we already received it then we also reject the new record. If we have not already received the record, or the sequence number is off the right hand edge of the window then we verify the MAC of the record. If MAC verification fails then we discard the record. Otherwise we mark the record as received. If the sequence number was off the right hand edge of the window, then we slide the window along so that the right hand edge is in line with the newly received sequence number. Records may arrive for future epochs, i.e. a record from after a CCS being sent, can arrive before the CCS does if the packets get re-ordered. As we have not yet received the CCS we are not yet in a position to decrypt or validate the MAC of those records. OpenSSL places those records on an unprocessed records queue. It additionally updates the window immediately, even though we have not yet verified the MAC. This will only occur if currently in a handshake/renegotiation. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means the right hand edge of the window is moved very far to the right, and all subsequent legitimate packets are dropped causing a denial of service. A similar effect can be achieved during the initial handshake. In this case there is no MAC key negotiated yet. Therefore an attacker can send a message for the current epoch with a very large sequence number. The code will process the record as normal. If the hanshake message sequence number (as opposed to the record sequence number that we have been talking about so far) is in the future then the injected message is bufferred to be handled later, but the window is still updated. Therefore all subsequent legitimate handshake records are dropped. This aspect is not considered a security issue because there are many ways for an attacker to disrupt the initial handshake and prevent it from completing successfully (e.g. injection of a handshake message will cause the Finished MAC to fail and the handshake to be aborted). This issue comes about as a result of trying to do replay protection, but having no integrity mechanism in place yet. Does it even make sense to have replay protection in epoch 0? That issue isn't addressed here though. This addressed an OCAP Audit issue. CVE-2016-2181 Reviewed-by: Richard Levitte --- ssl/d1_pkt.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++------------ ssl/ssl.h | 1 + ssl/ssl_err.c | 4 +++- 3 files changed, 52 insertions(+), 13 deletions(-) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2016-09-22 09:23:09.862359490 -0400 +++ openssl-1.0.1f/ssl/d1_pkt.c 2016-09-22 09:28:10.649974671 -0400 @@ -178,7 +178,7 @@ #endif static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); -static int dtls1_process_record(SSL *s); +static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap); /* copy buffered record into SSL structure */ static int @@ -304,14 +304,19 @@ { pitem *item; SSL3_BUFFER *rb; + SSL3_RECORD *rr; + DTLS1_BITMAP *bitmap; + unsigned int is_next_epoch; + int replayok = 1; item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) { /* Check if epoch is current. */ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) - return(1); /* Nothing to do. */ + return 1; /* Nothing to do. */ + rr = &s->s3->rrec; rb = &s->s3->rbuf; if (rb->left > 0) { @@ -328,11 +333,41 @@ while (pqueue_peek(s->d1->unprocessed_rcds.q)) { dtls1_get_unprocessed_record(s); - if ( ! dtls1_process_record(s)) - return(0); + bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); + if (bitmap == NULL) { + /* + * Should not happen. This will only ever be NULL when the + * current record is from a different epoch. But that cannot + * be the case because we already checked the epoch above + */ + SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, + ERR_R_INTERNAL_ERROR); + return 0; + } +#ifndef OPENSSL_NO_SCTP + /* Only do replay check if no SCTP bio */ + if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) +#endif + { + /* + * Check whether this is a repeat, or aged record. We did this + * check once already when we first received the record - but + * we might have updated the window since then due to + * records we subsequently processed. + */ + replayok = dtls1_record_replay_check(s, bitmap); + } + + if (!replayok || !dtls1_process_record(s, bitmap)) { + /* dump this record */ + rr->length = 0; + s->packet_length = 0; + continue; + } + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), s->s3->rrec.seq_num)<0) - return -1; + return 0; } } @@ -341,7 +376,7 @@ s->d1->processed_rcds.epoch = s->d1->r_epoch; s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; - return(1); + return 1; } @@ -391,7 +426,7 @@ #endif static int -dtls1_process_record(SSL *s) +dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) { int i,al; int enc_err; @@ -547,6 +582,10 @@ /* we have pulled in a full packet so zero things */ s->packet_length=0; + + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); + return(1); f_err: @@ -580,7 +619,7 @@ again: /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - if(dtls1_process_buffered_records(s)<0) + if (!dtls1_process_buffered_records(s)) return -1; /* if we're renegotiating, then there may be buffered records */ @@ -719,20 +758,18 @@ { if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) return -1; - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; goto again; } - if (!dtls1_process_record(s)) + if (!dtls1_process_record(s, bitmap)) { rr->length = 0; s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } - dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2016-09-22 09:23:09.862359490 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2016-09-22 09:28:50.502451637 -0400 @@ -2091,6 +2091,7 @@ #define SSL_F_DTLS1_HEARTBEAT 305 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +#define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 404 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 #define SSL_F_DTLS1_PROCESS_RECORD 257 #define SSL_F_DTLS1_READ_BYTES 258 Index: openssl-1.0.1f/ssl/ssl_err.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_err.c 2016-09-22 09:23:09.862359490 -0400 +++ openssl-1.0.1f/ssl/ssl_err.c 2016-09-22 09:29:19.638800088 -0400 @@ -92,6 +92,7 @@ {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, +{ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS), "DTLS1_PROCESS_BUFFERED_RECORDS"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, debian/patches/reject_small_dh.patch0000644000000000000000000003277112535332241014767 0ustar Description: reject dh keys smaller than 768 bits Origin: backport, https://git.openssl.org/?p=openssl.git;a=commit;h=63830384e90d9b36d2793d4891501ec024827433 Origin: backport, https://git.openssl.org/?p=openssl.git;a=commit;h=ff4de7dde90d15b366abe4664b904f22539969c9 Origin: backport, https://git.openssl.org/?p=openssl.git;a=commit;h=f1612746ec7580132f81fb81a23f6705e63d113b Origin: backport, https://git.openssl.org/?p=openssl.git;a=commit;h=3372aeed2ce056af9d577a0d79b34dd7f9b67dad Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod =================================================================== --- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 2015-06-08 11:15:37.770725621 -0400 +++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 2015-06-08 11:15:37.766725576 -0400 @@ -62,12 +62,12 @@ If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -75,82 +75,62 @@ the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L application. -Authors may also generate their own set of parameters using -L, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. - -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +can supply the DH parameters via a callback function. + +Previous versions of the callback used B and B +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B and B and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + Code for setting up parameters during server initialization: + + ... + SSL_CTX ctx = SSL_CTX_new(); ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2015-06-08 11:15:37.770725621 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2015-06-08 11:15:37.766725576 -0400 @@ -3284,26 +3284,32 @@ } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kEDH) && dh == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } - else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) - { + } + if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); goto f_err; - } + } #ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) - { + if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); goto f_err; - } -#endif + } #endif + /* Check DHE only: static DH not implemented. */ + if (alg_k & SSL_kEDH) { + int dh_size = BN_num_bits(dh->p); + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); + goto f_err; + } + } +#endif /* !OPENSSL_NO_DH */ + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) { #ifndef OPENSSL_NO_RSA Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2015-06-08 11:15:37.770725621 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2015-06-08 11:15:37.766725576 -0400 @@ -2357,6 +2357,7 @@ #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 372 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 Index: openssl-1.0.1f/ssl/ssl_err.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_err.c 2015-06-08 11:15:37.770725621 -0400 +++ openssl-1.0.1f/ssl/ssl_err.c 2015-06-08 11:15:37.766725576 -0400 @@ -361,6 +361,7 @@ {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, +{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL) ,"dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, Index: openssl-1.0.1f/apps/s_server.c =================================================================== --- openssl-1.0.1f.orig/apps/s_server.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/apps/s_server.c 2015-06-08 11:19:13.501148683 -0400 @@ -214,7 +214,7 @@ unsigned int *id_len); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -222,28 +222,48 @@ #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[]={ - 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, - 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, - 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, - 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, - 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, - 0x47,0x74,0xE8,0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[]={ +static unsigned char dh2048_g[]={ 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh=NULL; + DH *dh; - if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return(NULL); - return(dh); + if ((dh=DH_new()) == NULL) + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) + { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -1661,7 +1681,12 @@ else { BIO_printf(bio_s_out,"Using default temp DH parameters\n"); - dh=get_dh512(); + dh = get_dh2048(); + if (dh == NULL) + { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); Index: openssl-1.0.1f/doc/apps/dhparam.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/dhparam.pod 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/doc/apps/dhparam.pod 2015-06-08 11:20:28.769993768 -0400 @@ -66,8 +66,10 @@ =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B is present, parameters are generated with the +default generator 2. =item B<-rand> I @@ -80,9 +82,10 @@ =item I this option specifies that a parameter set should be generated of size -I. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> debian/patches/CVE-2014-3570.patch0000644000000000000000000017031512453766103013251 0ustar From e078642ddea29bbb6ba29788a6a513796387fbbb Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Mon, 5 Jan 2015 14:52:56 +0100 Subject: [PATCH] Fix for CVE-2014-3570. Reviewed-by: Emilia Kasper (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de) (with 1.0.1-specific addendum) --- crypto/bn/asm/mips.pl | 611 +++--------- crypto/bn/asm/mips3.s | 2201 -------------------------------------------- crypto/bn/asm/x86_64-gcc.c | 34 +- crypto/bn/bn_asm.c | 16 +- crypto/bn/bntest.c | 102 +- 5 files changed, 234 insertions(+), 2730 deletions(-) delete mode 100644 crypto/bn/asm/mips3.s Index: openssl-1.0.1f/crypto/bn/asm/mips.pl =================================================================== --- openssl-1.0.1f.orig/crypto/bn/asm/mips.pl 2015-01-09 07:55:33.771430277 -0500 +++ openssl-1.0.1f/crypto/bn/asm/mips.pl 2015-01-09 07:55:33.767430250 -0500 @@ -1872,6 +1872,41 @@ ($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + $code.=<<___; .align 5 @@ -1920,21 +1955,10 @@ sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -1945,67 +1969,19 @@ sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2016,97 +1992,23 @@ sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3); - $ADDU $c_2,$at - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2117,112 +2019,25 @@ sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; $ST $c_2,7*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2233,82 +2048,21 @@ sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; $ST $c_1,9*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2319,52 +2073,17 @@ sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; $ST $c_3,11*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2375,21 +2094,10 @@ sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; $ST $c_2,13*$BNSZ($a0) mflo $t_1 @@ -2457,21 +2165,10 @@ sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2482,52 +2179,17 @@ sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2538,21 +2200,10 @@ sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) mflo $t_1 Index: openssl-1.0.1f/crypto/bn/asm/mips3.s =================================================================== --- openssl-1.0.1f.orig/crypto/bn/asm/mips3.s 2015-01-09 07:55:33.771430277 -0500 +++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,2201 +0,0 @@ -.rdata -.asciiz "mips3.s, Version 1.1" -.asciiz "MIPS III/IV ISA artwork by Andy Polyakov " - -/* - * ==================================================================== - * Written by Andy Polyakov for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contributon to the OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * The module is designed to work with either of the "new" MIPS ABI(5), - * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under - * IRIX 5.x not only because it doesn't support new ABIs but also - * because 5.x kernels put R4x00 CPU into 32-bit mode and all those - * 64-bit instructions (daddu, dmultu, etc.) found below gonna only - * cause illegal instruction exception:-( - * - * In addition the code depends on preprocessor flags set up by MIPSpro - * compiler driver (either as or cc) and therefore (probably?) can't be - * compiled by the GNU assembler. GNU C driver manages fine though... - * I mean as long as -mmips-as is specified or is the default option, - * because then it simply invokes /usr/bin/as which in turn takes - * perfect care of the preprocessor definitions. Another neat feature - * offered by the MIPSpro assembler is an optimization pass. This gave - * me the opportunity to have the code looking more regular as all those - * architecture dependent instruction rescheduling details were left to - * the assembler. Cool, huh? - * - * Performance improvement is astonishing! 'apps/openssl speed rsa dsa' - * goes way over 3 times faster! - * - * - */ -#include -#include - -#if _MIPS_ISA>=4 -#define MOVNZ(cond,dst,src) \ - movn dst,src,cond -#else -#define MOVNZ(cond,dst,src) \ - .set noreorder; \ - bnezl cond,.+8; \ - move dst,src; \ - .set reorder -#endif - -.text - -.set noat -.set reorder - -#define MINUS4 v1 - -.align 5 -LEAF(bn_mul_add_words) - .set noreorder - bgtzl a2,.L_bn_mul_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_add_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_add_words_tail - -.L_bn_mul_add_words_loop: - dmultu t0,a3 - ld t1,0(a0) - ld t2,8(a1) - ld t3,8(a0) - ld ta0,16(a1) - ld ta1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 /* All manuals say it "compares 32-bit - * values", but it seems to work fine - * even on 64-bit registers. */ - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - - dmultu t2,a3 - ld ta2,24(a1) - ld ta3,24(a0) - daddu t3,v0 - sltu v0,t3,v0 - mflo AT - mfhi t2 - daddu t3,AT - daddu v0,t2 - sltu AT,t3,AT - sd t3,8(a0) - daddu v0,AT - - dmultu ta0,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - daddu ta1,v0 - sltu v0,ta1,v0 - mflo AT - mfhi ta0 - daddu ta1,AT - daddu v0,ta0 - sltu AT,ta1,AT - sd ta1,-16(a0) - daddu v0,AT - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - daddu ta3,v0 - sltu v0,ta3,v0 - mflo AT - mfhi ta2 - daddu ta3,AT - daddu v0,ta2 - sltu AT,ta3,AT - sd ta3,-8(a0) - daddu v0,AT - .set noreorder - bgtzl ta0,.L_bn_mul_add_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_add_words_return: - jr ra - -.L_bn_mul_add_words_tail: - dmultu t0,a3 - ld t1,0(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,8(a1) - dmultu t0,a3 - ld t1,8(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,8(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,16(a1) - dmultu t0,a3 - ld t1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,16(a0) - daddu v0,AT - jr ra -END(bn_mul_add_words) - -.align 5 -LEAF(bn_mul_words) - .set noreorder - bgtzl a2,.L_bn_mul_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_words_tail - -.L_bn_mul_words_loop: - dmultu t0,a3 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - - dmultu t2,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - mflo AT - mfhi t2 - daddu v0,AT - sltu t3,v0,AT - sd v0,-24(a0) - daddu v0,t3,t2 - - dmultu ta0,a3 - mflo AT - mfhi ta0 - daddu v0,AT - sltu ta1,v0,AT - sd v0,-16(a0) - daddu v0,ta1,ta0 - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - mflo AT - mfhi ta2 - daddu v0,AT - sltu ta3,v0,AT - sd v0,-8(a0) - daddu v0,ta3,ta2 - .set noreorder - bgtzl ta0,.L_bn_mul_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_words_return: - jr ra - -.L_bn_mul_words_tail: - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,8(a1) - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,8(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,16(a1) - dmultu t0,a3 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,16(a0) - daddu v0,t1,t0 - jr ra -END(bn_mul_words) - -.align 5 -LEAF(bn_sqr_words) - .set noreorder - bgtzl a2,.L_bn_sqr_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sqr_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_sqr_words_tail - -.L_bn_sqr_words_loop: - dmultu t0,t0 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - - dmultu t2,t2 - subu a2,4 - PTR_ADD a0,64 - PTR_ADD a1,32 - mflo t3 - mfhi t2 - sd t3,-48(a0) - sd t2,-40(a0) - - dmultu ta0,ta0 - mflo ta1 - mfhi ta0 - sd ta1,-32(a0) - sd ta0,-24(a0) - - - dmultu ta2,ta2 - and ta0,a2,MINUS4 - mflo ta3 - mfhi ta2 - sd ta3,-16(a0) - sd ta2,-8(a0) - - .set noreorder - bgtzl ta0,.L_bn_sqr_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_sqr_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sqr_words_return: - move v0,zero - jr ra - -.L_bn_sqr_words_tail: - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,8(a1) - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,16(a0) - sd t0,24(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,16(a1) - dmultu t0,t0 - mflo t1 - mfhi t0 - sd t1,32(a0) - sd t0,40(a0) - jr ra -END(bn_sqr_words) - -.align 5 -LEAF(bn_add_words) - .set noreorder - bgtzl a3,.L_bn_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_add_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_add_words_tail - -.L_bn_add_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - daddu ta0,t0 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,-32(a0) - daddu v0,t8 - - daddu ta1,t1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,-24(a0) - daddu v0,t9 - - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,-16(a0) - daddu v0,t8 - - daddu ta3,t3 - sltu t9,ta3,t3 - daddu t3,ta3,v0 - sltu v0,t3,ta3 - sd t3,-8(a0) - daddu v0,t9 - - .set noreorder - bgtzl AT,.L_bn_add_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_add_words_return: - jr ra - -.L_bn_add_words_tail: - ld ta0,0(a2) - daddu ta0,t0 - subu a3,1 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,0(a0) - daddu v0,t8 - beqz a3,.L_bn_add_words_return - - ld t1,8(a1) - ld ta1,8(a2) - daddu ta1,t1 - subu a3,1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,8(a0) - daddu v0,t9 - beqz a3,.L_bn_add_words_return - - ld t2,16(a1) - ld ta2,16(a2) - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,16(a0) - daddu v0,t8 - jr ra -END(bn_add_words) - -.align 5 -LEAF(bn_sub_words) - .set noreorder - bgtzl a3,.L_bn_sub_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sub_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_sub_words_tail - -.L_bn_sub_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - sd ta0,-32(a0) - MOVNZ (t0,v0,t8) - - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - sd ta1,-24(a0) - MOVNZ (t1,v0,t9) - - - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - sd ta2,-16(a0) - MOVNZ (t2,v0,t8) - - sltu t9,t3,ta3 - dsubu t3,ta3 - dsubu ta3,t3,v0 - sd ta3,-8(a0) - MOVNZ (t3,v0,t9) - - .set noreorder - bgtzl AT,.L_bn_sub_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_sub_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sub_words_return: - jr ra - -.L_bn_sub_words_tail: - ld ta0,0(a2) - subu a3,1 - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - MOVNZ (t0,v0,t8) - sd ta0,0(a0) - beqz a3,.L_bn_sub_words_return - - ld t1,8(a1) - subu a3,1 - ld ta1,8(a2) - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - MOVNZ (t1,v0,t9) - sd ta1,8(a0) - beqz a3,.L_bn_sub_words_return - - ld t2,16(a1) - ld ta2,16(a2) - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - MOVNZ (t2,v0,t8) - sd ta2,16(a0) - jr ra -END(bn_sub_words) - -#undef MINUS4 - -.align 5 -LEAF(bn_div_3_words) - .set reorder - move a3,a0 /* we know that bn_div_words doesn't - * touch a3, ta2, ta3 and preserves a2 - * so that we can save two arguments - * and return address in registers - * instead of stack:-) - */ - ld a0,(a3) - move ta2,a1 - ld a1,-8(a3) - bne a0,a2,.L_bn_div_3_words_proceed - li v0,-1 - jr ra -.L_bn_div_3_words_proceed: - move ta3,ra - bal bn_div_words - move ra,ta3 - dmultu ta2,v0 - ld t2,-16(a3) - move ta0,zero - mfhi t1 - mflo t0 - sltu t8,t1,v1 -.L_bn_div_3_words_inner_loop: - bnez t8,.L_bn_div_3_words_inner_loop_done - sgeu AT,t2,t0 - seq t9,t1,v1 - and AT,t9 - sltu t3,t0,ta2 - daddu v1,a2 - dsubu t1,t3 - dsubu t0,ta2 - sltu t8,t1,v1 - sltu ta0,v1,a2 - or t8,ta0 - .set noreorder - beqzl AT,.L_bn_div_3_words_inner_loop - dsubu v0,1 - .set reorder -.L_bn_div_3_words_inner_loop_done: - jr ra -END(bn_div_3_words) - -.align 5 -LEAF(bn_div_words) - .set noreorder - bnezl a2,.L_bn_div_words_proceed - move v1,zero - jr ra - li v0,-1 /* I'd rather signal div-by-zero - * which can be done with 'break 7' */ - -.L_bn_div_words_proceed: - bltz a2,.L_bn_div_words_body - move t9,v1 - dsll a2,1 - bgtz a2,.-4 - addu t9,1 - - .set reorder - negu t1,t9 - li t2,-1 - dsll t2,t1 - and t2,a0 - dsrl AT,a1,t1 - .set noreorder - bnezl t2,.+8 - break 6 /* signal overflow */ - .set reorder - dsll a0,t9 - dsll a1,t9 - or a0,AT - -#define QT ta0 -#define HH ta1 -#define DH v1 -.L_bn_div_words_body: - dsrl DH,a2,32 - sgeu AT,a0,a2 - .set noreorder - bnezl AT,.+8 - dsubu a0,a2 - .set reorder - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div1 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div1: - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop1: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v0,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop1_done - dsubu t1,v0 - dsubu t0,a2 - b .L_bn_div_words_inner_loop1 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop1_done: - - dsll a1,32 - dsubu a0,t3,t0 - dsll v0,QT,32 - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div2 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div2: -#undef DH - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop2: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v1,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop2_done - dsubu t1,v1 - dsubu t0,a2 - b .L_bn_div_words_inner_loop2 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop2_done: -#undef HH - - dsubu a0,t3,t0 - or v0,QT - dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */ - dsrl a2,t9 /* restore a2 */ - jr ra -#undef QT -END(bn_div_words) - -#define a_0 t0 -#define a_1 t1 -#define a_2 t2 -#define a_3 t3 -#define b_0 ta0 -#define b_1 ta1 -#define b_2 ta2 -#define b_3 ta3 - -#define a_4 s0 -#define a_5 s2 -#define a_6 s4 -#define a_7 a1 /* once we load a[7] we don't need a anymore */ -#define b_4 s1 -#define b_5 s3 -#define b_6 s5 -#define b_7 a2 /* once we load b[7] we don't need b anymore */ - -#define t_1 t8 -#define t_2 t9 - -#define c_1 v0 -#define c_2 v1 -#define c_3 a3 - -#define FRAME_SIZE 48 - -.align 5 -LEAF(bn_mul_comba8) - .set noreorder - PTR_SUB sp,FRAME_SIZE - .frame sp,64,ra - .set reorder - ld a_0,0(a1) /* If compiled with -mips3 option on - * R5000 box assembler barks on this - * line with "shouldn't have mult/div - * as last instruction in bb (R10K - * bug)" warning. If anybody out there - * has a clue about how to circumvent - * this do send me a note. - * - */ - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - sd s0,0(sp) - sd s1,8(sp) - sd s2,16(sp) - sd s3,24(sp) - sd s4,32(sp) - sd s5,40(sp) - mflo c_1 - mfhi c_2 - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - ld b_4,32(a2) - ld b_5,40(a2) - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - ld b_6,48(a2) - ld b_7,56(a2) - sd c_1,0(a0) /* r[0]=c1; */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) /* r[1]=c2; */ - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) /* r[2]=c3; */ - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) /* r[3]=c1; */ - - dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) /* r[4]=c2; */ - - dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) /* r[5]=c3; */ - - dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) /* r[6]=c1; */ - - dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) /* r[7]=c2; */ - - dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) /* r[8]=c3; */ - - dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) /* r[9]=c1; */ - - dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) /* r[10]=c2; */ - - dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) /* r[11]=c3; */ - - dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) /* r[12]=c1; */ - - dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) /* r[13]=c2; */ - - dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - ld s0,0(sp) - ld s1,8(sp) - ld s2,16(sp) - ld s3,24(sp) - ld s4,32(sp) - ld s5,40(sp) - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) /* r[14]=c3; */ - sd c_1,120(a0) /* r[15]=c1; */ - - PTR_ADD sp,FRAME_SIZE - - jr ra -END(bn_mul_comba8) - -.align 5 -LEAF(bn_mul_comba4) - .set reorder - ld a_0,0(a1) - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_mul_comba4) - -#undef a_4 -#undef a_5 -#undef a_6 -#undef a_7 -#define a_4 b_0 -#define a_5 b_1 -#define a_6 b_2 -#define a_7 b_3 - -.align 5 -LEAF(bn_sqr_comba8) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) - - dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) - - dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) - - dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) - - dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) - - dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) - - dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) - - dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) - - dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) - sd c_1,120(a0) - - jr ra -END(bn_sqr_comba8) - -.align 5 -LEAF(bn_sqr_comba4) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_sqr_comba4) Index: openssl-1.0.1f/crypto/bn/asm/x86_64-gcc.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/asm/x86_64-gcc.c 2015-01-09 07:55:33.771430277 -0500 +++ openssl-1.0.1f/crypto/bn/asm/x86_64-gcc.c 2015-01-09 07:55:33.767430250 -0500 @@ -273,6 +273,10 @@ /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ #define mul_add_c(a,b,c0,c1,c2) { \ @@ -287,10 +291,10 @@ BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } - } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) debian/patches/CVE-2015-1788.patch0000644000000000000000000000163112535317440013252 0ustar Description: fix denial of service via malformed ECParameters Origin: based on patch by Andy Polyakov Index: openssl-1.0.1f/crypto/bn/bn_gf2m.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_gf2m.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/bn/bn_gf2m.c 2015-06-08 08:58:36.839146898 -0400 @@ -568,9 +568,10 @@ } #else { - int i, ubits = BN_num_bits(u), - vbits = BN_num_bits(v), /* v is copy of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp,*bdp,*vdp,*cdp; bn_wexpand(u,top); udp = u->d; @@ -611,7 +612,12 @@ ubits--; } - if (ubits<=BN_BITS2 && udp[0]==1) break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits Date: Mon, 11 Apr 2016 13:57:20 +0100 Subject: [PATCH] Harden ASN.1 BIO handling of large amounts of data. If the ASN.1 BIO is presented with a large length field read it in chunks of increasing size checking for EOF on each read. This prevents small files allocating excessive amounts of data. CVE-2016-2109 Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Viktor Dukhovni --- crypto/asn1/a_d2i_fp.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) Index: openssl-1.0.1f/crypto/asn1/a_d2i_fp.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_d2i_fp.c 2016-04-28 11:15:25.725199882 -0400 +++ openssl-1.0.1f/crypto/asn1/a_d2i_fp.c 2016-04-28 11:20:05.457384817 -0400 @@ -139,6 +139,7 @@ #endif #define HEADER_SIZE 8 +#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { BUF_MEM *b; @@ -230,6 +231,8 @@ want=c.slen; if (want > (len-off)) { + size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; + want-=(len-off); if (want > INT_MAX /* BIO_read takes an int length */ || len+want < len) @@ -237,24 +240,38 @@ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); goto err; } - if (!BUF_MEM_grow_clean(b,len+want)) - { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); - goto err; - } while (want > 0) { - i=BIO_read(in,&(b->data[len]),want); - if (i <= 0) + /* + * Read content in chunks of increasing size + * so we can return an error for EOF without + * having to allocate the entire content length + * in one go. + */ + size_t chunk = want > chunk_max ? chunk_max : want; + + if (!BUF_MEM_grow_clean(b, len + chunk)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_NOT_ENOUGH_DATA); + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); goto err; } - /* This can't overflow because - * |len+want| didn't overflow. */ - len+=i; - want-=i; + want -= chunk; + while (chunk > 0) + { + i = BIO_read(in, &(b->data[len]), chunk); + if (i <= 0) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, + ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + /* This can't overflow because + * |len+want| didn't overflow. */ + len += i; + chunk -= i; + } + if (chunk_max < INT_MAX/2) + chunk_max *= 2; } } if (off + c.slen < off) debian/patches/preserve_digests_for_sni.patch0000644000000000000000000000302512665031562016740 0ustar From 4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 10 Oct 2014 13:18:09 +0100 Subject: [PATCH] Preserve digests for SNI. SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. PR: 3560 Reviewed-by: Tim Hudson --- ssl/ssl_lib.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_lib.c 2016-02-29 07:02:55.744225946 -0500 +++ openssl-1.0.1f/ssl/ssl_lib.c 2016-02-29 07:02:55.740225904 -0500 @@ -2972,15 +2972,26 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { + CERT *ocert = ssl->cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; #endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + if (ocert != NULL) + { + int i; + /* Copy negotiated digests from original */ + for (i = 0; i < SSL_PKEY_NUM; i++) + { + CERT_PKEY *cpk = ocert->pkeys + i; + CERT_PKEY *rpk = ssl->cert->pkeys + i; + rpk->digest = cpk->digest; + } + ssl_cert_free(ocert); + } CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ debian/patches/CVE-2018-0737-1.patch0000644000000000000000000000466313312440213013401 0ustar Backport of: From 0b199a883e9170cdfe8e61c150bbaf8d8951f3e7 Mon Sep 17 00:00:00 2001 From: Samuel Weiser Date: Tue, 5 Dec 2017 15:55:17 +0100 Subject: [PATCH] Replaced variable-time GCD with consttime inversion to avoid side-channel attacks on RSA key generation Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 9db724cfede4ba7a3668bff533973ee70145ec07) --- crypto/rsa/rsa_gen.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) Index: openssl-1.0.1f/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.1f.orig/crypto/rsa/rsa_gen.c 2018-06-20 07:50:52.502479764 -0400 +++ openssl-1.0.1f/crypto/rsa/rsa_gen.c 2018-06-20 07:54:40.998657418 -0400 @@ -104,6 +104,7 @@ static int rsa_builtin_keygen(RSA *rsa, BIGNUM *pr0,*d,*p; int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; + unsigned long error = 0; ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -129,14 +130,29 @@ static int rsa_builtin_keygen(RSA *rsa, BN_copy(rsa->e, e_value); + BN_set_flags(rsa->e, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1)) break; + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) + { + /* GCD == 1 since inverse exists */ + break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) + { + /* GCD != 1 */ + ERR_clear_error(); + } + else + { + goto err; + } if(!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -160,9 +176,22 @@ static int rsa_builtin_keygen(RSA *rsa, goto err; } if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1)) + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) + { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) + { + /* GCD != 1 */ + ERR_clear_error(); + } + else + { + goto err; + } if(!BN_GENCB_call(cb, 2, n++)) goto err; } debian/patches/CVE-2014-0160.patch0000644000000000000000000000567212320577634013246 0ustar Description: fix memory disclosure in TLS heartbeat extension Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/d1_both.c 2014-04-07 15:37:38.548342862 -0400 @@ -1459,26 +1459,36 @@ unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); + buffer = OPENSSL_malloc(write_length); bp = buffer; /* Enter response type, length and copy payload */ @@ -1489,11 +1499,11 @@ /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, + buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/t1_lib.c 2014-04-07 15:37:38.548342862 -0400 @@ -2558,16 +2558,20 @@ unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; debian/patches/CVE-2015-0209-2.patch0000644000000000000000000000353012502560217013370 0ustar Backport of: From a4517be9e348634ac64f9cf093131e13e8c03e38 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 19 Mar 2015 10:16:32 +0000 Subject: [PATCH] Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte --- crypto/asn1/x_x509.c | 12 +++++++++++- crypto/ec/ec_asn1.c | 7 +++++-- 2 files changed, 16 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/asn1/x_x509.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/x_x509.c 2015-03-19 10:32:09.153159407 -0400 +++ openssl-1.0.1f/crypto/asn1/x_x509.c 2015-03-19 10:33:18.137588158 -0400 @@ -170,8 +170,14 @@ { const unsigned char *q; X509 *ret; + int freeret = 0; + /* Save start position */ q = *pp; + + if(!a || *a == NULL) { + freeret = 1; + } ret = d2i_X509(a, pp, length); /* If certificate unreadable then forget it */ if(!ret) return NULL; @@ -181,7 +187,11 @@ if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; return ret; err: - X509_free(ret); + if(freeret) { + X509_free(ret); + if (a) + *a = NULL; + } return NULL; } Index: openssl-1.0.1f/crypto/ec/ec_asn1.c =================================================================== --- openssl-1.0.1f.orig/crypto/ec/ec_asn1.c 2015-03-19 10:32:09.153159407 -0400 +++ openssl-1.0.1f/crypto/ec/ec_asn1.c 2015-03-19 10:34:35.518100170 -0400 @@ -1360,8 +1360,6 @@ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); return NULL; } - if (a) - *a = ret; } else ret = *a; @@ -1369,9 +1367,14 @@ if (!d2i_ECPKParameters(&ret->group, in, len)) { ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + if (a == NULL || *a != ret) + EC_KEY_free(ret); return NULL; } + if (a) + *a = ret; + return ret; } debian/patches/CVE-2014-0224-regression.patch0000644000000000000000000000144712346316407015416 0ustar From 0d4d2e02eb55f3a03e2a8e39b723b2a2ba436584 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 7 Jun 2014 15:21:13 +0100 Subject: [PATCH] Make tls_session_secret_cb work with CVE-2014-0224 fix. If application uses tls_session_secret_cb for session resumption set the CCS_OK flag. (cherry picked from commit 953c592572e8811b7956cc09fbd8e98037068b58) --- ssl/s3_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 0457af8..167bfc6 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p+j); + s->s3->flags |= SSL3_FLAGS_CCS_OK; } } #endif /* OPENSSL_NO_TLSEXT */ -- 1.7.9.5 debian/patches/man-section.patch0000644000000000000000000000224411501207564014056 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 @@ -134,7 +134,8 @@ MANDIR=/usr/share/man MAN1=1 MAN3=3 -MANSUFFIX= +MANSUFFIX=ssl +MANSECTION=SSL HTMLSUFFIX=html HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh @@ -606,7 +607,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ @@ -623,7 +624,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ debian/patches/CVE-2016-6306-1.patch0000644000000000000000000000370112770760425013406 0ustar Backport of: From 52e623c4cb06fffa9d5e75c60b34b4bc130b12e9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 17 Sep 2016 12:36:58 +0100 Subject: [PATCH] Fix small OOB reads. In ssl3_get_client_certificate, ssl3_get_server_certificate and ssl3_get_certificate_request check we have enough room before reading a length. Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs. CVE-2016-6306 Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit ff553f837172ecb2b5c8eca257ec3c5619a4b299) --- ssl/s3_clnt.c | 11 +++++++++++ ssl/s3_srvr.c | 6 ++++++ 2 files changed, 17 insertions(+) Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2016-09-22 09:44:20.693840615 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2016-09-22 09:46:26.871384756 -0400 @@ -1136,6 +1136,12 @@ } for (nc=0; nc llen) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } n2l3(p,l); if ((l+nc+3) > llen) { @@ -1986,6 +1992,12 @@ for (nc=0; nc llen) + { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); + goto err; + } n2s(p,l); if ((l+nc+2) > llen) { Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2016-09-22 09:44:20.693840615 -0400 +++ openssl-1.0.1f/ssl/s3_srvr.c 2016-09-22 09:47:25.964106925 -0400 @@ -3216,6 +3216,12 @@ } for (nc=0; nc llen) + { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } n2l3(p,l); if ((l+nc+3) > llen) { debian/patches/CVE-2014-3510.patch0000644000000000000000000000511612370665344013242 0ustar From 88ae012c8092852f03c50f6461175271104b4c8a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Emilia=20K=C3=A4sper?= Date: Thu, 24 Jul 2014 22:15:29 +0200 Subject: [PATCH] Fix DTLS anonymous EC(DH) denial of service CVE-2014-3510 Reviewed-by: Dr. Stephen Henson --- ssl/d1_clnt.c | 23 +++++++++++++++++++++-- ssl/s3_clnt.c | 7 +++++++ 2 files changed, 28 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/d1_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_clnt.c 2014-08-07 08:02:40.554814164 -0400 +++ openssl-1.0.1f/ssl/d1_clnt.c 2014-08-07 08:02:40.546814163 -0400 @@ -990,6 +990,13 @@ RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + if (s->session->sess_cert == NULL) + { + /* We should always have a server certificate with SSL_kRSA. */ + SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); + goto err; + } + if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa=s->session->sess_cert->peer_rsa_tmp; else @@ -1180,6 +1187,13 @@ { DH *dh_srvr,*dh_clnt; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + if (s->session->sess_cert->peer_dh_tmp != NULL) dh_srvr=s->session->sess_cert->peer_dh_tmp; else @@ -1239,6 +1253,13 @@ int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? @@ -1714,5 +1735,3 @@ /* SSL3_ST_CW_CERT_D */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } - - Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2014-08-07 08:02:40.554814164 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2014-08-07 08:02:40.546814163 -0400 @@ -2253,6 +2253,13 @@ RSA *rsa; unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + if (s->session->sess_cert == NULL) + { + /* We should always have a server certificate with SSL_kRSA. */ + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); + goto err; + } + if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa=s->session->sess_cert->peer_rsa_tmp; else debian/patches/dgst_hmac.patch0000644000000000000000000000361311575366731013610 0ustar From: Thorsten Glaser Date: Fri, 22 May 2009 16:28:05 +0000 (UTC) Subject: Document openssl dgst -hmac option I've committed the thing below in MirBSD; since the apps code changes very little between OpenSSL versions, it will probably apply to the Debian package as well. I'm open for better wor- ding though, especially considering the FIPS option, which I found as undocumented too. Index: openssl-1.0.0d/doc/apps/dgst.pod =================================================================== --- openssl-1.0.0d.orig/doc/apps/dgst.pod 2009-04-10 16:42:27.000000000 +0000 +++ openssl-1.0.0d/doc/apps/dgst.pod 2011-06-13 11:00:04.000000000 +0000 @@ -12,6 +12,8 @@ [B<-d>] [B<-hex>] [B<-binary>] +[B<-hmac arg>] +[B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -54,6 +56,14 @@ output the digest or signature in binary form. +=item B<-hmac arg> + +set the HMAC key to "arg". + +=item B<-non-fips-allow> + +allow use of non FIPS digest. + =item B<-out filename> filename to output to, or standard output by default. Index: openssl-1.0.0d/apps/dgst.c =================================================================== --- openssl-1.0.0d.orig/apps/dgst.c 2010-02-12 17:07:24.000000000 +0000 +++ openssl-1.0.0d/apps/dgst.c 2011-06-13 11:00:04.000000000 +0000 @@ -268,6 +268,8 @@ BIO_printf(bio_err,"-d to output debug info\n"); BIO_printf(bio_err,"-hex output as hex dump\n"); BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-hmac arg set the HMAC key to arg\n"); + BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n"); BIO_printf(bio_err,"-sign file sign digest using private key in file\n"); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); debian/patches/man-dir.patch0000644000000000000000000000055511501173436013173 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 @@ -131,7 +131,7 @@ MAKEFILE= Makefile -MANDIR=$(OPENSSLDIR)/man +MANDIR=/usr/share/man MAN1=1 MAN3=3 MANSUFFIX= debian/patches/tls_fallback_scsv_support.patch0000644000000000000000000004474312417524206017130 0ustar Description: Added TLS_FALLBACK_SCSV support Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6bfe55380abbf7528e04e59f18921bd6c896af1c Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d07c75c5b97a31edfdec8076bd720166fdde789 Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80fb4820cb1c849348b5246330b35ed4f51af562 Index: openssl-1.0.1f/apps/s_client.c =================================================================== --- openssl-1.0.1f.orig/apps/s_client.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/apps/s_client.c 2014-10-15 12:49:17.794220427 -0400 @@ -335,6 +335,7 @@ BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -615,6 +616,7 @@ char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -831,6 +833,10 @@ #endif else if (strcmp(*argv,"-bugs") == 0) bugs=1; + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; @@ -1233,6 +1239,10 @@ SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { Index: openssl-1.0.1f/crypto/err/openssl.ec =================================================================== --- openssl-1.0.1f.orig/crypto/err/openssl.ec 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/crypto/err/openssl.ec 2014-10-15 12:48:35.869870117 -0400 @@ -71,6 +71,7 @@ R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 Index: openssl-1.0.1f/ssl/d1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_lib.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/d1_lib.c 2014-10-14 22:37:17.955645648 -0400 @@ -263,6 +263,16 @@ case DTLS_CTRL_LISTEN: ret = dtls1_listen(s, parg); break; + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ +#if DTLS_MAX_VERSION != DTLS1_VERSION +# error Code needs update for DTLS_method() support beyond DTLS1_VERSION. +#endif + /* Just one protocol version is supported so far; + * fail closed if the version is not as expected. */ + return s->version == DTLS_MAX_VERSION; default: ret = ssl3_ctrl(s, cmd, larg, parg); Index: openssl-1.0.1f/ssl/dtls1.h =================================================================== --- openssl-1.0.1f.orig/ssl/dtls1.h 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/dtls1.h 2014-10-14 22:37:17.955645648 -0400 @@ -84,6 +84,8 @@ #endif #define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + #define DTLS1_BAD_VER 0x0100 #if 0 @@ -284,4 +286,3 @@ } #endif #endif - Index: openssl-1.0.1f/ssl/s23_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s23_clnt.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/s23_clnt.c 2014-10-14 22:37:17.955645648 -0400 @@ -736,6 +736,9 @@ goto err; } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ Index: openssl-1.0.1f/ssl/s23_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s23_srvr.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/s23_srvr.c 2014-10-14 22:37:17.955645648 -0400 @@ -421,6 +421,9 @@ } } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { Index: openssl-1.0.1f/ssl/s2_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/s2_lib.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/s2_lib.c 2014-10-14 22:37:17.955645648 -0400 @@ -391,6 +391,8 @@ case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; + case SSL_CTRL_CHECK_PROTO_VERSION: + return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); default: break; } @@ -437,7 +439,7 @@ if (p != NULL) { l=c->id; - if ((l & 0xff000000) != 0x02000000) return(0); + if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); p[0]=((unsigned char)(l>>16L))&0xFF; p[1]=((unsigned char)(l>> 8L))&0xFF; p[2]=((unsigned char)(l ))&0xFF; Index: openssl-1.0.1f/ssl/s3_enc.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_enc.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/s3_enc.c 2014-10-14 22:37:17.955645648 -0400 @@ -892,7 +892,7 @@ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return(-1); } } - Index: openssl-1.0.1f/ssl/s3_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_lib.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/s3_lib.c 2014-10-14 22:37:17.959645675 -0400 @@ -3355,6 +3355,33 @@ #endif #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_2_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1_2)) + return s->version == TLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1_1)) + return s->version == TLS1_1_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } @@ -3714,6 +3741,7 @@ break; #endif #endif + default: return(0); } @@ -4291,4 +4319,3 @@ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } - Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2014-10-14 22:37:17.959645675 -0400 @@ -651,6 +651,10 @@ */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -1509,6 +1513,7 @@ #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1619,6 +1624,8 @@ #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -2372,6 +2379,7 @@ #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -2518,6 +2526,7 @@ #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 Index: openssl-1.0.1f/ssl/ssl3.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl3.h 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/ssl3.h 2014-10-14 22:37:17.959645675 -0400 @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 Index: openssl-1.0.1f/ssl/ssl_err.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_err.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/ssl_err.c 2014-10-14 22:37:17.959645675 -0400 @@ -382,6 +382,7 @@ {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, +{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, @@ -528,6 +529,7 @@ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, +{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, Index: openssl-1.0.1f/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_lib.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/ssl_lib.c 2014-10-14 22:37:17.959645675 -0400 @@ -1383,6 +1383,8 @@ if (sk == NULL) return(0); q=p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; for (i=0; isrp_ctx.srp_Mask & SSL_kSRP)) continue; #endif /* OPENSSL_NO_SRP */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + j = put_cb(c,p); p+=j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if not renegotiating. - */ - if (p != q && !s->renegotiate) + /* If p == q, no ciphers; caller indicates an error. + * Otherwise, add applicable SCSVs. */ + if (p != q) { - static SSL_CIPHER scsv = + if (!s->renegotiate) { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV sent by client\n"); + fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); #endif - } + } + + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; + } + } return(p-q); } @@ -1435,11 +1449,12 @@ const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) + if (n == 0 || (num%n) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return(NULL); @@ -1454,7 +1469,7 @@ for (i=0; is3 && (n != 3 || !p[0]) && (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (p[n-1] == (SSL3_CK_SCSV & 0xff))) @@ -1474,6 +1489,23 @@ continue; } + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) + { + /* The SCSV indicates that the client previously tried a higher version. + * Fail if the current version is an unexpected downgrade. */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + continue; + } + c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) Index: openssl-1.0.1f/ssl/t1_enc.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_enc.c 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/t1_enc.c 2014-10-14 22:37:17.959645675 -0400 @@ -1244,6 +1244,7 @@ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); Index: openssl-1.0.1f/ssl/tls1.h =================================================================== --- openssl-1.0.1f.orig/ssl/tls1.h 2014-10-14 22:37:17.959645675 -0400 +++ openssl-1.0.1f/ssl/tls1.h 2014-10-14 22:37:17.959645675 -0400 @@ -159,17 +159,19 @@ #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +#define TLS_MAX_VERSION TLS1_2_VERSION + +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 -#define TLS1_1_VERSION 0x0302 #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -187,6 +189,7 @@ #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ Index: openssl-1.0.1f/doc/apps/s_client.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/s_client.pod 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/doc/apps/s_client.pod 2014-10-15 12:48:38.741894119 -0400 @@ -34,6 +34,9 @@ [B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] +[B<-no_tls1_1>] +[B<-no_tls1_2>] +[B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] @@ -176,16 +179,19 @@ given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-no_tls> option others will only -support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off. + +=item B<-fallback_scsv> + +Send TLS_FALLBACK_SCSV in the ClientHello. =item B<-bugs> Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_mode.pod =================================================================== --- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_mode.pod 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_mode.pod 2014-10-15 12:48:38.741894119 -0400 @@ -71,6 +71,12 @@ save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. +=item SSL_MODE_FALLBACK_SCSV + +Send TLS_FALLBACK_SCSV in the ClientHello. +To be set by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details. + =back =head1 RETURN VALUES debian/patches/pod_s_server.misspell.patch0000644000000000000000000000047511575361126016174 0ustar --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -111,7 +111,7 @@ =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg> -addtional certificate and private key format and passphrase respectively. +additional certificate and private key format and passphrase respectively. =item B<-nocert> debian/patches/CVE-2016-2177-pre.patch0000644000000000000000000000645013043662750014036 0ustar Backport of: From 89c2720298f875ac80777da2da88a64859775898 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 10 Apr 2015 17:25:27 +0100 Subject: [PATCH] Check for ClientHello message overruns The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79) --- ssl/s3_srvr.c | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2017-01-30 11:07:41.467312664 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2017-01-30 11:11:59.810656978 -0500 @@ -945,6 +945,16 @@ s->first_packet=0; d=p=(unsigned char *)s->init_msg; + /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + /* use version from inside client hello, not from record header * (may differ: see RFC 2246, Appendix E, second paragraph) */ s->client_version=(((int)p[0])<<8)|(int)p[1]; @@ -973,6 +983,12 @@ unsigned int session_length, cookie_length; session_length = *(p + SSL3_RANDOM_SIZE); + + if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) @@ -986,6 +1002,12 @@ /* get the session-id */ j= *(p++); + if (p + j > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + s->hit=0; /* Versions before 0.9.7 always allow clients to resume sessions in renegotiation. * 0.9.7 and later allow this by default, but optionally ignore resumption requests @@ -1024,8 +1046,19 @@ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { /* cookie stuff */ + if (p + 1 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_len = *(p++); + if (p + cookie_len > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it @@ -1072,6 +1105,11 @@ p += cookie_len; } + if (p + 2 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p,i); if ((i == 0) && (j != 0)) { @@ -1080,7 +1118,9 @@ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } - if ((p+i) >= (d+n)) + + /* i bytes of cipher data + 1 byte for compression length later */ + if ((p + i + 1) > (d + n)) { /* not enough data */ al=SSL_AD_DECODE_ERROR; debian/patches/CVE-2015-0204.patch0000644000000000000000000002033112453766137013240 0ustar From 37580f43b5a39f5f4e920d17273fab9713d3a744 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 23 Oct 2014 17:09:57 +0100 Subject: [PATCH] Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: doc/ssl/SSL_CTX_set_options.pod --- CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 21 ++++++--------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 21 ++++++--------------- ssl/ssl.h | 5 ++--- 7 files changed, 38 insertions(+), 57 deletions(-) Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_options.pod =================================================================== --- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_options.pod 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_options.pod 2015-01-09 08:02:16.726157692 -0500 @@ -152,15 +152,7 @@ =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with EDH (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod =================================================================== --- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-01-09 08:02:16.726157692 -0500 @@ -74,21 +74,14 @@ in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the Index: openssl-1.0.1f/ssl/d1_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_srvr.c 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/ssl/d1_srvr.c 2015-01-09 08:02:16.726157692 -0500 @@ -450,24 +450,15 @@ case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/ssl/s3_clnt.c 2015-01-09 08:02:16.726157692 -0500 @@ -1499,6 +1499,13 @@ #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2015-01-09 08:02:16.726157692 -0500 @@ -441,20 +441,11 @@ case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -468,7 +459,7 @@ * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2015-01-09 08:02:16.730157720 -0500 +++ openssl-1.0.1f/ssl/ssl.h 2015-01-09 08:02:16.726157692 -0500 @@ -594,9 +594,8 @@ #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L debian/patches/pod_pksc12.misspell.patch0000644000000000000000000000054311575361136015444 0ustar --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -75,7 +75,7 @@ =item B<-passout arg> -pass phrase source to encrypt any outputed private keys with. For more +pass phrase source to encrypt any outputted private keys with. For more information about the format of B see the B section in L. debian/patches/CVE-2015-0206.patch0000644000000000000000000001036712453766150013245 0ustar Backport of: From 04685bc949e90a877656cf5020b6d4f90a9636a6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 7 Jan 2015 14:18:13 +0000 Subject: [PATCH] A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson --- ssl/d1_pkt.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2015-01-09 08:03:00.186451348 -0500 +++ openssl-1.0.1f/ssl/d1_pkt.c 2015-01-09 08:04:38.907118045 -0500 @@ -212,7 +212,7 @@ /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) @@ -242,9 +242,11 @@ /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } s->packet = NULL; @@ -255,9 +257,11 @@ if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } return(1); @@ -313,8 +317,9 @@ dtls1_get_unprocessed_record(s); if ( ! dtls1_process_record(s)) return(0); - dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), + s->s3->rrec.seq_num)<0) + return -1; } } @@ -529,7 +534,6 @@ /* we have pulled in a full packet so zero things */ s->packet_length=0; - dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); f_err: @@ -562,7 +566,8 @@ /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - dtls1_process_buffered_records(s); + if(dtls1_process_buffered_records(s)<0) + return -1; /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -699,7 +704,9 @@ { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) + return -1; + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; @@ -712,6 +719,7 @@ s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); @@ -863,7 +871,11 @@ * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) + { + SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } rr->length = 0; goto start; } debian/patches/CVE-2014-3511.patch0000644000000000000000000000506412370665354013246 0ustar From fc4f4cdb8bf9981904e652abf69b892a45bddacf Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 23 Jul 2014 22:32:21 +0200 Subject: [PATCH] Fix protocol downgrade bug in case of fragmented packets MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit CVE-2014-3511 Reviewed-by: Emilia Käsper Reviewed-by: Bodo Möller --- ssl/s23_srvr.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 4877849..2901a6b 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -348,23 +348,19 @@ int ssl23_get_client_hello(SSL *s) * Client Hello message, this would be difficult, and we'd have * to read more records to find out. * No known SSL 3.0 client fragments ClientHello like this, - * so we simply assume TLS 1.0 to avoid protocol version downgrade - * attacks. */ + * so we simply reject such connections to avoid + * protocol version downgrade attacks. */ if (p[3] == 0 && p[4] < 6) { -#if 0 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; -#else - v[1] = TLS1_VERSION_MINOR; -#endif } /* if major version number > 3 set minor to a value * which will use the highest version 3 we support. * If TLS 2.0 ever appears we will need to revise * this.... */ - else if (p[9] > SSL3_VERSION_MAJOR) + if (p[9] > SSL3_VERSION_MAJOR) v[1]=0xff; else v[1]=p[10]; /* minor version according to client_version */ @@ -444,14 +440,34 @@ int ssl23_get_client_hello(SSL *s) v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ v[1] = p[4]; + /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 + * header is sent directly on the wire, not wrapped as a TLS + * record. It's format is: + * Byte Content + * 0-1 msg_length + * 2 msg_type + * 3-4 version + * 5-6 cipher_spec_length + * 7-8 session_id_length + * 9-10 challenge_length + * ... ... + */ n=((p[0]&0x7f)<<8)|p[1]; if (n > (1024*4)) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); goto err; } + if (n < 9) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); + goto err; + } j=ssl23_read_bytes(s,n+2); + /* We previously read 11 bytes, so if j > 0, we must have + * j == n+2 == s->packet_length. We have at least 11 valid + * packet bytes. */ if (j <= 0) return(j); ssl3_finish_mac(s, s->packet+2, s->packet_length-2); -- 1.7.9.5 debian/patches/CVE-2018-0495.patch0000644000000000000000000001410113312437466013250 0ustar Backport of: From 949ff36623eafc3523a9f91784992965018ffb05 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 25 May 2018 12:10:13 +0100 Subject: [PATCH] Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz --- CHANGES | 4 +++ crypto/ecdsa/ecdsatest.c | 9 +++++- crypto/ecdsa/ecs_ossl.c | 82 +++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 79 insertions(+), 16 deletions(-) #diff --git a/CHANGES b/CHANGES #index f17fbbf..a3861ab 100644 #--- a/CHANGES #+++ b/CHANGES #@@ -9,6 +9,10 @@ # # Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] # #+ *) Add blinding to an ECDSA signature to protect against side channel attacks #+ discovered by Keegan Ryan (NCC Group). #+ [Matt Caswell] #+ # *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we # now allow empty (zero character) pass phrases. # [Richard Levitte] Index: openssl-1.0.1f/crypto/ecdsa/ecdsatest.c =================================================================== --- openssl-1.0.1f.orig/crypto/ecdsa/ecdsatest.c 2018-06-20 07:39:18.645941062 -0400 +++ openssl-1.0.1f/crypto/ecdsa/ecdsatest.c 2018-06-20 07:40:34.129999574 -0400 @@ -137,7 +137,7 @@ int restore_rand(void) return 1; } -static int fbytes_counter = 0; +static int fbytes_counter = 0, use_fake = 0; static const char *numbers[8] = { "651056770906015076056810763456358567190100156695615665659", "6140507067065001063065065565667405560006161556565665656654", @@ -157,6 +157,11 @@ int fbytes(unsigned char *buf, int num) int ret; BIGNUM *tmp = NULL; + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + if (fbytes_counter >= 8) return 0; tmp = BN_new(); @@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int ni /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) goto x962_int_err; + use_fake = 1; if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* create the signature */ + use_fake = 1; signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; Index: openssl-1.0.1f/crypto/ecdsa/ecs_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/ecdsa/ecs_ossl.c 2018-06-20 07:39:18.645941062 -0400 +++ openssl-1.0.1f/crypto/ecdsa/ecs_ossl.c 2018-06-20 07:48:36.426374005 -0400 @@ -250,6 +250,7 @@ static ECDSA_SIG *ecdsa_do_sign(const un { int ok = 0, i; BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; + BIGNUM *blind = NULL, *blindm = NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -268,15 +269,27 @@ static ECDSA_SIG *ecdsa_do_sign(const un } ret = ECDSA_SIG_new(); - if (!ret) + if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } s = ret->s; - if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + if (blindm == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; @@ -325,21 +338,72 @@ static ECDSA_SIG *ecdsa_do_sign(const un } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod order + * + * We will blind this to protect against side channel attacks + * + * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + */ + + /* Generate a blinding value */ + do + { + if (!BN_rand(blind, BN_num_bits(order) - 1, -1, 0)) + goto err; + } + while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod order */ + if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) + + /* blindm := blind * m mod order */ + if (!BN_mod_mul(blindm, blind, m, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } + + /* s : = (blind * priv_key * r) + (blind * m) mod order */ + if (!BN_mod_add_quick(s, tmp, blindm, order)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, blind, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + + /* s := s * k^-1 mod order */ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } + if (BN_is_zero(s)) { /* if kinv and r have been supplied by the caller @@ -363,15 +427,12 @@ err: ECDSA_SIG_free(ret); ret = NULL; } - if (ctx) + if (ctx != NULL) + { + BN_CTX_end(ctx); BN_CTX_free(ctx); - if (m) - BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); - if (order) - BN_free(order); - if (kinv) + } + if (kinv != NULL) BN_clear_free(kinv); return ret; } debian/patches/CVE-2016-8610-2.patch0000644000000000000000000000346313043675446013416 0ustar Backport of: From f1185392189641014dca94f3fe7834bccb5f4c16 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 2 Nov 2016 22:26:17 +0000 Subject: [PATCH] Fail if an unrecognised record type is received MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by 郭志攀 Reviewed-by: Tim Hudson --- ssl/s3_pkt.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2017-01-30 12:41:32.006003547 -0500 +++ openssl-1.0.1f/ssl/s3_pkt.c 2017-01-30 12:42:41.262909510 -0500 @@ -1388,16 +1388,13 @@ switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS - /* TLS up to v1.1 just ignores unknown message types: - * TLS v1.2 give an unexpected message alert. + /* + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ - if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) - { - rr->length = 0; - goto start; - } -#endif al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); goto f_err; debian/patches/engines-path.patch0000644000000000000000000001013511501477031014217 0ustar Index: openssl-1.0.0c/Makefile.org =================================================================== --- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100 +++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100 @@ -497,7 +497,7 @@ install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ Index: openssl-1.0.0c/engines/Makefile =================================================================== --- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200 +++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100 @@ -107,7 +107,7 @@ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ - $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ + $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \ for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ @@ -119,13 +119,13 @@ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ else \ sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \ done; \ fi @target=install; $(RECURSIVE_MAKE) Index: openssl-1.0.0c/Configure =================================================================== --- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100 +++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100 @@ -1732,7 +1732,7 @@ } elsif (/^#define\s+ENGINESDIR/) { - my $foo = "$prefix/$libdir/engines"; + my $foo = "$prefix/$libdir/openssl-1.0.0/engines"; $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } Index: openssl-1.0.0c/engines/ccgost/Makefile =================================================================== --- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100 +++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100 @@ -53,13 +53,13 @@ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ else \ sfx=".so"; \ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \ fi links: debian/patches/CVE-2016-2177-pre3.patch0000644000000000000000000001122413043665674014124 0ustar Backport of: From f141376ae2892b59f2b1af94204f925832f8dc3a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 5 Oct 2015 14:12:05 +0100 Subject: [PATCH] Change functions to pass in a limit rather than calculate it MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Some extension handling functions were passing in a pointer to the start of the data, plus the length in order to calculate the end, rather than just passing in the end to start with. This change makes things a little more readable. Reviewed-by: Emilia Käsper Conflicts: ssl/s3_srvr.c ssl/ssl_locl.h ssl/t1_lib.c --- ssl/s3_srvr.c | 2 +- ssl/ssl_locl.h | 2 +- ssl/t1_lib.c | 30 +++++++++++++++--------------- 3 files changed, 17 insertions(+), 17 deletions(-) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2017-01-30 11:18:33.260098102 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2017-01-30 11:19:07.944576474 -0500 @@ -1213,7 +1213,7 @@ /* TLS extensions*/ if (s->version >= SSL3_VERSION) { - if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) + if (!ssl_parse_clienthello_tlsext(s,&p,d+n, &al)) { /* 'al' set by ssl_parse_clienthello_tlsext */ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT); Index: openssl-1.0.1f/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_locl.h 2017-01-30 11:18:33.260098102 -0500 +++ openssl-1.0.1f/ssl/ssl_locl.h 2017-01-30 11:19:43.793070659 -0500 @@ -1100,7 +1100,7 @@ #ifndef OPENSSL_NO_TLSEXT unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *limit, int *al); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); int ssl_prepare_clienthello_tlsext(SSL *s); int ssl_prepare_serverhello_tlsext(SSL *s); Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2017-01-30 11:18:33.260098102 -0500 +++ openssl-1.0.1f/ssl/t1_lib.c 2017-01-30 11:22:25.075281338 -0500 @@ -871,7 +871,7 @@ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from * 10.8..10.8.3 (which don't work). */ -static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { +static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *limit) { unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { 0x00, 0x0a, /* elliptic_curves extension */ @@ -899,11 +899,11 @@ 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (d+n-2)) + if (data >= (limit-2)) return; data += 2; - if (data > (d+n-4)) + if (data > (limit-4)) return; n2s(data,type); n2s(data,size); @@ -911,7 +911,7 @@ if (type != TLSEXT_TYPE_server_name) return; - if (data+size > d+n) + if (data+size > limit) return; data += size; @@ -920,7 +920,7 @@ const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != d+n) + if (data + len1 + len2 != limit) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -931,7 +931,7 @@ { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != d+n) + if (data + len != limit) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -941,7 +941,7 @@ } #endif /* !OPENSSL_NO_EC */ -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *limit, int *al) { unsigned short type; unsigned short size; @@ -963,22 +963,22 @@ #ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); + ssl_check_for_safari(s, data, limit); #endif /* !OPENSSL_NO_EC */ - if (data >= (d+n-2)) + if (data >= (limit-2)) goto ri_check; n2s(data,len); - if (data + len != d + n) + if (data + len != limit) goto ri_check; - while (data <= (d+n-4)) + while (data <= (limit-4)) { n2s(data,type); n2s(data,size); - if (data+size > (d+n)) + if (data+size > (limit)) goto ri_check; #if 0 fprintf(stderr,"Received extension type %d size %d\n",type,size); debian/patches/shared-lib-ext.patch0000644000000000000000000000130411501173436014445 0ustar Index: openssl-1.0.0c/Configure =================================================================== --- openssl-1.0.0c.orig/Configure 2010-12-12 16:10:12.000000000 +0100 +++ openssl-1.0.0c/Configure 2010-12-12 17:12:38.000000000 +0100 @@ -1605,7 +1605,8 @@ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; +# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; } elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) { debian/patches/CVE-2014-5139.patch0000644000000000000000000001017312370675056013253 0ustar Description: fix crash with SRP ciphersuite in Server Hello message Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=18c7f2fce8a82b13506cac7ca69fc333baf76408 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2014-08-07 08:15:00.794833987 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2014-08-07 08:15:00.790833986 -0400 @@ -954,6 +954,15 @@ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); goto f_err; } +#ifndef OPENSSL_NO_SRP + if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && + !(s->srp_ctx.srp_Mask & SSL_kSRP)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); + goto f_err; + } +#endif /* OPENSSL_NO_SRP */ p+=ssl_put_cipher_by_char(s,NULL,NULL); sk=ssl_get_ciphers_by_id(s); Index: openssl-1.0.1f/ssl/ssl_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_lib.c 2014-08-07 08:15:00.794833987 -0400 +++ openssl-1.0.1f/ssl/ssl_lib.c 2014-08-07 08:15:00.794833987 -0400 @@ -1402,6 +1402,11 @@ s->psk_client_callback == NULL) continue; #endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SRP + if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) && + !(s->srp_ctx.srp_Mask & SSL_kSRP)) + continue; +#endif /* OPENSSL_NO_SRP */ j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); p+=j; } Index: openssl-1.0.1f/ssl/s3_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_lib.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/s3_lib.c 2014-08-07 09:06:13.402916268 -0400 @@ -2426,7 +2426,7 @@ TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_3DES, SSL_SHA1, SSL_TLSV1, @@ -2474,7 +2474,7 @@ TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_AES128, SSL_SHA1, SSL_TLSV1, @@ -2522,7 +2522,7 @@ TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA, TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA, SSL_kSRP, - SSL_aNULL, + SSL_aSRP, SSL_AES256, SSL_SHA1, SSL_TLSV1, Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/ssl.h 2014-08-07 09:06:13.406916269 -0400 @@ -264,6 +264,7 @@ #define SSL_TXT_aGOST94 "aGOST94" #define SSL_TXT_aGOST01 "aGOST01" #define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" Index: openssl-1.0.1f/ssl/ssl_ciph.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_ciph.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/ssl_ciph.c 2014-08-07 09:06:13.406916269 -0400 @@ -270,6 +270,7 @@ {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, + {0,SSL_TXT_aSRP,0, 0,SSL_aSRP, 0,0,0,0,0,0,0}, /* aliases combining key exchange and server authentication */ {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, @@ -1628,6 +1629,9 @@ case SSL_aPSK: au="PSK"; break; + case SSL_aSRP: + au="SRP"; + break; default: au="unknown"; break; Index: openssl-1.0.1f/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_locl.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/ssl_locl.h 2014-08-07 09:06:13.406916269 -0400 @@ -311,6 +311,7 @@ #define SSL_aPSK 0x00000080L /* PSK auth */ #define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */ #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ +#define SSL_aSRP 0x00000400L /* SRP auth */ /* Bits for algorithm_enc (symmetric encryption) */ debian/patches/CVE-2015-1791-2.patch0000644000000000000000000000204312536017460013401 0ustar From 106a9a5d7e26e728a654d7424849081bd988d4a5 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 10 Jun 2015 09:32:34 +0100 Subject: [PATCH] Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158) --- ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/ssl_sess.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_sess.c 2015-06-10 07:09:16.773279092 -0400 +++ openssl-1.0.1f/ssl/ssl_sess.c 2015-06-10 07:09:47.489584122 -0400 @@ -239,7 +239,7 @@ memcpy(dest, src, sizeof(*dest)); #ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = dest->krb5_client_princ_len; + dest->krb5_client_princ_len = src->krb5_client_princ_len; if (src->krb5_client_princ_len > 0) memcpy(dest->krb5_client_princ, src->krb5_client_princ, src->krb5_client_princ_len); debian/patches/CVE-2014-3508.patch0000644000000000000000000000756212370665304013254 0ustar From 03b04ddac162c7b7fa3c57eadccc5a583a00d291 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 2 Jul 2014 19:02:33 +0200 Subject: [PATCH] Fix OID handling: - Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx Reviewed-by: Tim Hudson --- crypto/asn1/a_object.c | 30 +++++++++++++++++++++--------- crypto/objects/obj_dat.c | 16 +++++++++------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 3978c91..77b2768 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -283,17 +283,29 @@ err: ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); return(NULL); } + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) { ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; - /* Sanity check OID encoding: can't have leading 0x80 in - * subidentifiers, see: X.690 8.19.2 + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 */ - for (i = 0, p = *pp; i < len; i++, p++) + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { @@ -316,23 +328,23 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, data = (unsigned char *)ret->data; ret->data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret->length < len)) + if ((data == NULL) || (ret->length < length)) { ret->length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret->data =data; - ret->length=(int)len; + ret->length=length; ret->sn=NULL; ret->ln=NULL; /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 8a342ba..0b2f442 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -471,11 +471,12 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) const unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); - } + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf && buf_len > 0) + buf[0] = '\0'; + if ((a == NULL) || (a->data == NULL)) + return(0); if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) { @@ -554,9 +555,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) i=(int)(l/40); l-=(long)(i*40); } - if (buf && (buf_len > 0)) + if (buf && (buf_len > 1)) { *buf++ = i + '0'; + *buf = '\0'; buf_len--; } n++; @@ -571,9 +573,10 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) i = strlen(bndec); if (buf) { - if (buf_len > 0) + if (buf_len > 1) { *buf++ = '.'; + *buf = '\0'; buf_len--; } BUF_strlcpy(buf,bndec,buf_len); @@ -807,4 +810,3 @@ err: OPENSSL_free(buf); return(ok); } - -- 1.7.9.5 debian/patches/alt-cert-chains-4.patch0000644000000000000000000002052612655207366014776 0ustar From 1c687ff4dd5dcc0f05f1d062effdb40e4e41f24f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Jan 2015 11:15:15 +0000 Subject: [PATCH] Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx Conflicts: doc/apps/cms.pod doc/apps/ocsp.pod doc/apps/s_client.pod doc/apps/s_server.pod doc/apps/smime.pod doc/apps/verify.pod --- doc/apps/cms.pod | 5 ++++- doc/apps/ocsp.pod | 11 +++++++++++ doc/apps/s_client.pod | 7 ++++++- doc/apps/s_server.pod | 9 +++++++++ doc/apps/smime.pod | 4 +++- doc/apps/verify.pod | 13 +++++++++++++ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +++++++- 7 files changed, 53 insertions(+), 4 deletions(-) Index: openssl-1.0.1f/doc/apps/cms.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/cms.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/cms.pod 2016-02-05 16:06:52.825156453 -0500 @@ -35,6 +35,7 @@ [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no_alt_chains>] [B<-md digest>] [B<-[cipher]>] [B<-nointern>] @@ -401,7 +402,7 @@ then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -599,4 +600,6 @@ added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut Index: openssl-1.0.1f/doc/apps/ocsp.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/ocsp.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/ocsp.pod 2016-02-05 16:06:52.825156453 -0500 @@ -29,6 +29,7 @@ [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-no_alt_chains>]] [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] @@ -138,6 +139,10 @@ file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-no_alt_chains> + +See L|verify(1)> manual page for details. + =item B<-verify_other file> file containing additional certificates to search when attempting to locate @@ -369,3 +374,9 @@ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der + +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + +=cut Index: openssl-1.0.1f/doc/apps/s_client.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/s_client.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/s_client.pod 2016-02-05 16:06:52.825156453 -0500 @@ -17,6 +17,7 @@ [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -104,7 +105,7 @@ A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -309,4 +310,8 @@ L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut Index: openssl-1.0.1f/doc/apps/s_server.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/s_server.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/s_server.pod 2016-02-05 16:06:52.825156453 -0500 @@ -33,6 +33,7 @@ [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-nocert>] [B<-cipher cipherlist>] [B<-quiet>] @@ -163,6 +164,10 @@ is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-no_alt_chains> + +See the L|verify(1)> manual page for details. + =item B<-state> prints out the SSL session states. @@ -352,4 +357,8 @@ L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut Index: openssl-1.0.1f/doc/apps/smime.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/smime.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/smime.pod 2016-02-05 16:06:52.825156453 -0500 @@ -15,6 +15,7 @@ [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-no_alt_chains>] [B<-certfile file>] [B<-signer file>] [B<-recip file>] @@ -259,7 +260,7 @@ then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various options of certificate chain verification. See L|verify(1)> manual page for details. @@ -441,5 +442,6 @@ The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. =cut Index: openssl-1.0.1f/doc/apps/verify.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/verify.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/apps/verify.pod 2016-02-05 16:06:52.825156453 -0500 @@ -22,6 +22,7 @@ [B<-extended_crl>] [B<-use_deltas>] [B<-policy_print>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -102,6 +103,14 @@ Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -403,4 +412,8 @@ L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut Index: openssl-1.0.1f/doc/crypto/X509_VERIFY_PARAM_set_flags.pod =================================================================== --- openssl-1.0.1f.orig/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 2016-02-05 16:06:52.833156542 -0500 +++ openssl-1.0.1f/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 2016-02-05 16:06:52.829156497 -0500 @@ -133,6 +133,12 @@ to the verification callback and it B be prepared to handle such cases without assuming they are hard errors. +The B flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -166,6 +172,6 @@ =head1 HISTORY -TBA +The B flag was added in OpenSSL 1.0.1n and 1.0.2b =cut debian/patches/alt-cert-chains-3.patch0000644000000000000000000001404512655207307014767 0ustar Backport of: From c6a39046f576ab0af25bf3ef844812330af2b27b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Jan 2015 10:50:38 +0000 Subject: [PATCH] Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx Conflicts: apps/cms.c apps/ocsp.c apps/s_client.c apps/s_server.c apps/smime.c apps/verify.c --- apps/apps.c | 2 ++ apps/cms.c | 2 ++ apps/ocsp.c | 2 ++ apps/s_client.c | 2 ++ apps/s_server.c | 2 ++ apps/smime.c | 2 ++ apps/verify.c | 2 +- 7 files changed, 13 insertions(+), 1 deletion(-) Index: openssl-1.0.1f/apps/apps.c =================================================================== --- openssl-1.0.1f.orig/apps/apps.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/apps.c 2016-02-05 16:01:45.805726725 -0500 @@ -2361,6 +2361,8 @@ flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; Index: openssl-1.0.1f/apps/cms.c =================================================================== --- openssl-1.0.1f.orig/apps/cms.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/cms.c 2016-02-05 16:02:37.806305681 -0500 @@ -642,6 +642,7 @@ BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE Index: openssl-1.0.1f/apps/ocsp.c =================================================================== --- openssl-1.0.1f.orig/apps/ocsp.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/ocsp.c 2016-02-05 16:03:12.918697092 -0500 @@ -595,6 +595,7 @@ BIO_printf (bio_err, "-path path to use in OCSP request\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf (bio_err, "-VAfile file validator certificates file\n"); BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); Index: openssl-1.0.1f/apps/s_client.c =================================================================== --- openssl-1.0.1f.orig/apps/s_client.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/s_client.c 2016-02-05 16:03:42.603028283 -0500 @@ -298,6 +298,7 @@ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n"); BIO_printf(bio_err," -showcerts - show all certificates in the chain\n"); Index: openssl-1.0.1f/apps/s_server.c =================================================================== --- openssl-1.0.1f.orig/apps/s_server.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/s_server.c 2016-02-05 16:04:05.083279271 -0500 @@ -517,6 +517,7 @@ BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); Index: openssl-1.0.1f/apps/smime.c =================================================================== --- openssl-1.0.1f.orig/apps/smime.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/smime.c 2016-02-05 16:04:44.775722783 -0500 @@ -479,6 +479,7 @@ BIO_printf (bio_err, "-text include or delete text MIME headers\n"); BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); + BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); #ifndef OPENSSL_NO_ENGINE Index: openssl-1.0.1f/apps/verify.c =================================================================== --- openssl-1.0.1f.orig/apps/verify.c 2016-02-05 16:00:33.396922042 -0500 +++ openssl-1.0.1f/apps/verify.c 2016-02-05 16:05:17.240085854 -0500 @@ -238,7 +238,7 @@ end: if (ret == 1) { BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err," [-attime timestamp]"); + BIO_printf(bio_err," [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," [-engine e]"); #endif debian/patches/CVE-2014-3569.patch0000644000000000000000000000276512453766075013274 0ustar From 6ce9687b5aba5391fc0de50e18779eb676d0e04d Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Tue, 21 Oct 2014 20:45:15 +0200 Subject: [PATCH] Keep old method in case of an unsupported protocol MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc27d07187b59551e4fad3db4e52ea73f2c. Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by: Emilia Käsper (cherry picked from commit 392fa7a952e97d82eac6958c81ed1e256e6b8ca5) --- ssl/s23_srvr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 93ca7d5..de909b1 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s) if ((type == 2) || (type == 3)) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ - s->method = ssl23_get_server_method(s->version); - if (s->method == NULL) + const SSL_METHOD *new_method; + new_method = ssl23_get_server_method(s->version); + if (new_method == NULL) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; } + s->method = new_method; if (!ssl_init_wbio_buffer(s,1)) goto err; -- 1.7.9.5 debian/patches/ca.patch0000644000000000000000000000151511501173436012224 0ustar Index: openssl-0.9.8m/apps/CA.pl.in =================================================================== --- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 +++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 @@ -65,6 +65,7 @@ foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -165,6 +166,7 @@ } else { print STDERR "Unknown arg $_\n"; print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 1; } } debian/patches/libssl-misspell.patch0000644000000000000000000000122411575357342014767 0ustar --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -302,7 +302,7 @@ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, -{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, debian/patches/openssl_fix_for_x32.patch0000644000000000000000000000201712146434004015527 0ustar Index: openssl-1.0.1c/crypto/bn/asm/x86_64-gcc.c =================================================================== --- openssl-1.0.1c.orig/crypto/bn/asm/x86_64-gcc.c 2010-02-28 05:38:16.000000000 -0800 +++ openssl-1.0.1c/crypto/bn/asm/x86_64-gcc.c 2013-01-17 20:16:12.000000000 -0800 @@ -55,7 +55,7 @@ * machine. */ -#ifdef _WIN64 +#if defined _WIN64 || !defined __LP64__ #define BN_ULONG unsigned long long #else #define BN_ULONG unsigned long @@ -192,9 +192,9 @@ asm ( " subq %2,%2 \n" ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" + "1: movq (%q4,%2,8),%0 \n" + " adcq (%q5,%2,8),%0 \n" + " movq %0,(%q3,%2,8) \n" " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" @@ -215,9 +215,9 @@ asm ( " subq %2,%2 \n" ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" + "1: movq (%q4,%2,8),%0 \n" + " sbbq (%q5,%2,8),%0 \n" + " movq %0,(%q3,%2,8) \n" " leaq 1(%2),%2 \n" " loop 1b \n" " sbbq %0,%0 \n" debian/patches/CVE-2014-0224-regression2.patch0000644000000000000000000000163612351072573015477 0ustar From 9beb75d3c4ce9a93ba07951e8595c09f07496ba8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 14 Jun 2014 22:24:08 +0100 Subject: [PATCH] Accept CCS after sending finished. Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400 (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41) --- ssl/s3_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 167bfc6..2afb892 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -510,6 +510,7 @@ int ssl3_connect(SSL *s) s->method->ssl3_enc->client_finished_label, s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->state=SSL3_ST_CW_FLUSH; /* clear flags */ -- 1.7.9.5 debian/patches/CVE-2015-1792.patch0000644000000000000000000000077512535317460013257 0ustar Description: fix CMS verify infinite loop with unknown hash function Author: Dr. Stephen Henson Index: openssl-1.0.1f/crypto/cms/cms_smime.c =================================================================== --- openssl-1.0.1f.orig/crypto/cms/cms_smime.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/cms/cms_smime.c 2015-06-08 09:10:17.526774741 -0400 @@ -141,7 +141,7 @@ BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); debian/patches/CVE-2014-0224-3.patch0000644000000000000000000000075312343135401013365 0ustar Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2014-06-02 11:00:07.148724754 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2014-06-02 13:57:13.989233921 -0400 @@ -916,6 +916,7 @@ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ debian/patches/CVE-2016-0797.patch0000644000000000000000000000743512664112014013253 0ustar Backport of: From 57ca428d6626f59c1b800c44d558cd2b6afdbf31 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 22 Feb 2016 10:27:18 +0000 Subject: [PATCH] Fix BN_hex2bn/BN_dec2bn NULL ptr/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This leaves ret->d as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to ret->d, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. All OpenSSL internal usage of this function uses data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. CVE-2016-0797 --- crypto/bn/bn_print.c | 13 +++++++++---- crypto/include/internal/bn_int.h | 14 ++++++++++++-- 2 files changed, 21 insertions(+), 6 deletions(-) Index: openssl-1.0.1f/crypto/bn/bn_print.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_print.c 2016-02-26 13:03:29.000095619 -0500 +++ openssl-1.0.1f/crypto/bn/bn_print.c 2016-02-26 13:04:52.777060606 -0500 @@ -58,6 +58,7 @@ #include #include +#include #include "cryptlib.h" #include #include "bn_lcl.h" @@ -180,8 +181,9 @@ if (*a == '-') { neg=1; a++; } - for (i=0; isxdigit((unsigned char) a[i]); i++) - ; + for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++); + if (i > INT_MAX/4) + goto err; num=i+neg; if (bn == NULL) return(num); @@ -197,7 +199,7 @@ BN_zero(ret); } - /* i is the number of hex digests; */ + /* i is the number of hex digits */ if (bn_expand(ret,i*4) == NULL) goto err; j=i; /* least significant 'hex' */ @@ -246,8 +248,9 @@ if ((a == NULL) || (*a == '\0')) return(0); if (*a == '-') { neg=1; a++; } - for (i=0; isdigit((unsigned char) a[i]); i++) - ; + for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++); + if (i > INT_MAX/4) + goto err; num=i+neg; if (bn == NULL) return(num); @@ -264,7 +267,7 @@ BN_zero(ret); } - /* i is the number of digests, a bit of an over expand; */ + /* i is the number of digits, a bit of an over expand */ if (bn_expand(ret,i*4) == NULL) goto err; j=BN_DEC_NUM-(i%BN_DEC_NUM); Index: openssl-1.0.1f/crypto/bn/bn.h =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn.h 2016-02-26 13:03:29.000095619 -0500 +++ openssl-1.0.1f/crypto/bn/bn.h 2016-02-26 13:05:46.729680720 -0500 @@ -131,6 +131,7 @@ #endif #include #include +#include #ifdef __cplusplus extern "C" { @@ -696,8 +697,17 @@ /* library internal functions */ -#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +#define bn_expand(a,bits) \ + ( \ + bits > (INT_MAX - BN_BITS2 + 1) ? \ + NULL \ + : \ + (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ + (a) \ + : \ + bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ + ) + #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) BIGNUM *bn_expand2(BIGNUM *a, int words); #ifndef OPENSSL_NO_DEPRECATED debian/patches/CVE-2016-2181-1.patch0000644000000000000000000000564612770755441013417 0ustar From fa75569758298e2930c78989b516cac937118acc Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 5 Jul 2016 11:46:26 +0100 Subject: [PATCH] Fix DTLS unprocessed records bug During a DTLS handshake we may get records destined for the next epoch arrive before we have processed the CCS. In that case we can't decrypt or verify the record yet, so we buffer it for later use. When we do receive the CCS we work through the queue of unprocessed records and process them. Unfortunately the act of processing wipes out any existing packet data that we were still working through. This includes any records from the new epoch that were in the same packet as the CCS. We should only process the buffered records if we've not got any data left. Reviewed-by: Richard Levitte --- ssl/d1_pkt.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2016-09-22 09:19:07.211419234 -0400 +++ openssl-1.0.1f/ssl/d1_pkt.c 2016-09-22 09:22:36.033951001 -0400 @@ -303,6 +303,7 @@ dtls1_process_buffered_records(SSL *s) { pitem *item; + SSL3_BUFFER *rb; item = pqueue_peek(s->d1->unprocessed_rcds.q); if (item) @@ -311,6 +312,18 @@ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) return(1); /* Nothing to do. */ + rb = &s->s3->rbuf; + + if (rb->left > 0) { + /* + * We've still got data from the current packet to read. There could + * be a record from the new epoch in it - so don't overwrite it + * with the unprocessed records yet (we'll do it when we've + * finished reading the current packet). + */ + return 1; + } + /* Process all the records. */ while (pqueue_peek(s->d1->unprocessed_rcds.q)) { @@ -564,6 +577,7 @@ rr= &(s->s3->rrec); +again: /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ if(dtls1_process_buffered_records(s)<0) @@ -574,7 +588,6 @@ return 1; /* get something from the wire */ -again: /* check if we have the header */ if ( (s->rstate != SSL_ST_READ_BODY) || (s->packet_length < DTLS1_RT_HEADER_LENGTH)) @@ -1810,8 +1823,13 @@ if (rr->epoch == s->d1->r_epoch) return &s->d1->bitmap; - /* Only HM and ALERT messages can be from the next epoch */ + /* + * Only HM and ALERT messages can be from the next epoch and only if we + * have already processed all of the unprocessed records from the last + * epoch + */ else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && + s->d1->unprocessed_rcds.epoch != s->d1->r_epoch && (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { debian/patches/CVE-2014-3571-1.patch0000644000000000000000000000272612453766111013407 0ustar From 8d7aab986b499f34d9e1bc58fbfd77f05c38116e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 3 Jan 2015 00:45:13 +0000 Subject: [PATCH] Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell --- ssl/d1_pkt.c | 2 -- ssl/s3_pkt.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2015-01-09 07:55:51.175548258 -0500 +++ openssl-1.0.1f/ssl/d1_pkt.c 2015-01-09 07:55:51.171548232 -0500 @@ -641,8 +641,6 @@ /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2015-01-09 07:55:51.175548258 -0500 +++ openssl-1.0.1f/ssl/s3_pkt.c 2015-01-09 07:55:51.175548258 -0500 @@ -182,6 +182,8 @@ * at once (as long as it fits into the buffer). */ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (left == 0 && extend) + return 0; if (left > 0 && n > left) n = left; } debian/patches/pkcs12-doc.patch0000644000000000000000000000253111575365564013526 0ustar This is another documentation issue ... apps/pkcs12.c accepts -password as an argument. The document author almost certainly meant to write "-password, -passin". However, that is not correct, either. Actually the code treats -password as equivalent to -passin, EXCEPT when -export is also specified, in which case -password as equivalent to -passout. The patch below makes this explicit. Index: openssl-1.0.0d/doc/apps/pkcs12.pod =================================================================== --- openssl-1.0.0d.orig/doc/apps/pkcs12.pod 2011-06-13 10:46:06.000000000 +0000 +++ openssl-1.0.0d/doc/apps/pkcs12.pod 2011-06-13 10:47:36.000000000 +0000 @@ -67,7 +67,7 @@ The filename to write certificates and private keys to, standard output by default. They are all written in PEM format. -=item B<-pass arg>, B<-passin arg> +=item B<-passin arg> the PKCS#12 file (i.e. input file) password source. For more information about the format of B see the B section in @@ -79,6 +79,11 @@ information about the format of B see the B section in L. +=item B<-password arg> + +With -export, -password is equivalent to -passout. +Otherwise, -password is equivalent to -passin. + =item B<-noout> this option inhibits output of the keys and certificates to the output file debian/patches/CVE-2017-3735.patch0000644000000000000000000000246313176635050013254 0ustar Backport of: From 31c8b265591a0aaa462a1f3eb5770661aaac67db Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 22 Aug 2017 11:44:41 -0400 Subject: [PATCH] Avoid out-of-bounds read Fixes CVE 2017-3735 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/4276) (cherry picked from commit b23171744b01e473ebbfd6edad70c1c3825ffbcd) --- crypto/x509v3/v3_addr.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) Index: openssl-1.0.1f/crypto/x509v3/v3_addr.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509v3/v3_addr.c 2017-11-02 11:29:28.076744546 -0400 +++ openssl-1.0.1f/crypto/x509v3/v3_addr.c 2017-11-02 11:30:25.201444247 -0400 @@ -130,12 +130,12 @@ static int length_from_afi(const unsigne */ unsigned int v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && - f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | - (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* debian/patches/defaults.patch0000644000000000000000000001011012255574770013454 0ustar From: Kurt Roeckx Subject: Change default bit size and digest Date: Fri, 01 Nov 2013 20:47:14 +0100 Index: openssl-1.0.1e/apps/openssl.cnf =================================================================== --- openssl-1.0.1e.orig/apps/openssl.cnf 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/openssl.cnf 2013-12-22 15:36:37.175274904 +0100 @@ -103,7 +103,7 @@ #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes Index: openssl-1.0.1e/crypto/dsa/dsa_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/dsa/dsa_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -628,7 +628,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 2; default: Index: openssl-1.0.1e/crypto/ec/ec_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/ec/ec_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -615,7 +615,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 2; default: Index: openssl-1.0.1e/crypto/hmac/hm_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/hmac/hm_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -89,7 +89,7 @@ switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 1; default: Index: openssl-1.0.1e/crypto/rsa/rsa_ameth.c =================================================================== --- openssl-1.0.1e.orig/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/crypto/rsa/rsa_ameth.c 2013-12-22 15:36:37.175274904 +0100 @@ -435,7 +435,7 @@ #endif case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha1; + *(int *)arg2 = NID_sha256; return 1; default: Index: openssl-1.0.1e/apps/gendh.c =================================================================== --- openssl-1.0.1e.orig/apps/gendh.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/gendh.c 2013-12-22 15:36:37.175274904 +0100 @@ -78,7 +78,7 @@ #include #include -#define DEFBITS 512 +#define DEFBITS 2048 #undef PROG #define PROG gendh_main Index: openssl-1.0.1e/apps/genrsa.c =================================================================== --- openssl-1.0.1e.orig/apps/genrsa.c 2013-12-22 15:36:37.179274819 +0100 +++ openssl-1.0.1e/apps/genrsa.c 2013-12-22 15:36:37.175274904 +0100 @@ -78,7 +78,7 @@ #include #include -#define DEFBITS 1024 +#define DEFBITS 2048 #undef PROG #define PROG genrsa_main Index: openssl-1.0.1e/apps/dhparam.c =================================================================== --- openssl-1.0.1e.orig/apps/dhparam.c 2013-12-22 15:37:05.438669443 +0100 +++ openssl-1.0.1e/apps/dhparam.c 2013-12-22 15:38:18.417105946 +0100 @@ -130,7 +130,7 @@ #undef PROG #define PROG dhparam_main -#define DEFBITS 512 +#define DEFBITS 2048 /* -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM @@ -253,7 +253,7 @@ BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); - BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); + BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif debian/patches/CVE-2018-0737-2.patch0000644000000000000000000000337213312440321013376 0ustar Backport of: From 64eb614ccc7ccf30cc412b736f509f1d82bbf897 Mon Sep 17 00:00:00 2001 From: Samuel Weiser Date: Wed, 31 Jan 2018 13:10:55 +0100 Subject: [PATCH] used ERR set/pop mark Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5170) (cherry picked from commit 011f82e66f4bf131c733fd41a8390039859aafb2) --- crypto/rsa/rsa_gen.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.1f.orig/crypto/rsa/rsa_gen.c 2018-06-20 07:54:57.862670532 -0400 +++ openssl-1.0.1f/crypto/rsa/rsa_gen.c 2018-06-20 07:55:51.518712259 -0400 @@ -137,6 +137,7 @@ static int rsa_builtin_keygen(RSA *rsa, if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; + ERR_set_mark(); if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { /* GCD == 1 since inverse exists */ @@ -147,7 +148,7 @@ static int rsa_builtin_keygen(RSA *rsa, && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { /* GCD != 1 */ - ERR_clear_error(); + ERR_pop_to_mark(); } else { @@ -176,6 +177,7 @@ static int rsa_builtin_keygen(RSA *rsa, goto err; } if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; + ERR_set_mark(); if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { /* GCD == 1 since inverse exists */ @@ -186,7 +188,7 @@ static int rsa_builtin_keygen(RSA *rsa, && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { /* GCD != 1 */ - ERR_clear_error(); + ERR_pop_to_mark(); } else { debian/patches/CVE-2016-6304.patch0000644000000000000000000000425112770760051013242 0ustar Backport of: From 2c0d295e26306e15a92eb23a84a1802005c1c137 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 9 Sep 2016 10:08:45 +0100 Subject: [PATCH] Fix OCSP Status Request extension unbounded memory growth A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. I have also checked other extensions to see if they suffer from a similar problem but I could not find any other issues. CVE-2016-6304 Issue reported by Shi Lei. Reviewed-by: Rich Salz --- ssl/t1_lib.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2016-09-22 09:40:37.747104627 -0400 +++ openssl-1.0.1f/ssl/t1_lib.c 2016-09-22 09:43:39.657337766 -0400 @@ -1284,6 +1284,25 @@ *al = SSL_AD_DECODE_ERROR; return 0; } + + /* + * We remove any OCSP_RESPIDs from a previous handshake + * to prevent unbounded memory growth - CVE-2016-6304 + */ + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, + OCSP_RESPID_free); + if (dsize > 0) + { + s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null(); + if (s->tlsext_ocsp_ids == NULL) + { + *al = SSL_AD_INTERNAL_ERROR; + return 0; + } + } else { + s->tlsext_ocsp_ids = NULL; + } + while (dsize > 0) { OCSP_RESPID *id; @@ -1316,14 +1335,6 @@ *al = SSL_AD_DECODE_ERROR; return 0; } - if (!s->tlsext_ocsp_ids - && !(s->tlsext_ocsp_ids = - sk_OCSP_RESPID_new_null())) - { - OCSP_RESPID_free(id); - *al = SSL_AD_INTERNAL_ERROR; - return 0; - } if (!sk_OCSP_RESPID_push( s->tlsext_ocsp_ids, id)) { debian/patches/req_bits.patch0000644000000000000000000000224212255633066013456 0ustar From: Kurt Roeckx Date: Sun, 22 Dec 2013 19:10:21 +0100 Subject: Use defaults bits in req when not given Bug: http://rt.openssl.org/Ticket/Display.html?id=2592&user=guest&pass=guest Index: openssl-1.0.1e/apps/req.c =================================================================== --- openssl-1.0.1e.orig/apps/req.c 2013-12-22 19:47:42.355657810 +0100 +++ openssl-1.0.1e/apps/req.c 2013-12-22 19:57:12.287547599 +0100 @@ -644,6 +644,11 @@ if (inrand) app_RAND_load_files(inrand); + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) + { + newkey=DEFAULT_KEY_LENGTH; + } + if (keyalg) { genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, @@ -652,12 +657,6 @@ goto end; } - if (newkey <= 0) - { - if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) - newkey=DEFAULT_KEY_LENGTH; - } - if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); @@ -1649,6 +1648,8 @@ keylen = atol(p + 1); *pkeylen = keylen; } + else + keylen = *pkeylen; } else if (p) paramfile = p + 1; debian/patches/block_diginotar.patch0000644000000000000000000000376411632637645015017 0ustar From: Raphael Geissert Description: make X509_verify_cert indicate that any certificate whose name contains "DigiNotar" is revoked. Forwarded: not-needed Origin: vendor Last-Update: 2011-09-08 Bug: http://bugs.debian.org/639744 Reviewed-by: Kurt Roeckx Reviewed-by: Dr Stephen N Henson This is not meant as final patch. Index: openssl-1.0.0d/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.0d.orig/crypto/x509/x509_vfy.c +++ openssl-1.0.0d/crypto/x509/x509_vfy.c @@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *c static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); +static int check_ca_blacklist(X509_STORE_CTX *ctx); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, @@ -374,6 +375,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx ok=internal_verify(ctx); if(!ok) goto end; + ok = check_ca_blacklist(ctx); + if(!ok) goto end; + #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); @@ -820,6 +824,29 @@ static int check_crl_time(X509_STORE_CTX return 1; } +static int check_ca_blacklist(X509_STORE_CTX *ctx) + { + X509 *x; + int i; + /* Check all certificates against the blacklist */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); + /* Mark DigiNotar certificates as revoked, no matter + * where in the chain they are. + */ + if (x->name && strstr(x->name, "DigiNotar")) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; + ctx->current_cert = x; + if (!ctx->verify_cb(0,ctx)) + return 0; + } + } + return 1; + } + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 **pissuer, int *pscore, unsigned int *preasons, STACK_OF(X509_CRL) *crls) debian/patches/CVE-2014-0195.patch0000644000000000000000000000175712343104256013245 0ustar commit 208d54db20d58c9a5e45e856a0650caadd7d9612 Author: Dr. Stephen Henson Date: Tue May 13 18:48:31 2014 +0100 Fix for CVE-2014-0195 A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Fixed by adding consistency check for DTLS fragments. Thanks to Jüri Aedla for reporting this issue. diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2e8cf68..07f67f8 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. debian/patches/ppc64-support0000644000000000000000000003230312263334623013213 0ustar --- a/Configure +++ b/Configure @@ -373,6 +373,7 @@ "debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -403,6 +404,7 @@ #### "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --- a/crypto/aes/asm/aes-ppc.pl +++ b/crypto/aes/asm/aes-ppc.pl @@ -45,6 +45,12 @@ $PUSH ="stw"; } else { die "nonsense $flavour"; } +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T == 4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -365,16 +371,60 @@ bne Lenc_unaligned Lenc_unaligned_ok: +___ +$code.=<<___ if (!$LITTLE_ENDIAN); lwz $s0,0($inp) lwz $s1,4($inp) lwz $s2,8($inp) lwz $s3,12($inp) +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $t0,0($inp) + lwz $t1,4($inp) + lwz $t2,8($inp) + lwz $t3,12($inp) + rotlwi $s0,$t0,8 + rotlwi $s1,$t1,8 + rotlwi $s2,$t2,8 + rotlwi $s3,$t3,8 + rlwimi $s0,$t0,24,0,7 + rlwimi $s1,$t1,24,0,7 + rlwimi $s2,$t2,24,0,7 + rlwimi $s3,$t3,24,0,7 + rlwimi $s0,$t0,24,16,23 + rlwimi $s1,$t1,24,16,23 + rlwimi $s2,$t2,24,16,23 + rlwimi $s3,$t3,24,16,23 +___ +$code.=<<___; bl LAES_Te bl Lppc_AES_encrypt_compact +___ +$code.=<<___ if ($LITTLE_ENDIAN); + rotlwi $t0,$s0,8 + rotlwi $t1,$s1,8 + rotlwi $t2,$s2,8 + rotlwi $t3,$s3,8 + rlwimi $t0,$s0,24,0,7 + rlwimi $t1,$s1,24,0,7 + rlwimi $t2,$s2,24,0,7 + rlwimi $t3,$s3,24,0,7 + rlwimi $t0,$s0,24,16,23 + rlwimi $t1,$s1,24,16,23 + rlwimi $t2,$s2,24,16,23 + rlwimi $t3,$s3,24,16,23 + stw $t0,0($out) + stw $t1,4($out) + stw $t2,8($out) + stw $t3,12($out) +___ +$code.=<<___ if (!$LITTLE_ENDIAN); stw $s0,0($out) stw $s1,4($out) stw $s2,8($out) stw $s3,12($out) +___ +$code.=<<___; b Lenc_done Lenc_unaligned: @@ -799,16 +849,60 @@ bne Ldec_unaligned Ldec_unaligned_ok: +___ +$code.=<<___ if (!$LITTLE_ENDIAN); lwz $s0,0($inp) lwz $s1,4($inp) lwz $s2,8($inp) lwz $s3,12($inp) +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $t0,0($inp) + lwz $t1,4($inp) + lwz $t2,8($inp) + lwz $t3,12($inp) + rotlwi $s0,$t0,8 + rotlwi $s1,$t1,8 + rotlwi $s2,$t2,8 + rotlwi $s3,$t3,8 + rlwimi $s0,$t0,24,0,7 + rlwimi $s1,$t1,24,0,7 + rlwimi $s2,$t2,24,0,7 + rlwimi $s3,$t3,24,0,7 + rlwimi $s0,$t0,24,16,23 + rlwimi $s1,$t1,24,16,23 + rlwimi $s2,$t2,24,16,23 + rlwimi $s3,$t3,24,16,23 +___ +$code.=<<___; bl LAES_Td bl Lppc_AES_decrypt_compact +___ +$code.=<<___ if ($LITTLE_ENDIAN); + rotlwi $t0,$s0,8 + rotlwi $t1,$s1,8 + rotlwi $t2,$s2,8 + rotlwi $t3,$s3,8 + rlwimi $t0,$s0,24,0,7 + rlwimi $t1,$s1,24,0,7 + rlwimi $t2,$s2,24,0,7 + rlwimi $t3,$s3,24,0,7 + rlwimi $t0,$s0,24,16,23 + rlwimi $t1,$s1,24,16,23 + rlwimi $t2,$s2,24,16,23 + rlwimi $t3,$s3,24,16,23 + stw $t0,0($out) + stw $t1,4($out) + stw $t2,8($out) + stw $t3,12($out) +___ +$code.=<<___ if (!$LITTLE_ENDIAN); stw $s0,0($out) stw $s1,4($out) stw $s2,8($out) stw $s3,12($out) +___ +$code.=<<___; b Ldec_done Ldec_unaligned: --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -27,7 +27,8 @@ /osx/ && do { $name = "_$name"; last; }; - /linux.*32/ && do { $ret .= ".globl $name\n"; + /linux.*32/ || + /linux.*64le/ && do { $ret .= ".globl $name\n"; $ret .= ".type $name,\@function"; last; }; @@ -62,7 +63,7 @@ ".machine $arch"; }; my $size = sub { - if ($flavour =~ /linux.*32/) + if ($flavour =~ /linux.*32/ || $flavour =~ /linux.*64le/) { shift; ".size " . join(",",@_); } @@ -77,6 +78,25 @@ else { ""; } }; +my $quad = sub { + shift; + my @ret; + my ($hi,$lo); + for (@_) { + if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io) + { $hi=$1?"0x$1":"0"; $lo="0x$2"; } + elsif (/^([0-9]+)$/o) + { $hi=$1>>32; $lo=$1&0xffffffff; } # error-prone with 32-bit perl + else + { $hi=undef; $lo=$_; } + + if (defined($hi)) + { push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo"); } + else + { push(@ret,".quad $lo"); } + } + join("\n",@ret); +}; ################################################################ # simplified mnemonics not handled by at least one assembler --- a/crypto/sha/asm/sha1-ppc.pl +++ b/crypto/sha/asm/sha1-ppc.pl @@ -38,6 +38,14 @@ $PUSH ="stw"; } else { die "nonsense $flavour"; } +# Define endianess based on flavour +# i.e.: linux64le +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T == 4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -68,14 +76,28 @@ @X=("r16","r17","r18","r19","r20","r21","r22","r23", "r24","r25","r26","r27","r28","r29","r30","r31"); +sub loadbe { +my ($dst, $src, $temp_reg) = @_; +$code.=<<___ if (!$LITTLE_ENDIAN); + lwz $dst,$src +___ +$code.=<<___ if ($LITTLE_ENDIAN); + lwz $temp_reg,$src + rotlwi $dst,$temp_reg,8 + rlwimi $dst,$temp_reg,24,0,7 + rlwimi $dst,$temp_reg,24,16,23 +___ +} + sub BODY_00_19 { my ($i,$a,$b,$c,$d,$e,$f)=@_; my $j=$i+1; -$code.=<<___ if ($i==0); - lwz @X[$i],`$i*4`($inp) -___ + + # Since the last value of $f is discarded, we can use + # it as a temp reg to swap byte-order when needed. + loadbe("@X[$i]","`$i*4`($inp)",$f) if ($i==0); + loadbe("@X[$j]","`$j*4`($inp)",$f) if ($i<15); $code.=<<___ if ($i<15); - lwz @X[$j],`$j*4`($inp) add $f,$K,$e rotlwi $e,$a,5 add $f,$f,@X[$i] --- a/crypto/sha/asm/sha512-ppc.pl +++ b/crypto/sha/asm/sha512-ppc.pl @@ -56,6 +56,12 @@ $PUSH="stw"; } else { die "nonsense $flavour"; } +$LITTLE_ENDIAN=0; +if ($flavour =~ /le$/) { + die "little-endian is 64-bit only: $flavour" if ($SIZE_T==4); + $LITTLE_ENDIAN=1; +} + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or @@ -314,16 +320,33 @@ Lsha2_block_private: ___ for($i=0;$i<16;$i++) { -$code.=<<___ if ($SZ==4); +$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN); lwz @X[$i],`$i*$SZ`($inp) ___ +$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN); + lwz $a0,`$i*$SZ`($inp) + rotlwi @X[$i],$a0,8 + rlwimi @X[$i],$a0,24,0,7 + rlwimi @X[$i],$a0,24,16,23 +___ # 64-bit loads are split to 2x32-bit ones, as CPU can't handle # unaligned 64-bit loads, only 32-bit ones... -$code.=<<___ if ($SZ==8); +$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN); lwz $t0,`$i*$SZ`($inp) lwz @X[$i],`$i*$SZ+4`($inp) insrdi @X[$i],$t0,32,0 ___ +$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN); + lwz $a0,`$i*$SZ`($inp) + lwz $a1,`$i*$SZ+4`($inp) + rotlwi $t0,$a0,8 + rotlwi @X[$i],$a1,8 + rlwimi $t0,$a0,24,0,7 + rlwimi @X[$i],$a1,24,0,7 + rlwimi $t0,$a0,24,16,23 + rlwimi @X[$i],$a1,24,16,23 + insrdi @X[$i],$t0,32,0 +___ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); } @@ -395,46 +418,46 @@ .space `64-9*4` ___ $code.=<<___ if ($SZ==8); - .long 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd - .long 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc - .long 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 - .long 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 - .long 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe - .long 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 - .long 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 - .long 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 - .long 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 - .long 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 - .long 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 - .long 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 - .long 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 - .long 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 - .long 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 - .long 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 - .long 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 - .long 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df - .long 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 - .long 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b - .long 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 - .long 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 - .long 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 - .long 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 - .long 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 - .long 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 - .long 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb - .long 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 - .long 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 - .long 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec - .long 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 - .long 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b - .long 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 - .long 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 - .long 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 - .long 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b - .long 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 - .long 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c - .long 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a - .long 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 ___ $code.=<<___ if ($SZ==4); .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 debian/patches/disable_export_ciphers.patch0000644000000000000000000000655312531610326016367 0ustar Backport of: From bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Wed, 4 Mar 2015 21:57:52 +0100 Subject: [PATCH] Remove export ciphers from the DEFAULT cipher list They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz (cherry picked from commit f417997a324037025be61737288e40e171a8218c) Conflicts: ssl/ssl_ciph.c --- CHANGES | 3 ++- doc/apps/ciphers.pod | 4 ++-- ssl/ssl.h | 2 +- ssl/ssl_ciph.c | 11 ++++++++--- 4 files changed, 13 insertions(+), 7 deletions(-) Index: openssl-1.0.1f/doc/apps/ciphers.pod =================================================================== --- openssl-1.0.1f.orig/doc/apps/ciphers.pod 2015-05-28 08:47:12.077612651 -0400 +++ openssl-1.0.1f/doc/apps/ciphers.pod 2015-05-28 08:47:12.073612606 -0400 @@ -109,8 +109,8 @@ =item B -the default cipher list. This is determined at compile time and, as of OpenSSL -1.0.0, is normally B. This must be the first cipher string +the default cipher list. This is determined at compile time and +is normally B. This must be the firstcipher string specified. =item B Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2015-05-28 08:47:12.077612651 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2015-05-28 08:47:47.574020013 -0400 @@ -332,7 +332,7 @@ /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ -#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is * throwing out anonymous and unencrypted ciphersuites! Index: openssl-1.0.1f/ssl/ssl_ciph.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_ciph.c 2015-05-28 08:47:12.077612651 -0400 +++ openssl-1.0.1f/ssl/ssl_ciph.c 2015-05-28 08:49:33.907305008 -0400 @@ -230,8 +230,7 @@ {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ - {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, - + {0,SSL_TXT_CMPDEF,0,0,SSL_aNULL,~SSL_eNULL,0,~SSL_SSLV2,SSL_EXP_MASK,0,0,0}, /* key exchange aliases * (some of those using only a single bit here combine * multiple key exchange algs according to the RFCs, @@ -975,7 +974,10 @@ #ifdef CIPHER_DEBUG printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif - + if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) + goto ok; + if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) + goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -992,6 +994,8 @@ continue; } + ok: + #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif debian/patches/CVE-2014-3513.patch0000644000000000000000000002111312417524420013227 0ustar Description: fix denial of service via DTLS SRTP memory leak Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2b0532f3984324ebe1236a63d15893792384328d Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d9d09a8d0f2a42d02e9a4b11a9ac395a0e15b8ba Index: openssl-1.0.1f/ssl/d1_srtp.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_srtp.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/d1_srtp.c 2014-10-15 12:53:03.860107635 -0400 @@ -168,25 +168,6 @@ return 1; } -static int find_profile_by_num(unsigned profile_num, - SRTP_PROTECTION_PROFILE **pptr) - { - SRTP_PROTECTION_PROFILE *p; - - p=srtp_known_profiles; - while(p->name) - { - if(p->id == profile_num) - { - *pptr=p; - return 0; - } - p++; - } - - return 1; - } - static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; @@ -209,11 +190,19 @@ if(!find_profile_by_name(ptr,&p, col ? col-ptr : (int)strlen(ptr))) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0) + { + SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } + sk_SRTP_PROTECTION_PROFILE_push(profiles,p); } else { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); + sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } @@ -305,13 +294,12 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) { - SRTP_PROTECTION_PROFILE *cprof,*sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; + SRTP_PROTECTION_PROFILE *sprof; + STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; int ct; int mki_len; - int i,j; - int id; - int ret; + int i, srtp_pref; + unsigned int id; /* Length value + the MKI length */ if(len < 3) @@ -341,22 +329,32 @@ return 1; } + srvr=SSL_get_srtp_profiles(s); + s->srtp_profile = NULL; + /* Search all profiles for a match initially */ + srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); - clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); - while(ct) { n2s(d,id); ct-=2; len-=2; - if(!find_profile_by_num(id,&cprof)) + /* + * Only look for match in profiles of higher preference than + * current match. + * If no profiles have been have been configured then this + * does nothing. + */ + for (i = 0; i < srtp_pref; i++) { - sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); - } - else - { - ; /* Ignore */ + sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + if (sprof->id == id) + { + s->srtp_profile = sprof; + srtp_pref = i; + break; + } } } @@ -371,36 +369,7 @@ return 1; } - srvr=SSL_get_srtp_profiles(s); - - /* Pick our most preferred profile. If no profiles have been - configured then the outer loop doesn't run - (sk_SRTP_PROTECTION_PROFILE_num() = -1) - and so we just return without doing anything */ - for(i=0;iid==sprof->id) - { - s->srtp_profile=sprof; - *al=0; - ret=0; - goto done; - } - } - } - - ret=0; - -done: - if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); - - return ret; + return 0; } int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) Index: openssl-1.0.1f/ssl/srtp.h =================================================================== --- openssl-1.0.1f.orig/ssl/srtp.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/ssl/srtp.h 2014-10-15 12:53:06.376128623 -0400 @@ -130,6 +130,8 @@ #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +#ifndef OPENSSL_NO_SRTP + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); @@ -137,6 +139,8 @@ STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +#endif + #ifdef __cplusplus } #endif Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2014-10-15 12:52:44.047942358 -0400 +++ openssl-1.0.1f/ssl/t1_lib.c 2014-10-15 12:53:03.860107635 -0400 @@ -642,7 +642,7 @@ #endif #ifndef OPENSSL_NO_SRTP - if(SSL_get_srtp_profiles(s)) + if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -776,7 +776,7 @@ #endif #ifndef OPENSSL_NO_SRTP - if(s->srtp_profile) + if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1414,7 +1414,8 @@ /* session ticket processed earlier */ #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) + && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) @@ -1669,7 +1670,7 @@ } #endif #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) Index: openssl-1.0.1f/util/mk1mf.pl =================================================================== --- openssl-1.0.1f.orig/util/mk1mf.pl 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/util/mk1mf.pl 2014-10-15 12:53:06.376128623 -0400 @@ -1145,6 +1145,7 @@ "dll" => \$shlib, "shared" => 0, "no-sctp" => 0, + "no-srtp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, Index: openssl-1.0.1f/util/mkdef.pl =================================================================== --- openssl-1.0.1f.orig/util/mkdef.pl 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/util/mkdef.pl 2014-10-15 12:54:39.288903422 -0400 @@ -115,6 +115,8 @@ "DEPRECATED", # Hide SSL internals "SSL_INTERN", + # SRTP + "SRTP", # SCTP "SCTP"); @@ -136,7 +138,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; -my $no_nextprotoneg; my $no_sctp; +my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $fips; @@ -235,6 +237,7 @@ elsif (/^no-jpake$/) { $no_jpake=1; } elsif (/^no-srp$/) { $no_srp=1; } elsif (/^no-sctp$/) { $no_sctp=1; } + elsif (/^no-srtp$/) { $no_srtp=1; } } @@ -1205,6 +1208,7 @@ if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "SCTP" && $no_sctp) { return 0; } + if ($keyword eq "SRTP" && $no_srtp) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true Index: openssl-1.0.1f/util/ssleay.num =================================================================== --- openssl-1.0.1f.orig/util/ssleay.num 2014-01-06 09:35:56.000000000 -0500 +++ openssl-1.0.1f/util/ssleay.num 2014-10-15 12:53:06.380128656 -0400 @@ -309,14 +309,14 @@ SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT -SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION: +SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_selected_srtp_profile 357 EXIST::FUNCTION: -SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION: +SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP +SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_srtp_profiles 360 EXIST::FUNCTION: +SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: debian/patches/CVE-2014-3509.patch0000644000000000000000000000353612370665321013251 0ustar From 86788e1ee6908a5b3a4c95fa80caa4b724a8a434 Mon Sep 17 00:00:00 2001 From: Gabor Tyukasz Date: Wed, 23 Jul 2014 23:42:06 +0200 Subject: [PATCH] Fix race condition in ssl_parse_serverhello_tlsext CVE-2014-3509 Reviewed-by: Tim Hudson Reviewed-by: Dr. Stephen Henson --- ssl/t1_lib.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) Index: openssl-1.0.1f/ssl/t1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/t1_lib.c 2014-08-07 08:02:23.110813696 -0400 +++ openssl-1.0.1f/ssl/t1_lib.c 2014-08-07 08:02:23.106813696 -0400 @@ -1526,15 +1526,18 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s->hit) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + s->session->tlsext_ecpointformatlist_length = 0; + if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); sdata = s->session->tlsext_ecpointformatlist; debian/patches/alt-cert-chains-7.patch0000644000000000000000000001333412655210242014763 0ustar Backport of: From b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 25 Jun 2015 09:47:15 +0100 Subject: [PATCH] Reject calls to X509_verify_cert that have not been reinitialised The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: Stephen Henson --- crypto/x509/x509_vfy.c | 22 ++++++++++++++-------- doc/crypto/X509_STORE_CTX_new.pod | 13 +++++++++---- doc/crypto/X509_verify_cert.pod | 3 ++- 3 files changed, 25 insertions(+), 13 deletions(-) Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2016-02-05 16:10:38.163688817 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2016-02-05 16:12:38.097040833 -0500 @@ -166,21 +166,26 @@ return -1; } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We + * cannot do another one. + */ + X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } + cb=ctx->verify_cb; /* first we make sure the chain we are going to build is * present and that the first entry is in place */ - if (ctx->chain == NULL) - { - if ( ((ctx->chain=sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain,ctx->cert))) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); - ctx->last_untrusted=1; - } + if (((ctx->chain = sk_X509_new_null()) == NULL) || + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto end; + } + CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ if (ctx->untrusted != NULL Index: openssl-1.0.1f/doc/crypto/X509_STORE_CTX_new.pod =================================================================== --- openssl-1.0.1f.orig/doc/crypto/X509_STORE_CTX_new.pod 2016-02-05 16:10:38.163688817 -0500 +++ openssl-1.0.1f/doc/crypto/X509_STORE_CTX_new.pod 2016-02-05 16:10:38.163688817 -0500 @@ -39,10 +39,15 @@ is no longer valid. X509_STORE_CTX_init() sets up B for a subsequent verification operation. -The trusted certificate store is set to B, the end entity certificate -to be verified is set to B and a set of additional certificates (which -will be untrusted but may be used to build the chain) in B. Any or -all of the B, B and B parameters can be B. +It must be called before each call to X509_verify_cert(), i.e. a B is only +good for one call to X509_verify_cert(); if you want to verify a second +certificate with the same B then you must call X509_XTORE_CTX_cleanup() +and then X509_STORE_CTX_init() again before the second call to +X509_verify_cert(). The trusted certificate store is set to B, the end +entity certificate to be verified is set to B and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +B. Any or all of the B, B and B parameters can be +B. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates Index: openssl-1.0.1f/doc/crypto/X509_verify_cert.pod =================================================================== --- openssl-1.0.1f.orig/doc/crypto/X509_verify_cert.pod 2016-02-05 16:10:38.163688817 -0500 +++ openssl-1.0.1f/doc/crypto/X509_verify_cert.pod 2016-02-05 16:10:38.163688817 -0500 @@ -32,7 +32,8 @@ SSL/TLS code. The negative return value from X509_verify_cert() can only occur if no -certificate is set in B (due to a programming error) or if a retry +certificate is set in B (due to a programming error); if X509_verify_cert() +twice without reinitialising B in between; or if a retry operation is requested during internal lookups (which never happens with standard lookup methods). It is however recommended that application check for <= 0 return value on error. debian/patches/CVE-2014-0221.patch0000644000000000000000000000205612343104265013224 0ustar commit d30e582446b027868cdabd0994681643682045a4 Author: Dr. Stephen Henson Date: Fri May 16 13:00:45 2014 +0100 Fix CVE-2014-0221 Unnecessary recursion when receiving a DTLS hello request can be used to crash a DTLS client. Fixed by handling DTLS hello request without recursion. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 07f67f8..4c2fd03 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { debian/patches/CVE-2014-3512.patch0000644000000000000000000000231412370665363013242 0ustar From 966fe81f9befbff62522a158006fb03050a868df Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 31 Jul 2014 20:56:22 +0100 Subject: [PATCH] Fix SRP buffer overrun vulnerability. Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue. Reviewed-by: Kurt Roeckx --- crypto/srp/srp_lib.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 7c1dcc5..83d417a 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -89,6 +89,9 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) int longg ; int longN = BN_num_bytes(N); + if (BN_ucmp(g, N) >= 0) + return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) return NULL; BN_bn2bin(N,tmp) ; @@ -121,6 +124,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) if ((A == NULL) ||(B == NULL) || (N == NULL)) return NULL; + if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0) + return NULL; + longN= BN_num_bytes(N); if ((cAB = OPENSSL_malloc(2*longN)) == NULL) -- 1.7.9.5 debian/patches/CVE-2018-0732.patch0000644000000000000000000000236413312437612013243 0ustar Backport of: From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Mon, 11 Jun 2018 19:38:54 +0200 Subject: [PATCH] Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6457) --- crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/dh/dh_key.c =================================================================== --- openssl-1.0.1f.orig/crypto/dh/dh_key.c 2018-06-20 07:49:25.974412510 -0400 +++ openssl-1.0.1f/crypto/dh/dh_key.c 2018-06-20 07:50:15.734451184 -0400 @@ -119,10 +119,16 @@ static int generate_key(DH *dh) int ok=0; int generate_new_key=0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; debian/patches/CVE-2014-3506.patch0000644000000000000000000000605712370664757013263 0ustar From fc7804ec392fcf8051abe6bc9da9108744d2ae35 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 6 Jun 2014 14:25:52 -0700 Subject: [PATCH] Fix DTLS handshake message size checks. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: Emilia Käsper --- ssl/d1_both.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 6559dfc..b9e15df 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -587,6 +587,16 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) return 0; } +/* dtls1_max_handshake_message_len returns the maximum number of bytes + * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may + * be greater if the maximum certificate list size requires it. */ +static unsigned long dtls1_max_handshake_message_len(const SSL *s) + { + unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < (unsigned long)s->max_cert_list) + return s->max_cert_list; + return max_len; + } static int dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) @@ -595,20 +605,10 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) pitem *item = NULL; int i = -1, is_complete; unsigned char seq64be[8]; - unsigned long frag_len = msg_hdr->frag_len, max_len; - - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) - goto err; - - /* Determine maximum allowed message size. Depends on (user set) - * maximum certificate length, but 16k is minimum. - */ - if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list) - max_len = s->max_cert_list; - else - max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + unsigned long frag_len = msg_hdr->frag_len; - if ((msg_hdr->frag_off+frag_len) > max_len) + if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len || + msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) goto err; /* Try to find item in queue */ @@ -749,6 +749,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) if (frag_len && frag_len < msg_hdr->msg_len) return dtls1_reassemble_fragment(s, msg_hdr, ok); + if (frag_len > dtls1_max_handshake_message_len(s)) + goto err; + frag = dtls1_hm_fragment_new(frag_len, 0); if ( frag == NULL) goto err; -- 1.7.9.5 debian/patches/CVE-2015-3196.patch0000644000000000000000000000525112630311460013237 0ustar Backport of: From d6be3124f22870f1888c532523b74ea5d89795eb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 1 Jul 2015 23:40:03 +0100 Subject: [PATCH] Fix PSK handling. The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Use BUF_strndup when copying identity as it may not be null terminated. Reviewed-by: Tim Hudson (cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c) --- ssl/s3_clnt.c | 17 +++-------------- ssl/s3_srvr.c | 2 +- 2 files changed, 4 insertions(+), 15 deletions(-) Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2015-12-04 07:38:53.628018434 -0500 +++ openssl-1.0.1f/ssl/s3_clnt.c 2015-12-04 07:53:26.769639822 -0500 @@ -1374,8 +1374,6 @@ #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { - char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; - al=SSL_AD_HANDSHAKE_FAILURE; n2s(p,i); param_len=i+2; @@ -1396,16 +1394,8 @@ SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } - /* If received PSK identity hint contains NULL - * characters, the hint is truncated from the first - * NULL. p may not be ending with NULL, so create a - * NULL-terminated string. */ - memcpy(tmp_id_hint, p, i); - memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); - s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); - if (s->ctx->psk_identity_hint == NULL) + s->session->psk_identity_hint = BUF_strndup((char *)p, i); + if (s->session->psk_identity_hint == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2905,7 +2895,7 @@ goto err; } - psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, + psk_len = s->psk_client_callback(s, s->session->psk_identity_hint, identity, PSK_MAX_IDENTITY_LEN, psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) Index: openssl-1.0.1f/ssl/s3_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_srvr.c 2015-12-04 07:38:53.628018434 -0500 +++ openssl-1.0.1f/ssl/s3_srvr.c 2015-12-04 07:54:22.058248733 -0500 @@ -2733,7 +2733,7 @@ if (s->session->psk_identity != NULL) OPENSSL_free(s->session->psk_identity); - s->session->psk_identity = BUF_strdup((char *)p); + s->session->psk_identity = BUF_strndup((char *)p, i); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, debian/patches/CVE-2016-0705.patch0000644000000000000000000000342512664061610013240 0ustar Backport of: From ccb2a614074ee15c0fbbb9dd49e3cd258d68380a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 18 Feb 2016 12:47:23 +0000 Subject: [PATCH] Fix double free in DSA private key parsing. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Fix double free bug when parsing malformed DSA private keys. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. CVE-2016-0705 Reviewed-by: Emilia Käsper (cherry picked from commit 6c88c71b4e4825c7bc0489306d062d017634eb88) --- crypto/dsa/dsa_ameth.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ameth.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ameth.c 2016-02-26 09:35:37.374651903 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_ameth.c 2016-02-26 09:38:18.028130474 -0500 @@ -201,6 +201,8 @@ STACK_OF(ASN1_TYPE) *ndsa = NULL; DSA *dsa = NULL; + int ret = 0; + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); @@ -281,23 +283,21 @@ } EVP_PKEY_assign_DSA(pkey, dsa); - BN_CTX_free (ctx); - if(ndsa) - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - else - ASN1_INTEGER_free(privkey); - return 1; + ret = 1; + goto done; decerr: DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); dsaerr: + DSA_free(dsa); + done: BN_CTX_free (ctx); - if (privkey) + if (ndsa) + sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + else ASN1_INTEGER_free(privkey); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - DSA_free(dsa); - return 0; + return ret; } static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) debian/patches/rehash-crt.patch0000644000000000000000000000235511501173436013704 0ustar Index: openssl-1.0.0c/tools/c_rehash.in =================================================================== --- openssl-1.0.0c.orig/tools/c_rehash.in 2010-04-15 01:07:28.000000000 +0200 +++ openssl-1.0.0c/tools/c_rehash.in 2010-12-12 17:10:51.000000000 +0100 @@ -75,12 +75,15 @@ } } closedir DIR; - FILE: foreach $fname (grep {/\.pem$/} @flist) { + FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; + ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); @@ -153,6 +156,9 @@ my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; + if(!$hash || !fprint) { + ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`; + } chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; debian/patches/CVE-2016-2183.patch0000644000000000000000000000735712770757216013266 0ustar Backport of: From e95f5e03f6f1f8d3f6cbe4b7fa48e57b4cf8fd60 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 18 Aug 2016 09:26:52 -0400 Subject: [PATCH] SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Viktor Dukhovni Reviewed-by: Emilia Käsper (cherry picked from commit 0fff5065884d5ac61123a604bbcee30a53c808ff) --- CHANGES | 4 +++- ssl/s3_lib.c | 34 +++++++++++++++++----------------- 2 files changed, 20 insertions(+), 18 deletions(-) Index: openssl-1.0.1f/ssl/s3_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_lib.c 2016-09-22 09:34:26.874529107 -0400 +++ openssl-1.0.1f/ssl/s3_lib.c 2016-09-22 09:36:31.876074913 -0400 @@ -326,7 +326,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -375,7 +375,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -423,7 +423,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -472,7 +472,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -520,7 +520,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -600,7 +600,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -685,7 +685,7 @@ SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -749,7 +749,7 @@ SSL_3DES, SSL_MD5, SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -1683,7 +1683,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2060,7 +2060,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2140,7 +2140,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2220,7 +2220,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2300,7 +2300,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2380,7 +2380,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, + SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2430,7 +2430,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2446,7 +2446,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, @@ -2462,7 +2462,7 @@ SSL_3DES, SSL_SHA1, SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, + SSL_NOT_EXP|SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, 168, 168, debian/patches/CVE-2016-2182.patch0000644000000000000000000000362512770756725013263 0ustar Backport of: From 28a89639da50b1caed4ff3015508f23173bf3e49 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 5 Aug 2016 14:26:03 +0100 Subject: [PATCH] Check for errors in BN_bn2dec() If an oversize BIGNUM is presented to BN_bn2dec() it can cause BN_div_word() to fail and not reduce the value of 't' resulting in OOB writes to the bn_data buffer and eventually crashing. Fix by checking return value of BN_div_word() and checking writes don't overflow buffer. Thanks to Shi Lei for reporting this bug. CVE-2016-2182 Reviewed-by: Tim Hudson (cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34) Conflicts: crypto/bn/bn_print.c --- crypto/bn/bn_print.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/bn/bn_print.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_print.c 2016-09-22 09:32:18.388936033 -0400 +++ openssl-1.0.1f/crypto/bn/bn_print.c 2016-09-22 09:33:51.318088684 -0400 @@ -108,6 +108,7 @@ char *p; BIGNUM *t=NULL; BN_ULONG *bn_data=NULL,*lp; + int bn_data_num; /* get an upper bound for the length of the decimal integer * num <= (BN_num_bits(a) + 1) * log(2) @@ -116,8 +117,9 @@ */ i=BN_num_bits(a)*3; num=(i/10+i/1000+1)+1; - bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); - buf=(char *)OPENSSL_malloc(num+3); + bn_data_num = num / BN_DEC_NUM + 1; + bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); + buf = OPENSSL_malloc(num + 3); if ((buf == NULL) || (bn_data == NULL)) { BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); @@ -142,7 +144,11 @@ while (!BN_is_zero(t)) { *lp=BN_div_word(t,BN_DEC_CONV); + if (*lp == (BN_ULONG)-1) + goto err; lp++; + if (lp - bn_data >= bn_data_num) + goto err; } lp--; /* We now have a series of blocks, BN_DEC_NUM chars debian/patches/CVE-2016-0702.patch0000644000000000000000000007517712664114423013253 0ustar Description: fix side channel attack on modular exponentiation Origin: backported from patch by Andy Polyakov Index: openssl-1.0.1f/crypto/bn/asm/x86_64-mont5.pl =================================================================== --- openssl-1.0.1f.orig/crypto/bn/asm/x86_64-mont5.pl 2016-02-26 13:15:58.121324913 -0500 +++ openssl-1.0.1f/crypto/bn/asm/x86_64-mont5.pl 2016-02-26 13:15:58.117324861 -0500 @@ -66,60 +66,113 @@ .align 16 .Lmul_enter: mov ${num}d,${num}d - mov `($win64?56:8)`(%rsp),%r10d # load 7th argument + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 push %rbx push %rbp push %r12 push %r13 push %r14 push %r15 -___ -$code.=<<___ if ($win64); - lea -0x28(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + .Lmul_alloca: -___ -$code.=<<___; mov %rsp,%rax lea 2($num),%r11 neg %r11 - lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)) + lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8) and \$-1024,%rsp # minimize TLB usage mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp .Lmul_body: - mov $bp,%r12 # reassign $bp + lea 128($bp),%r12 # reassign $bp (+size optimization) ___ $bp="%r12"; $STRIDE=2**5*8; # 5 is "window size" $N=$STRIDE/4; # should match cache line size $code.=<<___; - mov %r10,%r11 - shr \$`log($N/8)/log(2)`,%r10 - and \$`$N/8-1`,%r11 - not %r10 - lea .Lmagic_masks(%rip),%rax - and \$`2**5/($N/8)-1`,%r10 # 5 is "window size" - lea 96($bp,%r11,8),$bp # pointer within 1st cache line - movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which - movq 8(%rax,%r10,8),%xmm5 # cache line contains element - movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument - movq 24(%rax,%r10,8),%xmm7 - - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) + and \$-16,%r10 + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - movq %xmm0,$m0 # m0=bp[0] mov ($n0),$n0 # pull n0[0] value @@ -128,29 +181,14 @@ xor $i,$i # i=0 xor $j,$j # j=0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mov $n0,$m1 mulq $m0 # ap[0]*bp[0] mov %rax,$lo0 mov ($np),%rax - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $lo0,$m1 # "tp[0]"*n0 mov %rdx,$hi0 - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$lo0 # discarded mov 8($ap),%rax @@ -183,8 +221,6 @@ cmp $num,$j jne .L1st - movq %xmm0,$m0 # bp[1] - add %rax,$hi1 mov ($ap),%rax # ap[0] adc \$0,%rdx @@ -204,33 +240,46 @@ jmp .Louter .align 16 .Louter: + lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + and \$-16,%rdx + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movq %xmm0,$m0 # m0=bp[i] + xor $j,$j # j=0 mov $n0,$m1 mov (%rsp),$lo0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mulq $m0 # ap[0]*bp[i] add %rax,$lo0 # ap[0]*bp[i]+tp[0] mov ($np),%rax adc \$0,%rdx - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $lo0,$m1 # tp[0]*n0 mov %rdx,$hi0 - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$lo0 # discarded mov 8($ap),%rax @@ -266,8 +315,6 @@ cmp $num,$j jne .Linner - movq %xmm0,$m0 # bp[i+1] - add %rax,$hi1 mov ($ap),%rax # ap[0] adc \$0,%rdx @@ -321,13 +368,7 @@ mov 8(%rsp,$num,8),%rsi # restore %rsp mov \$1,%rax -___ -$code.=<<___ if ($win64); - movaps (%rsi),%xmm6 - movaps 0x10(%rsi),%xmm7 - lea 0x28(%rsi),%rsi -___ -$code.=<<___; + mov (%rsi),%r15 mov 8(%rsi),%r14 mov 16(%rsi),%r13 @@ -348,91 +389,130 @@ bn_mul4x_mont_gather5: .Lmul4x_enter: mov ${num}d,${num}d - mov `($win64?56:8)`(%rsp),%r10d # load 7th argument + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 push %rbx push %rbp push %r12 push %r13 push %r14 push %r15 -___ -$code.=<<___ if ($win64); - lea -0x28(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + .Lmul4x_alloca: -___ -$code.=<<___; mov %rsp,%rax lea 4($num),%r11 neg %r11 - lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+4)) + lea -256(%rsp,%r11,8),%rsp # tp=alloca(8*(num+4)+256) and \$-1024,%rsp # minimize TLB usage mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp .Lmul4x_body: mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp - mov %rdx,%r12 # reassign $bp + lea 128(%rdx),%r12 # reassign $bp (+size optimization) ___ $bp="%r12"; $STRIDE=2**5*8; # 5 is "window size" $N=$STRIDE/4; # should match cache line size $code.=<<___; - mov %r10,%r11 - shr \$`log($N/8)/log(2)`,%r10 - and \$`$N/8-1`,%r11 - not %r10 - lea .Lmagic_masks(%rip),%rax - and \$`2**5/($N/8)-1`,%r10 # 5 is "window size" - lea 96($bp,%r11,8),$bp # pointer within 1st cache line - movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which - movq 8(%rax,%r10,8),%xmm5 # cache line contains element - movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument - movq 24(%rax,%r10,8),%xmm7 - - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization) + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + .byte 0x67,0x67 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - movq %xmm0,$m0 # m0=bp[0] + mov ($n0),$n0 # pull n0[0] value mov ($ap),%rax xor $i,$i # i=0 xor $j,$j # j=0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mov $n0,$m1 mulq $m0 # ap[0]*bp[0] mov %rax,$A[0] mov ($np),%rax - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $A[0],$m1 # "tp[0]"*n0 mov %rdx,$A[1] - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$A[0] # discarded mov 8($ap),%rax @@ -550,8 +630,6 @@ mov $N[1],-16(%rsp,$j,8) # tp[j-1] mov %rdx,$N[0] - movq %xmm0,$m0 # bp[1] - xor $N[1],$N[1] add $A[0],$N[0] adc \$0,$N[1] @@ -561,12 +639,34 @@ lea 1($i),$i # i++ .align 4 .Louter4x: + lea 32+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movq %xmm0,$m0 # m0=bp[i] + xor $j,$j # j=0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 mov (%rsp),$A[0] mov $n0,$m1 @@ -575,18 +675,9 @@ mov ($np),%rax adc \$0,%rdx - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $A[0],$m1 # tp[0]*n0 mov %rdx,$A[1] - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$A[0] # "$N[0]", discarded mov 8($ap),%rax @@ -718,7 +809,6 @@ mov $N[0],-24(%rsp,$j,8) # tp[j-1] mov %rdx,$N[0] - movq %xmm0,$m0 # bp[i+1] mov $N[1],-16(%rsp,$j,8) # tp[j-1] xor $N[1],$N[1] @@ -809,13 +899,7 @@ $code.=<<___; mov 8(%rsp,$num,8),%rsi # restore %rsp mov \$1,%rax -___ -$code.=<<___ if ($win64); - movaps (%rsi),%xmm6 - movaps 0x10(%rsi),%xmm7 - lea 0x28(%rsi),%rsi -___ -$code.=<<___; + mov (%rsi),%r15 mov 8(%rsi),%r14 mov 16(%rsi),%r13 @@ -830,8 +914,8 @@ }}} { -my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order +my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order + ("%rdi","%rsi","%rdx","%ecx"); # Unix order my $out=$inp; my $STRIDE=2**5*8; my $N=$STRIDE/4; @@ -859,53 +943,89 @@ .type bn_gather5,\@abi-omnipotent .align 16 bn_gather5: -___ -$code.=<<___ if ($win64); -.LSEH_begin_bn_gather5: +.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x83,0xec,0x28 #sub \$0x28,%rsp - .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) - .byte 0x0f,0x29,0x7c,0x24,0x10 #movdqa %xmm7,0x10(%rsp) -___ -$code.=<<___; - mov $idx,%r11 - shr \$`log($N/8)/log(2)`,$idx - and \$`$N/8-1`,%r11 - not $idx - lea .Lmagic_masks(%rip),%rax - and \$`2**5/($N/8)-1`,$idx # 5 is "window size" - lea 96($tbl,%r11,8),$tbl # pointer within 1st cache line - movq 0(%rax,$idx,8),%xmm4 # set of masks denoting which - movq 8(%rax,$idx,8),%xmm5 # cache line contains element - movq 16(%rax,$idx,8),%xmm6 # denoted by 7th argument - movq 24(%rax,$idx,8),%xmm7 + .byte 0x4c,0x8d,0x14,0x24 # lea (%rsp),%r10 + .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 # sub $0x108,%rsp + lea .Linc(%rip),%rax + and \$-16,%rsp # shouldn't be formally required + + movd $idx,%xmm5 + movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 + lea 128($tbl),%r11 # size optimization + lea 128(%rsp),%rax # size optimization + + pshufd \$0,%xmm5,%xmm5 # broadcast $idx + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to $idx and save result to stack +# +for($i=0;$i<$STRIDE/16;$i+=4) { +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 +___ +$code.=<<___ if ($i); + movdqa %xmm3,`16*($i-1)-128`(%rax) +___ +$code.=<<___; + movdqa %xmm4,%xmm3 + + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($i+0)-128`(%rax) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($i+1)-128`(%rax) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($i+2)-128`(%rax) + movdqa %xmm4,%xmm2 +___ +} +$code.=<<___; + movdqa %xmm3,`16*($i-1)-128`(%rax) jmp .Lgather -.align 16 -.Lgather: - movq `0*$STRIDE/4-96`($tbl),%xmm0 - movq `1*$STRIDE/4-96`($tbl),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($tbl),%xmm2 - pand %xmm5,%xmm1 - movq `3*$STRIDE/4-96`($tbl),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - por %xmm2,%xmm0 - lea $STRIDE($tbl),$tbl - por %xmm3,%xmm0 +.align 32 +.Lgather: + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($i=0;$i<$STRIDE/16;$i+=4) { +$code.=<<___; + movdqa `16*($i+0)-128`(%r11),%xmm0 + movdqa `16*($i+1)-128`(%r11),%xmm1 + movdqa `16*($i+2)-128`(%r11),%xmm2 + pand `16*($i+0)-128`(%rax),%xmm0 + movdqa `16*($i+3)-128`(%r11),%xmm3 + pand `16*($i+1)-128`(%rax),%xmm1 + por %xmm0,%xmm4 + pand `16*($i+2)-128`(%rax),%xmm2 + por %xmm1,%xmm5 + pand `16*($i+3)-128`(%rax),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + lea $STRIDE(%r11),%r11 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 movq %xmm0,($out) # m0=bp[0] lea 8($out),$out sub \$1,$num jnz .Lgather -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - lea 0x28(%rsp),%rsp -___ -$code.=<<___; + + lea (%r10),%rsp ret .LSEH_end_bn_gather5: .size bn_gather5,.-bn_gather5 @@ -913,9 +1033,9 @@ } $code.=<<___; .align 64 -.Lmagic_masks: - .long 0,0, 0,0, 0,0, -1,-1 - .long 0,0, 0,0, 0,0, 0,0 +.Linc: + .long 0,0, 1,1 + .long 2,2, 2,2 .asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by " ___ @@ -954,7 +1074,7 @@ cmp %r10,%rbx # context->RipR13 mov %r14,232($context) # restore context->R14 mov %r15,240($context) # restore context->R15 - movups %xmm0,512($context) # restore context->Xmm6 - movups %xmm1,528($context) # restore context->Xmm7 .Lcommon_seh_tail: mov 8(%rax),%rdi @@ -1057,10 +1173,9 @@ .rva .Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[] .align 8 .LSEH_info_bn_gather5: - .byte 0x01,0x0d,0x05,0x00 - .byte 0x0d,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7 - .byte 0x08,0x68,0x00,0x00 #movaps (rsp),xmm6 - .byte 0x04,0x42,0x00,0x00 #sub rsp,0x28 + .byte 0x01,0x0b,0x03,0x0a + .byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108 + .byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp), set_frame r10 .align 8 ___ } Index: openssl-1.0.1f/crypto/bn/bn_exp.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_exp.c 2016-02-26 13:15:58.121324913 -0500 +++ openssl-1.0.1f/crypto/bn/bn_exp.c 2016-02-26 13:15:58.117324861 -0500 @@ -111,6 +111,7 @@ #include "cryptlib.h" +#include "constant_time_locl.h" #include "bn_lcl.h" #include @@ -534,31 +535,67 @@ * as cache lines are concerned. The following functions are used to transfer a BIGNUM * from/to that table. */ -static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width) +static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int window) { - size_t i, j; + int i, j; + int width = 1 << window; + BN_ULONG *table = (BN_ULONG *)buf; if (top > b->top) top = b->top; /* this works because 'buf' is explicitly zeroed */ - for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) - { - buf[j] = ((unsigned char*)b->d)[i]; - } + for (i = 0, j = idx; i < top; i++, j += width) { + table[j] = b->d[i]; + } return 1; } -static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) +static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int window) { - size_t i, j; + int i, j; + int width = 1 << window; + volatile BN_ULONG *table = (volatile BN_ULONG *)buf; if (bn_wexpand(b, top) == NULL) return 0; - for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) - { - ((unsigned char*)b->d)[i] = buf[j]; + if (window <= 3) { + for (i = 0; i < top; i++, table += width) { + BN_ULONG acc = 0; + + for (j = 0; j < width; j++) { + acc |= table[j] & + ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + } + + b->d[i] = acc; } + } else { + int xstride = 1 << (window - 2); + BN_ULONG y0, y1, y2, y3; + + i = idx >> (window - 2); /* equivalent of idx / xstride */ + idx &= xstride - 1; /* equivalent of idx % xstride */ + + y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); + y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); + y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); + y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); + + for (i = 0; i < top; i++, table += width) { + BN_ULONG acc = 0; + + for (j = 0; j < xstride; j++) { + acc |= ( (table[j + 0 * xstride] & y0) | + (table[j + 1 * xstride] & y1) | + (table[j + 2 * xstride] & y2) | + (table[j + 3 * xstride] & y3) ) + & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + } + + b->d[i] = acc; + } + } b->top = top; bn_correct_top(b); @@ -767,8 +804,8 @@ else #endif { - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers)) goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window)) goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window)) goto err; /* If the window size is greater than 1, then calculate * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) @@ -778,20 +815,20 @@ if (window > 1) { if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx)) goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i=3; i=0; i--,bits--) wvalue = (wvalue<<1)+BN_is_bit_set(p,bits); - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err; + if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,window)) goto err; /* Scan the exponent one window at a time starting from the most * significant bits. @@ -808,7 +845,7 @@ } /* Fetch the appropriate pre-computed value from the pre-buf */ - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err; + if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, window)) goto err; /* Multiply the result into the intermediate result */ if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err; Index: openssl-1.0.1f/crypto/perlasm/x86_64-xlate.pl =================================================================== --- openssl-1.0.1f.orig/crypto/perlasm/x86_64-xlate.pl 2016-02-26 13:15:58.121324913 -0500 +++ openssl-1.0.1f/crypto/perlasm/x86_64-xlate.pl 2016-02-26 13:15:58.117324861 -0500 @@ -121,7 +121,7 @@ $self->{sz} = ""; } elsif ($self->{op} =~ /^v/) { # VEX $self->{sz} = ""; - } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) { + } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) { $self->{sz} = ""; } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { $self->{op} = $1; Index: openssl-1.0.1f/crypto/constant_time_locl.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1f/crypto/constant_time_locl.h 2016-02-26 13:27:24.838531076 -0500 @@ -0,0 +1,211 @@ +/* crypto/constant_time_locl.h */ +/*- + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONSTANT_TIME_LOCL_H +# define HEADER_CONSTANT_TIME_LOCL_H + +# include "e_os.h" /* For 'inline' */ + +#ifdef __cplusplus +extern "C" { +#endif + +/*- + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * + * can be written as + * + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* + * Returns the given value with the MSB copied to all the other + * bits. Uses the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to + * replace this with something else on odd CPUs. + */ +static inline unsigned int constant_time_msb(unsigned int a); + +/* + * Returns 0xff..f if a < b and 0 otherwise. + */ +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b); + +/* + * Returns 0xff..f if a >= b and 0 otherwise. + */ +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b); + +/* + * Returns 0xff..f if a == 0 and 0 otherwise. + */ +static inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_is_zero_8(unsigned int a); + +/* + * Returns 0xff..f if a == b and 0 otherwise. + */ +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b); +/* Signed integers. */ +static inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_int_8(int a, int b); + +/*- + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b); +/* Convenience method for unsigned chars. */ +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b); +/* Convenience method for signed integers. */ +static inline int constant_time_select_int(unsigned int mask, int a, int b); + +static inline unsigned int constant_time_msb(unsigned int a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) +{ + return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_lt(a, b)); +} + +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) +{ + return ~constant_time_lt(a, b); +} + +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_ge(a, b)); +} + +static inline unsigned int constant_time_is_zero(unsigned int a) +{ + return constant_time_msb(~a & (a - 1)); +} + +static inline unsigned char constant_time_is_zero_8(unsigned int a) +{ + return (unsigned char)(constant_time_is_zero(a)); +} + +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) +{ + return constant_time_is_zero(a ^ b); +} + +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_eq(a, b)); +} + +static inline unsigned int constant_time_eq_int(int a, int b) +{ + return constant_time_eq((unsigned)(a), (unsigned)(b)); +} + +static inline unsigned char constant_time_eq_int_8(int a, int b) +{ + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); +} + +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b) +{ + return (mask & a) | (~mask & b); +} + +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b) +{ + return (unsigned char)(constant_time_select(mask, a, b)); +} + +static inline int constant_time_select_int(unsigned int mask, int a, int b) +{ + return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); +} + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CONSTANT_TIME_LOCL_H */ debian/patches/CVE-2015-0293-2.patch0000644000000000000000000000370412502560225013375 0ustar Backport of: From 8ca79fcbf45ea2ed505679be20e1a8a4c3df07cf Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 19 Mar 2015 11:35:33 +0000 Subject: [PATCH] Fix unsigned/signed warnings Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte --- ssl/s2_srvr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) Index: openssl-1.0.1f/ssl/s2_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/s2_srvr.c 2015-03-19 10:35:15.190372646 -0400 +++ openssl-1.0.1f/ssl/s2_srvr.c 2015-03-19 10:36:48.267032114 -0400 @@ -363,7 +363,8 @@ static int get_client_master_key(SSL *s) { - int is_export,i,n,keya,ek; + int is_export,i,n,keya; + unsigned int ek; unsigned long len; unsigned char *p; const SSL_CIPHER *cp; @@ -482,7 +483,7 @@ * must be zero). */ if ((!is_export && s->s2->tmp.clear != 0) || - (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { + (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); return -1; @@ -493,7 +494,7 @@ * bytes to fit the key in the buffer, stop now. */ if ((is_export && s->s2->tmp.enc < ek) || - (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { + (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); return -1; @@ -510,7 +511,7 @@ /* If a bad decrypt, continue with protocol but with a * random master secret (Bleichenbacher attack) */ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) - || (is_export && i != ek))) + || (is_export && i != (int)ek))) { ERR_clear_error(); if (is_export) debian/patches/CVE-2018-0734-3.patch0000644000000000000000000000177113401516553013407 0ustar Backport of: From 880d1c76ed9916cddb97fe05fb4c144f0f6f1012 Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 1 Nov 2018 08:44:11 +1000 Subject: [PATCH] Add a constant time flag to one of the bignums to avoid a timing leak. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7549) (cherry picked from commit 00496b6423605391864fbbd1693f23631a1c5239) --- crypto/dsa/dsa_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/dsa/dsa_ossl.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_ossl.c 2018-12-04 10:28:45.627994680 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_ossl.c 2018-12-04 10:29:20.096061156 -0500 @@ -258,6 +258,7 @@ static int dsa_sign_setup(DSA *dsa, BN_C if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); + BN_set_flags(&l, BN_FLG_CONSTTIME); } if (dsa->flags & DSA_FLAG_CACHE_MONT_P) debian/patches/CVE-2014-8275.patch0000644000000000000000000002023512453766126013260 0ustar Description: fix certificate fingerprints can be modified Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=86edf13b1c97526c0cf63c37342aaa01f5442688 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5951cc004b96cd681ffdf39d3fc9238a1ff597ae Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8565530e27718760220df469f0a071c85b9e731 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=178c562a4621162dbe19a7c34fa2ad558684f40e Index: openssl-1.0.1f/crypto/asn1/a_bitstr.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_bitstr.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/asn1/a_bitstr.c 2015-01-09 09:10:16.394677867 -0500 @@ -136,11 +136,16 @@ p= *pp; i= *(p++); + if (i > 7) + { + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } /* We do this to preserve the settings. If we modify * the settings, via the _set_bit function, we will recalculate * on output */ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ if (len-- > 1) /* using one because of the bits left byte */ { Index: openssl-1.0.1f/crypto/asn1/a_type.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_type.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/asn1/a_type.c 2015-01-09 09:10:18.758695061 -0500 @@ -113,7 +113,7 @@ IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; Index: openssl-1.0.1f/crypto/asn1/a_verify.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/a_verify.c 2015-01-09 09:09:20.000000000 -0500 +++ openssl-1.0.1f/crypto/asn1/a_verify.c 2015-01-09 09:10:28.334764694 -0500 @@ -90,6 +90,12 @@ ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -146,6 +152,12 @@ return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ Index: openssl-1.0.1f/crypto/asn1/asn1.h =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/asn1.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/asn1/asn1.h 2015-01-09 09:10:18.762695089 -0500 @@ -776,7 +776,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1329,6 +1329,7 @@ #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MIME_TYPE 205 Index: openssl-1.0.1f/crypto/asn1/asn1_err.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/asn1_err.c 2015-01-09 09:09:52.550504406 -0500 +++ openssl-1.0.1f/crypto/asn1/asn1_err.c 2015-01-09 09:10:16.398677895 -0500 @@ -246,6 +246,7 @@ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, Index: openssl-1.0.1f/crypto/asn1/x_algor.c =================================================================== --- openssl-1.0.1f.orig/crypto/asn1/x_algor.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/asn1/x_algor.c 2015-01-09 09:10:18.762695089 -0500 @@ -142,3 +142,14 @@ X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } Index: openssl-1.0.1f/crypto/dsa/dsa_asn1.c =================================================================== --- openssl-1.0.1f.orig/crypto/dsa/dsa_asn1.c 2015-01-09 09:09:20.000000000 -0500 +++ openssl-1.0.1f/crypto/dsa/dsa_asn1.c 2015-01-09 09:10:20.958711059 -0500 @@ -176,13 +176,25 @@ const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } Index: openssl-1.0.1f/crypto/ecdsa/ecs_vrf.c =================================================================== --- openssl-1.0.1f.orig/crypto/ecdsa/ecs_vrf.c 2015-01-09 09:09:20.000000000 -0500 +++ openssl-1.0.1f/crypto/ecdsa/ecs_vrf.c 2015-01-09 09:10:20.958711059 -0500 @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -84,13 +85,25 @@ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } Index: openssl-1.0.1f/crypto/x509/x509.h =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/x509/x509.h 2015-01-09 09:10:18.762695089 -0500 @@ -768,6 +768,7 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); Index: openssl-1.0.1f/crypto/x509/x_all.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x_all.c 2015-01-09 09:09:20.000000000 -0500 +++ openssl-1.0.1f/crypto/x509/x_all.c 2015-01-09 09:10:20.958711059 -0500 @@ -72,6 +72,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } debian/patches/CVE-2015-1791.patch0000644000000000000000000001732012535317432013247 0ustar From 939b4960276b040fc0ed52232238fcc9e2e9ec21 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 18 May 2015 16:27:48 +0100 Subject: [PATCH] Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c --- ssl/s3_clnt.c | 32 +++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 158 insertions(+) Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2015-06-08 08:44:13.285639625 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2015-06-08 08:47:39.951931831 -0400 @@ -2099,6 +2099,38 @@ } p=d=(unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2015-06-08 08:44:13.285639625 -0400 +++ openssl-1.0.1f/ssl/ssl.h 2015-06-08 08:47:59.112144000 -0400 @@ -2244,6 +2244,7 @@ #define SSL_F_SSL_READ 223 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +#define SSL_F_SSL_SESSION_DUP 348 #define SSL_F_SSL_SESSION_NEW 189 #define SSL_F_SSL_SESSION_PRINT_FP 190 #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 Index: openssl-1.0.1f/ssl/ssl_err.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_err.c 2015-06-08 08:44:13.285639625 -0400 +++ openssl-1.0.1f/ssl/ssl_err.c 2015-06-08 08:48:25.700438330 -0400 @@ -245,6 +245,7 @@ {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, +{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, Index: openssl-1.0.1f/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_locl.h 2015-06-08 08:44:13.285639625 -0400 +++ openssl-1.0.1f/ssl/ssl_locl.h 2015-06-08 08:48:49.036696569 -0400 @@ -821,6 +821,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); Index: openssl-1.0.1f/ssl/ssl_sess.c =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_sess.c 2015-06-08 08:44:13.285639625 -0400 +++ openssl-1.0.1f/ssl/ssl_sess.c 2015-06-08 08:54:29.632442476 -0400 @@ -224,6 +224,130 @@ return(ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_KRB5 + dest->krb5_client_princ_len = dest->krb5_client_princ_len; + if (src->krb5_client_princ_len > 0) + memcpy(dest->krb5_client_princ, src->krb5_client_princ, + src->krb5_client_princ_len); +#endif + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } else { + dest->psk_identity_hint = NULL; + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } else { + dest->psk_identity = NULL; + } +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + dest->tlsext_ecpointformatlist_length = + src->tlsext_ecpointformatlist_length; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + dest->tlsext_ellipticcurvelist_length = + src->tlsext_ellipticcurvelist_length; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } else { + dest->srp_username = NULL; + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { if(len) debian/patches/version-script.patch0000644000000000000000000033020312664070032014626 0ustar Index: openssl-1.0.1d/Configure =================================================================== --- openssl-1.0.1d.orig/Configure 2013-02-06 19:41:43.000000000 +0100 +++ openssl-1.0.1d/Configure 2013-02-06 19:41:43.000000000 +0100 @@ -1621,6 +1621,8 @@ } } +$shared_ldflag .= " -Wl,--version-script=openssl.ld"; + open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; Index: openssl-1.0.1d/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/openssl.ld 2013-02-06 19:44:25.000000000 +0100 @@ -0,0 +1,4620 @@ +OPENSSL_1.0.0 { + global: + BIO_f_ssl; + BIO_new_buffer_ssl_connect; + BIO_new_ssl; + BIO_new_ssl_connect; + BIO_proxy_ssl_copy_session_id; + BIO_ssl_copy_session_id; + BIO_ssl_shutdown; + d2i_SSL_SESSION; + DTLSv1_client_method; + DTLSv1_method; + DTLSv1_server_method; + ERR_load_SSL_strings; + i2d_SSL_SESSION; + kssl_build_principal_2; + kssl_cget_tkt; + kssl_check_authent; + kssl_ctx_free; + kssl_ctx_new; + kssl_ctx_setkey; + kssl_ctx_setprinc; + kssl_ctx_setstring; + kssl_ctx_show; + kssl_err_set; + kssl_krb5_free_data_contents; + kssl_sget_tkt; + kssl_skip_confound; + kssl_validate_times; + PEM_read_bio_SSL_SESSION; + PEM_read_SSL_SESSION; + PEM_write_bio_SSL_SESSION; + PEM_write_SSL_SESSION; + SSL_accept; + SSL_add_client_CA; + SSL_add_dir_cert_subjects_to_stack; + SSL_add_dir_cert_subjs_to_stk; + SSL_add_file_cert_subjects_to_stack; + SSL_add_file_cert_subjs_to_stk; + SSL_alert_desc_string; + SSL_alert_desc_string_long; + SSL_alert_type_string; + SSL_alert_type_string_long; + SSL_callback_ctrl; + SSL_check_private_key; + SSL_CIPHER_description; + SSL_CIPHER_get_bits; + SSL_CIPHER_get_name; + SSL_CIPHER_get_version; + SSL_clear; + SSL_COMP_add_compression_method; + SSL_COMP_get_compression_methods; + SSL_COMP_get_compress_methods; + SSL_COMP_get_name; + SSL_connect; + SSL_copy_session_id; + SSL_ctrl; + SSL_CTX_add_client_CA; + SSL_CTX_add_session; + SSL_CTX_callback_ctrl; + SSL_CTX_check_private_key; + SSL_CTX_ctrl; + SSL_CTX_flush_sessions; + SSL_CTX_free; + SSL_CTX_get_cert_store; + SSL_CTX_get_client_CA_list; + SSL_CTX_get_client_cert_cb; + SSL_CTX_get_ex_data; + SSL_CTX_get_ex_new_index; + SSL_CTX_get_info_callback; + SSL_CTX_get_quiet_shutdown; + SSL_CTX_get_timeout; + SSL_CTX_get_verify_callback; + SSL_CTX_get_verify_depth; + SSL_CTX_get_verify_mode; + SSL_CTX_load_verify_locations; + SSL_CTX_new; + SSL_CTX_remove_session; + SSL_CTX_sess_get_get_cb; + SSL_CTX_sess_get_new_cb; + SSL_CTX_sess_get_remove_cb; + SSL_CTX_sessions; + SSL_CTX_sess_set_get_cb; + SSL_CTX_sess_set_new_cb; + SSL_CTX_sess_set_remove_cb; + SSL_CTX_set1_param; + SSL_CTX_set_cert_store; + SSL_CTX_set_cert_verify_callback; + SSL_CTX_set_cert_verify_cb; + SSL_CTX_set_cipher_list; + SSL_CTX_set_client_CA_list; + SSL_CTX_set_client_cert_cb; + SSL_CTX_set_client_cert_engine; + SSL_CTX_set_cookie_generate_cb; + SSL_CTX_set_cookie_verify_cb; + SSL_CTX_set_default_passwd_cb; + SSL_CTX_set_default_passwd_cb_userdata; + SSL_CTX_set_default_verify_paths; + SSL_CTX_set_def_passwd_cb_ud; + SSL_CTX_set_def_verify_paths; + SSL_CTX_set_ex_data; + SSL_CTX_set_generate_session_id; + SSL_CTX_set_info_callback; + SSL_CTX_set_msg_callback; + SSL_CTX_set_psk_client_callback; + SSL_CTX_set_psk_server_callback; + SSL_CTX_set_purpose; + SSL_CTX_set_quiet_shutdown; + SSL_CTX_set_session_id_context; + SSL_CTX_set_ssl_version; + SSL_CTX_set_timeout; + SSL_CTX_set_tmp_dh_callback; + SSL_CTX_set_tmp_ecdh_callback; + SSL_CTX_set_tmp_rsa_callback; + SSL_CTX_set_trust; + SSL_CTX_set_verify; + SSL_CTX_set_verify_depth; + SSL_CTX_use_cert_chain_file; + SSL_CTX_use_certificate; + SSL_CTX_use_certificate_ASN1; + SSL_CTX_use_certificate_chain_file; + SSL_CTX_use_certificate_file; + SSL_CTX_use_PrivateKey; + SSL_CTX_use_PrivateKey_ASN1; + SSL_CTX_use_PrivateKey_file; + SSL_CTX_use_psk_identity_hint; + SSL_CTX_use_RSAPrivateKey; + SSL_CTX_use_RSAPrivateKey_ASN1; + SSL_CTX_use_RSAPrivateKey_file; + SSL_do_handshake; + SSL_dup; + SSL_dup_CA_list; + SSLeay_add_ssl_algorithms; + SSL_free; + SSL_get1_session; + SSL_get_certificate; + SSL_get_cipher_list; + SSL_get_ciphers; + SSL_get_client_CA_list; + SSL_get_current_cipher; + SSL_get_current_compression; + SSL_get_current_expansion; + SSL_get_default_timeout; + SSL_get_error; + SSL_get_ex_data; + SSL_get_ex_data_X509_STORE_CTX_idx; + SSL_get_ex_d_X509_STORE_CTX_idx; + SSL_get_ex_new_index; + SSL_get_fd; + SSL_get_finished; + SSL_get_info_callback; + SSL_get_peer_cert_chain; + SSL_get_peer_certificate; + SSL_get_peer_finished; + SSL_get_privatekey; + SSL_get_psk_identity; + SSL_get_psk_identity_hint; + SSL_get_quiet_shutdown; + SSL_get_rbio; + SSL_get_read_ahead; + SSL_get_rfd; + SSL_get_servername; + SSL_get_servername_type; + SSL_get_session; + SSL_get_shared_ciphers; + SSL_get_shutdown; + SSL_get_SSL_CTX; + SSL_get_ssl_method; + SSL_get_verify_callback; + SSL_get_verify_depth; + SSL_get_verify_mode; + SSL_get_verify_result; + SSL_get_version; + SSL_get_wbio; + SSL_get_wfd; + SSL_has_matching_session_id; + SSL_library_init; + SSL_load_client_CA_file; + SSL_load_error_strings; + SSL_new; + SSL_peek; + SSL_pending; + SSL_read; + SSL_renegotiate; + SSL_renegotiate_pending; + SSL_rstate_string; + SSL_rstate_string_long; + SSL_SESSION_cmp; + SSL_SESSION_free; + SSL_SESSION_get_ex_data; + SSL_SESSION_get_ex_new_index; + SSL_SESSION_get_id; + SSL_SESSION_get_time; + SSL_SESSION_get_timeout; + SSL_SESSION_hash; + SSL_SESSION_new; + SSL_SESSION_print; + SSL_SESSION_print_fp; + SSL_SESSION_set_ex_data; + SSL_SESSION_set_time; + SSL_SESSION_set_timeout; + SSL_set1_param; + SSL_set_accept_state; + SSL_set_bio; + SSL_set_cipher_list; + SSL_set_client_CA_list; + SSL_set_connect_state; + SSL_set_ex_data; + SSL_set_fd; + SSL_set_generate_session_id; + SSL_set_info_callback; + SSL_set_msg_callback; + SSL_set_psk_client_callback; + SSL_set_psk_server_callback; + SSL_set_purpose; + SSL_set_quiet_shutdown; + SSL_set_read_ahead; + SSL_set_rfd; + SSL_set_session; + SSL_set_session_id_context; + SSL_set_session_secret_cb; + SSL_set_session_ticket_ext; + SSL_set_session_ticket_ext_cb; + SSL_set_shutdown; + SSL_set_SSL_CTX; + SSL_set_ssl_method; + SSL_set_tmp_dh_callback; + SSL_set_tmp_ecdh_callback; + SSL_set_tmp_rsa_callback; + SSL_set_trust; + SSL_set_verify; + SSL_set_verify_depth; + SSL_set_verify_result; + SSL_set_wfd; + SSL_shutdown; + SSL_state; + SSL_state_string; + SSL_state_string_long; + SSL_use_certificate; + SSL_use_certificate_ASN1; + SSL_use_certificate_file; + SSL_use_PrivateKey; + SSL_use_PrivateKey_ASN1; + SSL_use_PrivateKey_file; + SSL_use_psk_identity_hint; + SSL_use_RSAPrivateKey; + SSL_use_RSAPrivateKey_ASN1; + SSL_use_RSAPrivateKey_file; + SSLv23_client_method; + SSLv23_method; + SSLv23_server_method; + SSLv2_client_method; + SSLv2_method; + SSLv2_server_method; + SSLv3_client_method; + SSLv3_method; + SSLv3_server_method; + SSL_version; + SSL_want; + SSL_write; + TLSv1_client_method; + TLSv1_method; + TLSv1_server_method; + + + SSLeay; + SSLeay_version; + ASN1_BIT_STRING_asn1_meth; + ASN1_HEADER_free; + ASN1_HEADER_new; + ASN1_IA5STRING_asn1_meth; + ASN1_INTEGER_get; + ASN1_INTEGER_set; + ASN1_INTEGER_to_BN; + ASN1_OBJECT_create; + ASN1_OBJECT_free; + ASN1_OBJECT_new; + ASN1_PRINTABLE_type; + ASN1_STRING_cmp; + ASN1_STRING_dup; + ASN1_STRING_free; + ASN1_STRING_new; + ASN1_STRING_print; + ASN1_STRING_set; + ASN1_STRING_type_new; + ASN1_TYPE_free; + ASN1_TYPE_new; + ASN1_UNIVERSALSTRING_to_string; + ASN1_UTCTIME_check; + ASN1_UTCTIME_print; + ASN1_UTCTIME_set; + ASN1_check_infinite_end; + ASN1_d2i_bio; + ASN1_d2i_fp; + ASN1_digest; + ASN1_dup; + ASN1_get_object; + ASN1_i2d_bio; + ASN1_i2d_fp; + ASN1_object_size; + ASN1_parse; + ASN1_put_object; + ASN1_sign; + ASN1_verify; + BF_cbc_encrypt; + BF_cfb64_encrypt; + BF_ecb_encrypt; + BF_encrypt; + BF_ofb64_encrypt; + BF_options; + BF_set_key; + BIO_CONNECT_free; + BIO_CONNECT_new; + BIO_accept; + BIO_ctrl; + BIO_int_ctrl; + BIO_debug_callback; + BIO_dump; + BIO_dup_chain; + BIO_f_base64; + BIO_f_buffer; + BIO_f_cipher; + BIO_f_md; + BIO_f_null; + BIO_f_proxy_server; + BIO_fd_non_fatal_error; + BIO_fd_should_retry; + BIO_find_type; + BIO_free; + BIO_free_all; + BIO_get_accept_socket; + BIO_get_filter_bio; + BIO_get_host_ip; + BIO_get_port; + BIO_get_retry_BIO; + BIO_get_retry_reason; + BIO_gethostbyname; + BIO_gets; + BIO_new; + BIO_new_accept; + BIO_new_connect; + BIO_new_fd; + BIO_new_file; + BIO_new_fp; + BIO_new_socket; + BIO_pop; + BIO_printf; + BIO_push; + BIO_puts; + BIO_read; + BIO_s_accept; + BIO_s_connect; + BIO_s_fd; + BIO_s_file; + BIO_s_mem; + BIO_s_null; + BIO_s_proxy_client; + BIO_s_socket; + BIO_set; + BIO_set_cipher; + BIO_set_tcp_ndelay; + BIO_sock_cleanup; + BIO_sock_error; + BIO_sock_init; + BIO_sock_non_fatal_error; + BIO_sock_should_retry; + BIO_socket_ioctl; + BIO_write; + BN_CTX_free; + BN_CTX_new; + BN_MONT_CTX_free; + BN_MONT_CTX_new; + BN_MONT_CTX_set; + BN_add; + BN_add_word; + BN_hex2bn; + BN_bin2bn; + BN_bn2hex; + BN_bn2bin; + BN_clear; + BN_clear_bit; + BN_clear_free; + BN_cmp; + BN_copy; + BN_div; + BN_div_word; + BN_dup; + BN_free; + BN_from_montgomery; + BN_gcd; + BN_generate_prime; + BN_get_word; + BN_is_bit_set; + BN_is_prime; + BN_lshift; + BN_lshift1; + BN_mask_bits; + BN_mod; + BN_mod_exp; + BN_mod_exp_mont; + BN_mod_exp_simple; + BN_mod_inverse; + BN_mod_mul; + BN_mod_mul_montgomery; + BN_mod_word; + BN_mul; + BN_new; + BN_num_bits; + BN_num_bits_word; + BN_options; + BN_print; + BN_print_fp; + BN_rand; + BN_reciprocal; + BN_rshift; + BN_rshift1; + BN_set_bit; + BN_set_word; + BN_sqr; + BN_sub; + BN_to_ASN1_INTEGER; + BN_ucmp; + BN_value_one; + BUF_MEM_free; + BUF_MEM_grow; + BUF_MEM_new; + BUF_strdup; + CONF_free; + CONF_get_number; + CONF_get_section; + CONF_get_string; + CONF_load; + CRYPTO_add_lock; + CRYPTO_dbg_free; + CRYPTO_dbg_malloc; + CRYPTO_dbg_realloc; + CRYPTO_dbg_remalloc; + CRYPTO_free; + CRYPTO_get_add_lock_callback; + CRYPTO_get_id_callback; + CRYPTO_get_lock_name; + CRYPTO_get_locking_callback; + CRYPTO_get_mem_functions; + CRYPTO_lock; + CRYPTO_malloc; + CRYPTO_mem_ctrl; + CRYPTO_mem_leaks; + CRYPTO_mem_leaks_cb; + CRYPTO_mem_leaks_fp; + CRYPTO_realloc; + CRYPTO_remalloc; + CRYPTO_set_add_lock_callback; + CRYPTO_set_id_callback; + CRYPTO_set_locking_callback; + CRYPTO_set_mem_functions; + CRYPTO_thread_id; + DH_check; + DH_compute_key; + DH_free; + DH_generate_key; + DH_generate_parameters; + DH_new; + DH_size; + DHparams_print; + DHparams_print_fp; + DSA_free; + DSA_generate_key; + DSA_generate_parameters; + DSA_is_prime; + DSA_new; + DSA_print; + DSA_print_fp; + DSA_sign; + DSA_sign_setup; + DSA_size; + DSA_verify; + DSAparams_print; + DSAparams_print_fp; + ERR_clear_error; + ERR_error_string; + ERR_free_strings; + ERR_func_error_string; + ERR_get_err_state_table; + ERR_get_error; + ERR_get_error_line; + ERR_get_state; + ERR_get_string_table; + ERR_lib_error_string; + ERR_load_ASN1_strings; + ERR_load_BIO_strings; + ERR_load_BN_strings; + ERR_load_BUF_strings; + ERR_load_CONF_strings; + ERR_load_DH_strings; + ERR_load_DSA_strings; + ERR_load_ERR_strings; + ERR_load_EVP_strings; + ERR_load_OBJ_strings; + ERR_load_PEM_strings; + ERR_load_PROXY_strings; + ERR_load_RSA_strings; + ERR_load_X509_strings; + ERR_load_crypto_strings; + ERR_load_strings; + ERR_peek_error; + ERR_peek_error_line; + ERR_print_errors; + ERR_print_errors_fp; + ERR_put_error; + ERR_reason_error_string; + ERR_remove_state; + EVP_BytesToKey; + EVP_CIPHER_CTX_cleanup; + EVP_CipherFinal; + EVP_CipherInit; + EVP_CipherUpdate; + EVP_DecodeBlock; + EVP_DecodeFinal; + EVP_DecodeInit; + EVP_DecodeUpdate; + EVP_DecryptFinal; + EVP_DecryptInit; + EVP_DecryptUpdate; + EVP_DigestFinal; + EVP_DigestInit; + EVP_DigestUpdate; + EVP_EncodeBlock; + EVP_EncodeFinal; + EVP_EncodeInit; + EVP_EncodeUpdate; + EVP_EncryptFinal; + EVP_EncryptInit; + EVP_EncryptUpdate; + EVP_OpenFinal; + EVP_OpenInit; + EVP_PKEY_assign; + EVP_PKEY_copy_parameters; + EVP_PKEY_free; + EVP_PKEY_missing_parameters; + EVP_PKEY_new; + EVP_PKEY_save_parameters; + EVP_PKEY_size; + EVP_PKEY_type; + EVP_SealFinal; + EVP_SealInit; + EVP_SignFinal; + EVP_VerifyFinal; + EVP_add_alias; + EVP_add_cipher; + EVP_add_digest; + EVP_bf_cbc; + EVP_bf_cfb64; + EVP_bf_ecb; + EVP_bf_ofb; + EVP_cleanup; + EVP_des_cbc; + EVP_des_cfb64; + EVP_des_ecb; + EVP_des_ede; + EVP_des_ede3; + EVP_des_ede3_cbc; + EVP_des_ede3_cfb64; + EVP_des_ede3_ofb; + EVP_des_ede_cbc; + EVP_des_ede_cfb64; + EVP_des_ede_ofb; + EVP_des_ofb; + EVP_desx_cbc; + EVP_dss; + EVP_dss1; + EVP_enc_null; + EVP_get_cipherbyname; + EVP_get_digestbyname; + EVP_get_pw_prompt; + EVP_idea_cbc; + EVP_idea_cfb64; + EVP_idea_ecb; + EVP_idea_ofb; + EVP_md2; + EVP_md5; + EVP_md_null; + EVP_rc2_cbc; + EVP_rc2_cfb64; + EVP_rc2_ecb; + EVP_rc2_ofb; + EVP_rc4; + EVP_read_pw_string; + EVP_set_pw_prompt; + EVP_sha; + EVP_sha1; + MD2; + MD2_Final; + MD2_Init; + MD2_Update; + MD2_options; + MD5; + MD5_Final; + MD5_Init; + MD5_Update; + MDC2; + MDC2_Final; + MDC2_Init; + MDC2_Update; + NETSCAPE_SPKAC_free; + NETSCAPE_SPKAC_new; + NETSCAPE_SPKI_free; + NETSCAPE_SPKI_new; + NETSCAPE_SPKI_sign; + NETSCAPE_SPKI_verify; + OBJ_add_object; + OBJ_bsearch; + OBJ_cleanup; + OBJ_cmp; + OBJ_create; + OBJ_dup; + OBJ_ln2nid; + OBJ_new_nid; + OBJ_nid2ln; + OBJ_nid2obj; + OBJ_nid2sn; + OBJ_obj2nid; + OBJ_sn2nid; + OBJ_txt2nid; + PEM_ASN1_read; + PEM_ASN1_read_bio; + PEM_ASN1_write; + PEM_ASN1_write_bio; + PEM_SealFinal; + PEM_SealInit; + PEM_SealUpdate; + PEM_SignFinal; + PEM_SignInit; + PEM_SignUpdate; + PEM_X509_INFO_read; + PEM_X509_INFO_read_bio; + PEM_X509_INFO_write_bio; + PEM_dek_info; + PEM_do_header; + PEM_get_EVP_CIPHER_INFO; + PEM_proc_type; + PEM_read; + PEM_read_DHparams; + PEM_read_DSAPrivateKey; + PEM_read_DSAparams; + PEM_read_PKCS7; + PEM_read_PrivateKey; + PEM_read_RSAPrivateKey; + PEM_read_X509; + PEM_read_X509_CRL; + PEM_read_X509_REQ; + PEM_read_bio; + PEM_read_bio_DHparams; + PEM_read_bio_DSAPrivateKey; + PEM_read_bio_DSAparams; + PEM_read_bio_PKCS7; + PEM_read_bio_PrivateKey; + PEM_read_bio_RSAPrivateKey; + PEM_read_bio_X509; + PEM_read_bio_X509_CRL; + PEM_read_bio_X509_REQ; + PEM_write; + PEM_write_DHparams; + PEM_write_DSAPrivateKey; + PEM_write_DSAparams; + PEM_write_PKCS7; + PEM_write_PrivateKey; + PEM_write_RSAPrivateKey; + PEM_write_X509; + PEM_write_X509_CRL; + PEM_write_X509_REQ; + PEM_write_bio; + PEM_write_bio_DHparams; + PEM_write_bio_DSAPrivateKey; + PEM_write_bio_DSAparams; + PEM_write_bio_PKCS7; + PEM_write_bio_PrivateKey; + PEM_write_bio_RSAPrivateKey; + PEM_write_bio_X509; + PEM_write_bio_X509_CRL; + PEM_write_bio_X509_REQ; + PKCS7_DIGEST_free; + PKCS7_DIGEST_new; + PKCS7_ENCRYPT_free; + PKCS7_ENCRYPT_new; + PKCS7_ENC_CONTENT_free; + PKCS7_ENC_CONTENT_new; + PKCS7_ENVELOPE_free; + PKCS7_ENVELOPE_new; + PKCS7_ISSUER_AND_SERIAL_digest; + PKCS7_ISSUER_AND_SERIAL_free; + PKCS7_ISSUER_AND_SERIAL_new; + PKCS7_RECIP_INFO_free; + PKCS7_RECIP_INFO_new; + PKCS7_SIGNED_free; + PKCS7_SIGNED_new; + PKCS7_SIGNER_INFO_free; + PKCS7_SIGNER_INFO_new; + PKCS7_SIGN_ENVELOPE_free; + PKCS7_SIGN_ENVELOPE_new; + PKCS7_dup; + PKCS7_free; + PKCS7_new; + PROXY_ENTRY_add_noproxy; + PROXY_ENTRY_clear_noproxy; + PROXY_ENTRY_free; + PROXY_ENTRY_get_noproxy; + PROXY_ENTRY_new; + PROXY_ENTRY_set_server; + PROXY_add_noproxy; + PROXY_add_server; + PROXY_check_by_host; + PROXY_check_url; + PROXY_clear_noproxy; + PROXY_free; + PROXY_get_noproxy; + PROXY_get_proxies; + PROXY_get_proxy_entry; + PROXY_load_conf; + PROXY_new; + PROXY_print; + RAND_bytes; + RAND_cleanup; + RAND_file_name; + RAND_load_file; + RAND_screen; + RAND_seed; + RAND_write_file; + RC2_cbc_encrypt; + RC2_cfb64_encrypt; + RC2_ecb_encrypt; + RC2_encrypt; + RC2_ofb64_encrypt; + RC2_set_key; + RC4; + RC4_options; + RC4_set_key; + RSAPrivateKey_asn1_meth; + RSAPrivateKey_dup; + RSAPublicKey_dup; + RSA_PKCS1_SSLeay; + RSA_free; + RSA_generate_key; + RSA_new; + RSA_new_method; + RSA_print; + RSA_print_fp; + RSA_private_decrypt; + RSA_private_encrypt; + RSA_public_decrypt; + RSA_public_encrypt; + RSA_set_default_method; + RSA_sign; + RSA_sign_ASN1_OCTET_STRING; + RSA_size; + RSA_verify; + RSA_verify_ASN1_OCTET_STRING; + SHA; + SHA1; + SHA1_Final; + SHA1_Init; + SHA1_Update; + SHA_Final; + SHA_Init; + SHA_Update; + OpenSSL_add_all_algorithms; + OpenSSL_add_all_ciphers; + OpenSSL_add_all_digests; + TXT_DB_create_index; + TXT_DB_free; + TXT_DB_get_by_index; + TXT_DB_insert; + TXT_DB_read; + TXT_DB_write; + X509_ALGOR_free; + X509_ALGOR_new; + X509_ATTRIBUTE_free; + X509_ATTRIBUTE_new; + X509_CINF_free; + X509_CINF_new; + X509_CRL_INFO_free; + X509_CRL_INFO_new; + X509_CRL_add_ext; + X509_CRL_cmp; + X509_CRL_delete_ext; + X509_CRL_dup; + X509_CRL_free; + X509_CRL_get_ext; + X509_CRL_get_ext_by_NID; + X509_CRL_get_ext_by_OBJ; + X509_CRL_get_ext_by_critical; + X509_CRL_get_ext_count; + X509_CRL_new; + X509_CRL_sign; + X509_CRL_verify; + X509_EXTENSION_create_by_NID; + X509_EXTENSION_create_by_OBJ; + X509_EXTENSION_dup; + X509_EXTENSION_free; + X509_EXTENSION_get_critical; + X509_EXTENSION_get_data; + X509_EXTENSION_get_object; + X509_EXTENSION_new; + X509_EXTENSION_set_critical; + X509_EXTENSION_set_data; + X509_EXTENSION_set_object; + X509_INFO_free; + X509_INFO_new; + X509_LOOKUP_by_alias; + X509_LOOKUP_by_fingerprint; + X509_LOOKUP_by_issuer_serial; + X509_LOOKUP_by_subject; + X509_LOOKUP_ctrl; + X509_LOOKUP_file; + X509_LOOKUP_free; + X509_LOOKUP_hash_dir; + X509_LOOKUP_init; + X509_LOOKUP_new; + X509_LOOKUP_shutdown; + X509_NAME_ENTRY_create_by_NID; + X509_NAME_ENTRY_create_by_OBJ; + X509_NAME_ENTRY_dup; + X509_NAME_ENTRY_free; + X509_NAME_ENTRY_get_data; + X509_NAME_ENTRY_get_object; + X509_NAME_ENTRY_new; + X509_NAME_ENTRY_set_data; + X509_NAME_ENTRY_set_object; + X509_NAME_add_entry; + X509_NAME_cmp; + X509_NAME_delete_entry; + X509_NAME_digest; + X509_NAME_dup; + X509_NAME_entry_count; + X509_NAME_free; + X509_NAME_get_entry; + X509_NAME_get_index_by_NID; + X509_NAME_get_index_by_OBJ; + X509_NAME_get_text_by_NID; + X509_NAME_get_text_by_OBJ; + X509_NAME_hash; + X509_NAME_new; + X509_NAME_oneline; + X509_NAME_print; + X509_NAME_set; + X509_OBJECT_free_contents; + X509_OBJECT_retrieve_by_subject; + X509_OBJECT_up_ref_count; + X509_PKEY_free; + X509_PKEY_new; + X509_PUBKEY_free; + X509_PUBKEY_get; + X509_PUBKEY_new; + X509_PUBKEY_set; + X509_REQ_INFO_free; + X509_REQ_INFO_new; + X509_REQ_dup; + X509_REQ_free; + X509_REQ_get_pubkey; + X509_REQ_new; + X509_REQ_print; + X509_REQ_print_fp; + X509_REQ_set_pubkey; + X509_REQ_set_subject_name; + X509_REQ_set_version; + X509_REQ_sign; + X509_REQ_to_X509; + X509_REQ_verify; + X509_REVOKED_add_ext; + X509_REVOKED_delete_ext; + X509_REVOKED_free; + X509_REVOKED_get_ext; + X509_REVOKED_get_ext_by_NID; + X509_REVOKED_get_ext_by_OBJ; + X509_REVOKED_get_ext_by_critical; + X509_REVOKED_get_ext_by_critic; + X509_REVOKED_get_ext_count; + X509_REVOKED_new; + X509_SIG_free; + X509_SIG_new; + X509_STORE_CTX_cleanup; + X509_STORE_CTX_init; + X509_STORE_add_cert; + X509_STORE_add_lookup; + X509_STORE_free; + X509_STORE_get_by_subject; + X509_STORE_load_locations; + X509_STORE_new; + X509_STORE_set_default_paths; + X509_VAL_free; + X509_VAL_new; + X509_add_ext; + X509_asn1_meth; + X509_certificate_type; + X509_check_private_key; + X509_cmp_current_time; + X509_delete_ext; + X509_digest; + X509_dup; + X509_free; + X509_get_default_cert_area; + X509_get_default_cert_dir; + X509_get_default_cert_dir_env; + X509_get_default_cert_file; + X509_get_default_cert_file_env; + X509_get_default_private_dir; + X509_get_ext; + X509_get_ext_by_NID; + X509_get_ext_by_OBJ; + X509_get_ext_by_critical; + X509_get_ext_count; + X509_get_issuer_name; + X509_get_pubkey; + X509_get_pubkey_parameters; + X509_get_serialNumber; + X509_get_subject_name; + X509_gmtime_adj; + X509_issuer_and_serial_cmp; + X509_issuer_and_serial_hash; + X509_issuer_name_cmp; + X509_issuer_name_hash; + X509_load_cert_file; + X509_new; + X509_print; + X509_print_fp; + X509_set_issuer_name; + X509_set_notAfter; + X509_set_notBefore; + X509_set_pubkey; + X509_set_serialNumber; + X509_set_subject_name; + X509_set_version; + X509_sign; + X509_subject_name_cmp; + X509_subject_name_hash; + X509_to_X509_REQ; + X509_verify; + X509_verify_cert; + X509_verify_cert_error_string; + X509v3_add_ext; + X509v3_add_extension; + X509v3_add_netscape_extensions; + X509v3_add_standard_extensions; + X509v3_cleanup_extensions; + X509v3_data_type_by_NID; + X509v3_data_type_by_OBJ; + X509v3_delete_ext; + X509v3_get_ext; + X509v3_get_ext_by_NID; + X509v3_get_ext_by_OBJ; + X509v3_get_ext_by_critical; + X509v3_get_ext_count; + X509v3_pack_string; + X509v3_pack_type_by_NID; + X509v3_pack_type_by_OBJ; + X509v3_unpack_string; + _des_crypt; + a2d_ASN1_OBJECT; + a2i_ASN1_INTEGER; + a2i_ASN1_STRING; + asn1_Finish; + asn1_GetSequence; + bn_div_words; + bn_expand2; + bn_mul_add_words; + bn_mul_words; + BN_uadd; + BN_usub; + bn_sqr_words; + _ossl_old_crypt; + d2i_ASN1_BIT_STRING; + d2i_ASN1_BOOLEAN; + d2i_ASN1_HEADER; + d2i_ASN1_IA5STRING; + d2i_ASN1_INTEGER; + d2i_ASN1_OBJECT; + d2i_ASN1_OCTET_STRING; + d2i_ASN1_PRINTABLE; + d2i_ASN1_PRINTABLESTRING; + d2i_ASN1_SET; + d2i_ASN1_T61STRING; + d2i_ASN1_TYPE; + d2i_ASN1_UTCTIME; + d2i_ASN1_bytes; + d2i_ASN1_type_bytes; + d2i_DHparams; + d2i_DSAPrivateKey; + d2i_DSAPrivateKey_bio; + d2i_DSAPrivateKey_fp; + d2i_DSAPublicKey; + d2i_DSAparams; + d2i_NETSCAPE_SPKAC; + d2i_NETSCAPE_SPKI; + d2i_Netscape_RSA; + d2i_PKCS7; + d2i_PKCS7_DIGEST; + d2i_PKCS7_ENCRYPT; + d2i_PKCS7_ENC_CONTENT; + d2i_PKCS7_ENVELOPE; + d2i_PKCS7_ISSUER_AND_SERIAL; + d2i_PKCS7_RECIP_INFO; + d2i_PKCS7_SIGNED; + d2i_PKCS7_SIGNER_INFO; + d2i_PKCS7_SIGN_ENVELOPE; + d2i_PKCS7_bio; + d2i_PKCS7_fp; + d2i_PrivateKey; + d2i_PublicKey; + d2i_RSAPrivateKey; + d2i_RSAPrivateKey_bio; + d2i_RSAPrivateKey_fp; + d2i_RSAPublicKey; + d2i_X509; + d2i_X509_ALGOR; + d2i_X509_ATTRIBUTE; + d2i_X509_CINF; + d2i_X509_CRL; + d2i_X509_CRL_INFO; + d2i_X509_CRL_bio; + d2i_X509_CRL_fp; + d2i_X509_EXTENSION; + d2i_X509_NAME; + d2i_X509_NAME_ENTRY; + d2i_X509_PKEY; + d2i_X509_PUBKEY; + d2i_X509_REQ; + d2i_X509_REQ_INFO; + d2i_X509_REQ_bio; + d2i_X509_REQ_fp; + d2i_X509_REVOKED; + d2i_X509_SIG; + d2i_X509_VAL; + d2i_X509_bio; + d2i_X509_fp; + DES_cbc_cksum; + DES_cbc_encrypt; + DES_cblock_print_file; + DES_cfb64_encrypt; + DES_cfb_encrypt; + DES_decrypt3; + DES_ecb3_encrypt; + DES_ecb_encrypt; + DES_ede3_cbc_encrypt; + DES_ede3_cfb64_encrypt; + DES_ede3_ofb64_encrypt; + DES_enc_read; + DES_enc_write; + DES_encrypt1; + DES_encrypt2; + DES_encrypt3; + DES_fcrypt; + DES_is_weak_key; + DES_key_sched; + DES_ncbc_encrypt; + DES_ofb64_encrypt; + DES_ofb_encrypt; + DES_options; + DES_pcbc_encrypt; + DES_quad_cksum; + DES_random_key; + _ossl_old_des_random_seed; + _ossl_old_des_read_2passwords; + _ossl_old_des_read_password; + _ossl_old_des_read_pw; + _ossl_old_des_read_pw_string; + DES_set_key; + DES_set_odd_parity; + DES_string_to_2keys; + DES_string_to_key; + DES_xcbc_encrypt; + DES_xwhite_in2out; + fcrypt_body; + i2a_ASN1_INTEGER; + i2a_ASN1_OBJECT; + i2a_ASN1_STRING; + i2d_ASN1_BIT_STRING; + i2d_ASN1_BOOLEAN; + i2d_ASN1_HEADER; + i2d_ASN1_IA5STRING; + i2d_ASN1_INTEGER; + i2d_ASN1_OBJECT; + i2d_ASN1_OCTET_STRING; + i2d_ASN1_PRINTABLE; + i2d_ASN1_SET; + i2d_ASN1_TYPE; + i2d_ASN1_UTCTIME; + i2d_ASN1_bytes; + i2d_DHparams; + i2d_DSAPrivateKey; + i2d_DSAPrivateKey_bio; + i2d_DSAPrivateKey_fp; + i2d_DSAPublicKey; + i2d_DSAparams; + i2d_NETSCAPE_SPKAC; + i2d_NETSCAPE_SPKI; + i2d_Netscape_RSA; + i2d_PKCS7; + i2d_PKCS7_DIGEST; + i2d_PKCS7_ENCRYPT; + i2d_PKCS7_ENC_CONTENT; + i2d_PKCS7_ENVELOPE; + i2d_PKCS7_ISSUER_AND_SERIAL; + i2d_PKCS7_RECIP_INFO; + i2d_PKCS7_SIGNED; + i2d_PKCS7_SIGNER_INFO; + i2d_PKCS7_SIGN_ENVELOPE; + i2d_PKCS7_bio; + i2d_PKCS7_fp; + i2d_PrivateKey; + i2d_PublicKey; + i2d_RSAPrivateKey; + i2d_RSAPrivateKey_bio; + i2d_RSAPrivateKey_fp; + i2d_RSAPublicKey; + i2d_X509; + i2d_X509_ALGOR; + i2d_X509_ATTRIBUTE; + i2d_X509_CINF; + i2d_X509_CRL; + i2d_X509_CRL_INFO; + i2d_X509_CRL_bio; + i2d_X509_CRL_fp; + i2d_X509_EXTENSION; + i2d_X509_NAME; + i2d_X509_NAME_ENTRY; + i2d_X509_PKEY; + i2d_X509_PUBKEY; + i2d_X509_REQ; + i2d_X509_REQ_INFO; + i2d_X509_REQ_bio; + i2d_X509_REQ_fp; + i2d_X509_REVOKED; + i2d_X509_SIG; + i2d_X509_VAL; + i2d_X509_bio; + i2d_X509_fp; + idea_cbc_encrypt; + idea_cfb64_encrypt; + idea_ecb_encrypt; + idea_encrypt; + idea_ofb64_encrypt; + idea_options; + idea_set_decrypt_key; + idea_set_encrypt_key; + lh_delete; + lh_doall; + lh_doall_arg; + lh_free; + lh_insert; + lh_new; + lh_node_stats; + lh_node_stats_bio; + lh_node_usage_stats; + lh_node_usage_stats_bio; + lh_retrieve; + lh_stats; + lh_stats_bio; + lh_strhash; + sk_delete; + sk_delete_ptr; + sk_dup; + sk_find; + sk_free; + sk_insert; + sk_new; + sk_pop; + sk_pop_free; + sk_push; + sk_set_cmp_func; + sk_shift; + sk_unshift; + sk_zero; + BIO_f_nbio_test; + ASN1_TYPE_get; + ASN1_TYPE_set; + PKCS7_content_free; + ERR_load_PKCS7_strings; + X509_find_by_issuer_and_serial; + X509_find_by_subject; + PKCS7_ctrl; + PKCS7_set_type; + PKCS7_set_content; + PKCS7_SIGNER_INFO_set; + PKCS7_add_signer; + PKCS7_add_certificate; + PKCS7_add_crl; + PKCS7_content_new; + PKCS7_dataSign; + PKCS7_dataVerify; + PKCS7_dataInit; + PKCS7_add_signature; + PKCS7_cert_from_signer_info; + PKCS7_get_signer_info; + EVP_delete_alias; + EVP_mdc2; + PEM_read_bio_RSAPublicKey; + PEM_write_bio_RSAPublicKey; + d2i_RSAPublicKey_bio; + i2d_RSAPublicKey_bio; + PEM_read_RSAPublicKey; + PEM_write_RSAPublicKey; + d2i_RSAPublicKey_fp; + i2d_RSAPublicKey_fp; + BIO_copy_next_retry; + RSA_flags; + X509_STORE_add_crl; + X509_load_crl_file; + EVP_rc2_40_cbc; + EVP_rc4_40; + EVP_CIPHER_CTX_init; + HMAC; + HMAC_Init; + HMAC_Update; + HMAC_Final; + ERR_get_next_error_library; + EVP_PKEY_cmp_parameters; + HMAC_cleanup; + BIO_ptr_ctrl; + BIO_new_file_internal; + BIO_new_fp_internal; + BIO_s_file_internal; + BN_BLINDING_convert; + BN_BLINDING_invert; + BN_BLINDING_update; + RSA_blinding_on; + RSA_blinding_off; + i2t_ASN1_OBJECT; + BN_BLINDING_new; + BN_BLINDING_free; + EVP_cast5_cbc; + EVP_cast5_cfb64; + EVP_cast5_ecb; + EVP_cast5_ofb; + BF_decrypt; + CAST_set_key; + CAST_encrypt; + CAST_decrypt; + CAST_ecb_encrypt; + CAST_cbc_encrypt; + CAST_cfb64_encrypt; + CAST_ofb64_encrypt; + RC2_decrypt; + OBJ_create_objects; + BN_exp; + BN_mul_word; + BN_sub_word; + BN_dec2bn; + BN_bn2dec; + BIO_ghbn_ctrl; + CRYPTO_free_ex_data; + CRYPTO_get_ex_data; + CRYPTO_set_ex_data; + ERR_load_CRYPTO_strings; + ERR_load_CRYPTOlib_strings; + EVP_PKEY_bits; + MD5_Transform; + SHA1_Transform; + SHA_Transform; + X509_STORE_CTX_get_chain; + X509_STORE_CTX_get_current_cert; + X509_STORE_CTX_get_error; + X509_STORE_CTX_get_error_depth; + X509_STORE_CTX_get_ex_data; + X509_STORE_CTX_set_cert; + X509_STORE_CTX_set_chain; + X509_STORE_CTX_set_error; + X509_STORE_CTX_set_ex_data; + CRYPTO_dup_ex_data; + CRYPTO_get_new_lockid; + CRYPTO_new_ex_data; + RSA_set_ex_data; + RSA_get_ex_data; + RSA_get_ex_new_index; + RSA_padding_add_PKCS1_type_1; + RSA_padding_add_PKCS1_type_2; + RSA_padding_add_SSLv23; + RSA_padding_add_none; + RSA_padding_check_PKCS1_type_1; + RSA_padding_check_PKCS1_type_2; + RSA_padding_check_SSLv23; + RSA_padding_check_none; + bn_add_words; + d2i_Netscape_RSA_2; + CRYPTO_get_ex_new_index; + RIPEMD160_Init; + RIPEMD160_Update; + RIPEMD160_Final; + RIPEMD160; + RIPEMD160_Transform; + RC5_32_set_key; + RC5_32_ecb_encrypt; + RC5_32_encrypt; + RC5_32_decrypt; + RC5_32_cbc_encrypt; + RC5_32_cfb64_encrypt; + RC5_32_ofb64_encrypt; + BN_bn2mpi; + BN_mpi2bn; + ASN1_BIT_STRING_get_bit; + ASN1_BIT_STRING_set_bit; + BIO_get_ex_data; + BIO_get_ex_new_index; + BIO_set_ex_data; + X509v3_get_key_usage; + X509v3_set_key_usage; + a2i_X509v3_key_usage; + i2a_X509v3_key_usage; + EVP_PKEY_decrypt; + EVP_PKEY_encrypt; + PKCS7_RECIP_INFO_set; + PKCS7_add_recipient; + PKCS7_add_recipient_info; + PKCS7_set_cipher; + ASN1_TYPE_get_int_octetstring; + ASN1_TYPE_get_octetstring; + ASN1_TYPE_set_int_octetstring; + ASN1_TYPE_set_octetstring; + ASN1_UTCTIME_set_string; + ERR_add_error_data; + ERR_set_error_data; + EVP_CIPHER_asn1_to_param; + EVP_CIPHER_param_to_asn1; + EVP_CIPHER_get_asn1_iv; + EVP_CIPHER_set_asn1_iv; + EVP_rc5_32_12_16_cbc; + EVP_rc5_32_12_16_cfb64; + EVP_rc5_32_12_16_ecb; + EVP_rc5_32_12_16_ofb; + asn1_add_error; + d2i_ASN1_BMPSTRING; + i2d_ASN1_BMPSTRING; + BIO_f_ber; + BN_init; + COMP_CTX_new; + COMP_CTX_free; + COMP_CTX_compress_block; + COMP_CTX_expand_block; + X509_STORE_CTX_get_ex_new_index; + OBJ_NAME_add; + BIO_socket_nbio; + EVP_rc2_64_cbc; + OBJ_NAME_cleanup; + OBJ_NAME_get; + OBJ_NAME_init; + OBJ_NAME_new_index; + OBJ_NAME_remove; + BN_MONT_CTX_copy; + BIO_new_socks4a_connect; + BIO_s_socks4a_connect; + PROXY_set_connect_mode; + RAND_SSLeay; + RAND_set_rand_method; + RSA_memory_lock; + bn_sub_words; + bn_mul_normal; + bn_mul_comba8; + bn_mul_comba4; + bn_sqr_normal; + bn_sqr_comba8; + bn_sqr_comba4; + bn_cmp_words; + bn_mul_recursive; + bn_mul_part_recursive; + bn_sqr_recursive; + bn_mul_low_normal; + BN_RECP_CTX_init; + BN_RECP_CTX_new; + BN_RECP_CTX_free; + BN_RECP_CTX_set; + BN_mod_mul_reciprocal; + BN_mod_exp_recp; + BN_div_recp; + BN_CTX_init; + BN_MONT_CTX_init; + RAND_get_rand_method; + PKCS7_add_attribute; + PKCS7_add_signed_attribute; + PKCS7_digest_from_attributes; + PKCS7_get_attribute; + PKCS7_get_issuer_and_serial; + PKCS7_get_signed_attribute; + COMP_compress_block; + COMP_expand_block; + COMP_rle; + COMP_zlib; + ms_time_diff; + ms_time_new; + ms_time_free; + ms_time_cmp; + ms_time_get; + PKCS7_set_attributes; + PKCS7_set_signed_attributes; + X509_ATTRIBUTE_create; + X509_ATTRIBUTE_dup; + ASN1_GENERALIZEDTIME_check; + ASN1_GENERALIZEDTIME_print; + ASN1_GENERALIZEDTIME_set; + ASN1_GENERALIZEDTIME_set_string; + ASN1_TIME_print; + BASIC_CONSTRAINTS_free; + BASIC_CONSTRAINTS_new; + ERR_load_X509V3_strings; + NETSCAPE_CERT_SEQUENCE_free; + NETSCAPE_CERT_SEQUENCE_new; + OBJ_txt2obj; + PEM_read_NETSCAPE_CERT_SEQUENCE; + PEM_read_NS_CERT_SEQ; + PEM_read_bio_NETSCAPE_CERT_SEQUENCE; + PEM_read_bio_NS_CERT_SEQ; + PEM_write_NETSCAPE_CERT_SEQUENCE; + PEM_write_NS_CERT_SEQ; + PEM_write_bio_NETSCAPE_CERT_SEQUENCE; + PEM_write_bio_NS_CERT_SEQ; + X509V3_EXT_add; + X509V3_EXT_add_alias; + X509V3_EXT_add_conf; + X509V3_EXT_cleanup; + X509V3_EXT_conf; + X509V3_EXT_conf_nid; + X509V3_EXT_get; + X509V3_EXT_get_nid; + X509V3_EXT_print; + X509V3_EXT_print_fp; + X509V3_add_standard_extensions; + X509V3_add_value; + X509V3_add_value_bool; + X509V3_add_value_int; + X509V3_conf_free; + X509V3_get_value_bool; + X509V3_get_value_int; + X509V3_parse_list; + d2i_ASN1_GENERALIZEDTIME; + d2i_ASN1_TIME; + d2i_BASIC_CONSTRAINTS; + d2i_NETSCAPE_CERT_SEQUENCE; + d2i_ext_ku; + ext_ku_free; + ext_ku_new; + i2d_ASN1_GENERALIZEDTIME; + i2d_ASN1_TIME; + i2d_BASIC_CONSTRAINTS; + i2d_NETSCAPE_CERT_SEQUENCE; + i2d_ext_ku; + EVP_MD_CTX_copy; + i2d_ASN1_ENUMERATED; + d2i_ASN1_ENUMERATED; + ASN1_ENUMERATED_set; + ASN1_ENUMERATED_get; + BN_to_ASN1_ENUMERATED; + ASN1_ENUMERATED_to_BN; + i2a_ASN1_ENUMERATED; + a2i_ASN1_ENUMERATED; + i2d_GENERAL_NAME; + d2i_GENERAL_NAME; + GENERAL_NAME_new; + GENERAL_NAME_free; + GENERAL_NAMES_new; + GENERAL_NAMES_free; + d2i_GENERAL_NAMES; + i2d_GENERAL_NAMES; + i2v_GENERAL_NAMES; + i2s_ASN1_OCTET_STRING; + s2i_ASN1_OCTET_STRING; + X509V3_EXT_check_conf; + hex_to_string; + string_to_hex; + DES_ede3_cbcm_encrypt; + RSA_padding_add_PKCS1_OAEP; + RSA_padding_check_PKCS1_OAEP; + X509_CRL_print_fp; + X509_CRL_print; + i2v_GENERAL_NAME; + v2i_GENERAL_NAME; + i2d_PKEY_USAGE_PERIOD; + d2i_PKEY_USAGE_PERIOD; + PKEY_USAGE_PERIOD_new; + PKEY_USAGE_PERIOD_free; + v2i_GENERAL_NAMES; + i2s_ASN1_INTEGER; + X509V3_EXT_d2i; + name_cmp; + str_dup; + i2s_ASN1_ENUMERATED; + i2s_ASN1_ENUMERATED_TABLE; + BIO_s_log; + BIO_f_reliable; + PKCS7_dataFinal; + PKCS7_dataDecode; + X509V3_EXT_CRL_add_conf; + BN_set_params; + BN_get_params; + BIO_get_ex_num; + BIO_set_ex_free_func; + EVP_ripemd160; + ASN1_TIME_set; + i2d_AUTHORITY_KEYID; + d2i_AUTHORITY_KEYID; + AUTHORITY_KEYID_new; + AUTHORITY_KEYID_free; + ASN1_seq_unpack; + ASN1_seq_pack; + ASN1_unpack_string; + ASN1_pack_string; + PKCS12_pack_safebag; + PKCS12_MAKE_KEYBAG; + PKCS8_encrypt; + PKCS12_MAKE_SHKEYBAG; + PKCS12_pack_p7data; + PKCS12_pack_p7encdata; + PKCS12_add_localkeyid; + PKCS12_add_friendlyname_asc; + PKCS12_add_friendlyname_uni; + PKCS12_get_friendlyname; + PKCS12_pbe_crypt; + PKCS12_decrypt_d2i; + PKCS12_i2d_encrypt; + PKCS12_init; + PKCS12_key_gen_asc; + PKCS12_key_gen_uni; + PKCS12_gen_mac; + PKCS12_verify_mac; + PKCS12_set_mac; + PKCS12_setup_mac; + OPENSSL_asc2uni; + OPENSSL_uni2asc; + i2d_PKCS12_BAGS; + PKCS12_BAGS_new; + d2i_PKCS12_BAGS; + PKCS12_BAGS_free; + i2d_PKCS12; + d2i_PKCS12; + PKCS12_new; + PKCS12_free; + i2d_PKCS12_MAC_DATA; + PKCS12_MAC_DATA_new; + d2i_PKCS12_MAC_DATA; + PKCS12_MAC_DATA_free; + i2d_PKCS12_SAFEBAG; + PKCS12_SAFEBAG_new; + d2i_PKCS12_SAFEBAG; + PKCS12_SAFEBAG_free; + ERR_load_PKCS12_strings; + PKCS12_PBE_add; + PKCS8_add_keyusage; + PKCS12_get_attr_gen; + PKCS12_parse; + PKCS12_create; + i2d_PKCS12_bio; + i2d_PKCS12_fp; + d2i_PKCS12_bio; + d2i_PKCS12_fp; + i2d_PBEPARAM; + PBEPARAM_new; + d2i_PBEPARAM; + PBEPARAM_free; + i2d_PKCS8_PRIV_KEY_INFO; + PKCS8_PRIV_KEY_INFO_new; + d2i_PKCS8_PRIV_KEY_INFO; + PKCS8_PRIV_KEY_INFO_free; + EVP_PKCS82PKEY; + EVP_PKEY2PKCS8; + PKCS8_set_broken; + EVP_PBE_ALGOR_CipherInit; + EVP_PBE_alg_add; + PKCS5_pbe_set; + EVP_PBE_cleanup; + i2d_SXNET; + d2i_SXNET; + SXNET_new; + SXNET_free; + i2d_SXNETID; + d2i_SXNETID; + SXNETID_new; + SXNETID_free; + DSA_SIG_new; + DSA_SIG_free; + DSA_do_sign; + DSA_do_verify; + d2i_DSA_SIG; + i2d_DSA_SIG; + i2d_ASN1_VISIBLESTRING; + d2i_ASN1_VISIBLESTRING; + i2d_ASN1_UTF8STRING; + d2i_ASN1_UTF8STRING; + i2d_DIRECTORYSTRING; + d2i_DIRECTORYSTRING; + i2d_DISPLAYTEXT; + d2i_DISPLAYTEXT; + d2i_ASN1_SET_OF_X509; + i2d_ASN1_SET_OF_X509; + i2d_PBKDF2PARAM; + PBKDF2PARAM_new; + d2i_PBKDF2PARAM; + PBKDF2PARAM_free; + i2d_PBE2PARAM; + PBE2PARAM_new; + d2i_PBE2PARAM; + PBE2PARAM_free; + d2i_ASN1_SET_OF_GENERAL_NAME; + i2d_ASN1_SET_OF_GENERAL_NAME; + d2i_ASN1_SET_OF_SXNETID; + i2d_ASN1_SET_OF_SXNETID; + d2i_ASN1_SET_OF_POLICYQUALINFO; + i2d_ASN1_SET_OF_POLICYQUALINFO; + d2i_ASN1_SET_OF_POLICYINFO; + i2d_ASN1_SET_OF_POLICYINFO; + SXNET_add_id_asc; + SXNET_add_id_ulong; + SXNET_add_id_INTEGER; + SXNET_get_id_asc; + SXNET_get_id_ulong; + SXNET_get_id_INTEGER; + X509V3_set_conf_lhash; + i2d_CERTIFICATEPOLICIES; + CERTIFICATEPOLICIES_new; + CERTIFICATEPOLICIES_free; + d2i_CERTIFICATEPOLICIES; + i2d_POLICYINFO; + POLICYINFO_new; + d2i_POLICYINFO; + POLICYINFO_free; + i2d_POLICYQUALINFO; + POLICYQUALINFO_new; + d2i_POLICYQUALINFO; + POLICYQUALINFO_free; + i2d_USERNOTICE; + USERNOTICE_new; + d2i_USERNOTICE; + USERNOTICE_free; + i2d_NOTICEREF; + NOTICEREF_new; + d2i_NOTICEREF; + NOTICEREF_free; + X509V3_get_string; + X509V3_get_section; + X509V3_string_free; + X509V3_section_free; + X509V3_set_ctx; + s2i_ASN1_INTEGER; + CRYPTO_set_locked_mem_functions; + CRYPTO_get_locked_mem_functions; + CRYPTO_malloc_locked; + CRYPTO_free_locked; + BN_mod_exp2_mont; + ERR_get_error_line_data; + ERR_peek_error_line_data; + PKCS12_PBE_keyivgen; + X509_ALGOR_dup; + d2i_ASN1_SET_OF_DIST_POINT; + i2d_ASN1_SET_OF_DIST_POINT; + i2d_CRL_DIST_POINTS; + CRL_DIST_POINTS_new; + CRL_DIST_POINTS_free; + d2i_CRL_DIST_POINTS; + i2d_DIST_POINT; + DIST_POINT_new; + d2i_DIST_POINT; + DIST_POINT_free; + i2d_DIST_POINT_NAME; + DIST_POINT_NAME_new; + DIST_POINT_NAME_free; + d2i_DIST_POINT_NAME; + X509V3_add_value_uchar; + d2i_ASN1_SET_OF_X509_ATTRIBUTE; + i2d_ASN1_SET_OF_ASN1_TYPE; + d2i_ASN1_SET_OF_X509_EXTENSION; + d2i_ASN1_SET_OF_X509_NAME_ENTRY; + d2i_ASN1_SET_OF_ASN1_TYPE; + i2d_ASN1_SET_OF_X509_ATTRIBUTE; + i2d_ASN1_SET_OF_X509_EXTENSION; + i2d_ASN1_SET_OF_X509_NAME_ENTRY; + X509V3_EXT_i2d; + X509V3_EXT_val_prn; + X509V3_EXT_add_list; + EVP_CIPHER_type; + EVP_PBE_CipherInit; + X509V3_add_value_bool_nf; + d2i_ASN1_UINTEGER; + sk_value; + sk_num; + sk_set; + i2d_ASN1_SET_OF_X509_REVOKED; + sk_sort; + d2i_ASN1_SET_OF_X509_REVOKED; + i2d_ASN1_SET_OF_X509_ALGOR; + i2d_ASN1_SET_OF_X509_CRL; + d2i_ASN1_SET_OF_X509_ALGOR; + d2i_ASN1_SET_OF_X509_CRL; + i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO; + i2d_ASN1_SET_OF_PKCS7_RECIP_INFO; + d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO; + d2i_ASN1_SET_OF_PKCS7_RECIP_INFO; + PKCS5_PBE_add; + PEM_write_bio_PKCS8; + i2d_PKCS8_fp; + PEM_read_bio_PKCS8_PRIV_KEY_INFO; + PEM_read_bio_P8_PRIV_KEY_INFO; + d2i_PKCS8_bio; + d2i_PKCS8_PRIV_KEY_INFO_fp; + PEM_write_bio_PKCS8_PRIV_KEY_INFO; + PEM_write_bio_P8_PRIV_KEY_INFO; + PEM_read_PKCS8; + d2i_PKCS8_PRIV_KEY_INFO_bio; + d2i_PKCS8_fp; + PEM_write_PKCS8; + PEM_read_PKCS8_PRIV_KEY_INFO; + PEM_read_P8_PRIV_KEY_INFO; + PEM_read_bio_PKCS8; + PEM_write_PKCS8_PRIV_KEY_INFO; + PEM_write_P8_PRIV_KEY_INFO; + PKCS5_PBE_keyivgen; + i2d_PKCS8_bio; + i2d_PKCS8_PRIV_KEY_INFO_fp; + i2d_PKCS8_PRIV_KEY_INFO_bio; + BIO_s_bio; + PKCS5_pbe2_set; + PKCS5_PBKDF2_HMAC_SHA1; + PKCS5_v2_PBE_keyivgen; + PEM_write_bio_PKCS8PrivateKey; + PEM_write_PKCS8PrivateKey; + BIO_ctrl_get_read_request; + BIO_ctrl_pending; + BIO_ctrl_wpending; + BIO_new_bio_pair; + BIO_ctrl_get_write_guarantee; + CRYPTO_num_locks; + CONF_load_bio; + CONF_load_fp; + i2d_ASN1_SET_OF_ASN1_OBJECT; + d2i_ASN1_SET_OF_ASN1_OBJECT; + PKCS7_signatureVerify; + RSA_set_method; + RSA_get_method; + RSA_get_default_method; + RSA_check_key; + OBJ_obj2txt; + DSA_dup_DH; + X509_REQ_get_extensions; + X509_REQ_set_extension_nids; + BIO_nwrite; + X509_REQ_extension_nid; + BIO_nread; + X509_REQ_get_extension_nids; + BIO_nwrite0; + X509_REQ_add_extensions_nid; + BIO_nread0; + X509_REQ_add_extensions; + BIO_new_mem_buf; + DH_set_ex_data; + DH_set_method; + DSA_OpenSSL; + DH_get_ex_data; + DH_get_ex_new_index; + DSA_new_method; + DH_new_method; + DH_OpenSSL; + DSA_get_ex_new_index; + DH_get_default_method; + DSA_set_ex_data; + DH_set_default_method; + DSA_get_ex_data; + X509V3_EXT_REQ_add_conf; + NETSCAPE_SPKI_print; + NETSCAPE_SPKI_set_pubkey; + NETSCAPE_SPKI_b64_encode; + NETSCAPE_SPKI_get_pubkey; + NETSCAPE_SPKI_b64_decode; + UTF8_putc; + UTF8_getc; + RSA_null_method; + ASN1_tag2str; + BIO_ctrl_reset_read_request; + DISPLAYTEXT_new; + ASN1_GENERALIZEDTIME_free; + X509_REVOKED_get_ext_d2i; + X509_set_ex_data; + X509_reject_set_bit_asc; + X509_NAME_add_entry_by_txt; + X509_NAME_add_entry_by_NID; + X509_PURPOSE_get0; + PEM_read_X509_AUX; + d2i_AUTHORITY_INFO_ACCESS; + PEM_write_PUBKEY; + ACCESS_DESCRIPTION_new; + X509_CERT_AUX_free; + d2i_ACCESS_DESCRIPTION; + X509_trust_clear; + X509_TRUST_add; + ASN1_VISIBLESTRING_new; + X509_alias_set1; + ASN1_PRINTABLESTRING_free; + EVP_PKEY_get1_DSA; + ASN1_BMPSTRING_new; + ASN1_mbstring_copy; + ASN1_UTF8STRING_new; + DSA_get_default_method; + i2d_ASN1_SET_OF_ACCESS_DESCRIPTION; + ASN1_T61STRING_free; + DSA_set_method; + X509_get_ex_data; + ASN1_STRING_type; + X509_PURPOSE_get_by_sname; + ASN1_TIME_free; + ASN1_OCTET_STRING_cmp; + ASN1_BIT_STRING_new; + X509_get_ext_d2i; + PEM_read_bio_X509_AUX; + ASN1_STRING_set_default_mask_asc; + ASN1_STRING_set_def_mask_asc; + PEM_write_bio_RSA_PUBKEY; + ASN1_INTEGER_cmp; + d2i_RSA_PUBKEY_fp; + X509_trust_set_bit_asc; + PEM_write_bio_DSA_PUBKEY; + X509_STORE_CTX_free; + EVP_PKEY_set1_DSA; + i2d_DSA_PUBKEY_fp; + X509_load_cert_crl_file; + ASN1_TIME_new; + i2d_RSA_PUBKEY; + X509_STORE_CTX_purpose_inherit; + PEM_read_RSA_PUBKEY; + d2i_X509_AUX; + i2d_DSA_PUBKEY; + X509_CERT_AUX_print; + PEM_read_DSA_PUBKEY; + i2d_RSA_PUBKEY_bio; + ASN1_BIT_STRING_num_asc; + i2d_PUBKEY; + ASN1_UTCTIME_free; + DSA_set_default_method; + X509_PURPOSE_get_by_id; + ACCESS_DESCRIPTION_free; + PEM_read_bio_PUBKEY; + ASN1_STRING_set_by_NID; + X509_PURPOSE_get_id; + DISPLAYTEXT_free; + OTHERNAME_new; + X509_CERT_AUX_new; + X509_TRUST_cleanup; + X509_NAME_add_entry_by_OBJ; + X509_CRL_get_ext_d2i; + X509_PURPOSE_get0_name; + PEM_read_PUBKEY; + i2d_DSA_PUBKEY_bio; + i2d_OTHERNAME; + ASN1_OCTET_STRING_free; + ASN1_BIT_STRING_set_asc; + X509_get_ex_new_index; + ASN1_STRING_TABLE_cleanup; + X509_TRUST_get_by_id; + X509_PURPOSE_get_trust; + ASN1_STRING_length; + d2i_ASN1_SET_OF_ACCESS_DESCRIPTION; + ASN1_PRINTABLESTRING_new; + X509V3_get_d2i; + ASN1_ENUMERATED_free; + i2d_X509_CERT_AUX; + X509_STORE_CTX_set_trust; + ASN1_STRING_set_default_mask; + X509_STORE_CTX_new; + EVP_PKEY_get1_RSA; + DIRECTORYSTRING_free; + PEM_write_X509_AUX; + ASN1_OCTET_STRING_set; + d2i_DSA_PUBKEY_fp; + d2i_RSA_PUBKEY; + X509_TRUST_get0_name; + X509_TRUST_get0; + AUTHORITY_INFO_ACCESS_free; + ASN1_IA5STRING_new; + d2i_DSA_PUBKEY; + X509_check_purpose; + ASN1_ENUMERATED_new; + d2i_RSA_PUBKEY_bio; + d2i_PUBKEY; + X509_TRUST_get_trust; + X509_TRUST_get_flags; + ASN1_BMPSTRING_free; + ASN1_T61STRING_new; + ASN1_UTCTIME_new; + i2d_AUTHORITY_INFO_ACCESS; + EVP_PKEY_set1_RSA; + X509_STORE_CTX_set_purpose; + ASN1_IA5STRING_free; + PEM_write_bio_X509_AUX; + X509_PURPOSE_get_count; + CRYPTO_add_info; + X509_NAME_ENTRY_create_by_txt; + ASN1_STRING_get_default_mask; + X509_alias_get0; + ASN1_STRING_data; + i2d_ACCESS_DESCRIPTION; + X509_trust_set_bit; + ASN1_BIT_STRING_free; + PEM_read_bio_RSA_PUBKEY; + X509_add1_reject_object; + X509_check_trust; + PEM_read_bio_DSA_PUBKEY; + X509_PURPOSE_add; + ASN1_STRING_TABLE_get; + ASN1_UTF8STRING_free; + d2i_DSA_PUBKEY_bio; + PEM_write_RSA_PUBKEY; + d2i_OTHERNAME; + X509_reject_set_bit; + PEM_write_DSA_PUBKEY; + X509_PURPOSE_get0_sname; + EVP_PKEY_set1_DH; + ASN1_OCTET_STRING_dup; + ASN1_BIT_STRING_set; + X509_TRUST_get_count; + ASN1_INTEGER_free; + OTHERNAME_free; + i2d_RSA_PUBKEY_fp; + ASN1_INTEGER_dup; + d2i_X509_CERT_AUX; + PEM_write_bio_PUBKEY; + ASN1_VISIBLESTRING_free; + X509_PURPOSE_cleanup; + ASN1_mbstring_ncopy; + ASN1_GENERALIZEDTIME_new; + EVP_PKEY_get1_DH; + ASN1_OCTET_STRING_new; + ASN1_INTEGER_new; + i2d_X509_AUX; + ASN1_BIT_STRING_name_print; + X509_cmp; + ASN1_STRING_length_set; + DIRECTORYSTRING_new; + X509_add1_trust_object; + PKCS12_newpass; + SMIME_write_PKCS7; + SMIME_read_PKCS7; + DES_set_key_checked; + PKCS7_verify; + PKCS7_encrypt; + DES_set_key_unchecked; + SMIME_crlf_copy; + i2d_ASN1_PRINTABLESTRING; + PKCS7_get0_signers; + PKCS7_decrypt; + SMIME_text; + PKCS7_simple_smimecap; + PKCS7_get_smimecap; + PKCS7_sign; + PKCS7_add_attrib_smimecap; + CRYPTO_dbg_set_options; + CRYPTO_remove_all_info; + CRYPTO_get_mem_debug_functions; + CRYPTO_is_mem_check_on; + CRYPTO_set_mem_debug_functions; + CRYPTO_pop_info; + CRYPTO_push_info_; + CRYPTO_set_mem_debug_options; + PEM_write_PKCS8PrivateKey_nid; + PEM_write_bio_PKCS8PrivateKey_nid; + PEM_write_bio_PKCS8PrivKey_nid; + d2i_PKCS8PrivateKey_bio; + ASN1_NULL_free; + d2i_ASN1_NULL; + ASN1_NULL_new; + i2d_PKCS8PrivateKey_bio; + i2d_PKCS8PrivateKey_fp; + i2d_ASN1_NULL; + i2d_PKCS8PrivateKey_nid_fp; + d2i_PKCS8PrivateKey_fp; + i2d_PKCS8PrivateKey_nid_bio; + i2d_PKCS8PrivateKeyInfo_fp; + i2d_PKCS8PrivateKeyInfo_bio; + PEM_cb; + i2d_PrivateKey_fp; + d2i_PrivateKey_bio; + d2i_PrivateKey_fp; + i2d_PrivateKey_bio; + X509_reject_clear; + X509_TRUST_set_default; + d2i_AutoPrivateKey; + X509_ATTRIBUTE_get0_type; + X509_ATTRIBUTE_set1_data; + X509at_get_attr; + X509at_get_attr_count; + X509_ATTRIBUTE_create_by_NID; + X509_ATTRIBUTE_set1_object; + X509_ATTRIBUTE_count; + X509_ATTRIBUTE_create_by_OBJ; + X509_ATTRIBUTE_get0_object; + X509at_get_attr_by_NID; + X509at_add1_attr; + X509_ATTRIBUTE_get0_data; + X509at_delete_attr; + X509at_get_attr_by_OBJ; + RAND_add; + BIO_number_written; + BIO_number_read; + X509_STORE_CTX_get1_chain; + ERR_load_RAND_strings; + RAND_pseudo_bytes; + X509_REQ_get_attr_by_NID; + X509_REQ_get_attr; + X509_REQ_add1_attr_by_NID; + X509_REQ_get_attr_by_OBJ; + X509at_add1_attr_by_NID; + X509_REQ_add1_attr_by_OBJ; + X509_REQ_get_attr_count; + X509_REQ_add1_attr; + X509_REQ_delete_attr; + X509at_add1_attr_by_OBJ; + X509_REQ_add1_attr_by_txt; + X509_ATTRIBUTE_create_by_txt; + X509at_add1_attr_by_txt; + BN_pseudo_rand; + BN_is_prime_fasttest; + BN_CTX_end; + BN_CTX_start; + BN_CTX_get; + EVP_PKEY2PKCS8_broken; + ASN1_STRING_TABLE_add; + CRYPTO_dbg_get_options; + AUTHORITY_INFO_ACCESS_new; + CRYPTO_get_mem_debug_options; + DES_crypt; + PEM_write_bio_X509_REQ_NEW; + PEM_write_X509_REQ_NEW; + BIO_callback_ctrl; + RAND_egd; + RAND_status; + bn_dump1; + DES_check_key_parity; + lh_num_items; + RAND_event; + DSO_new; + DSO_new_method; + DSO_free; + DSO_flags; + DSO_up; + DSO_set_default_method; + DSO_get_default_method; + DSO_get_method; + DSO_set_method; + DSO_load; + DSO_bind_var; + DSO_METHOD_null; + DSO_METHOD_openssl; + DSO_METHOD_dlfcn; + DSO_METHOD_win32; + ERR_load_DSO_strings; + DSO_METHOD_dl; + NCONF_load; + NCONF_load_fp; + NCONF_new; + NCONF_get_string; + NCONF_free; + NCONF_get_number; + CONF_dump_fp; + NCONF_load_bio; + NCONF_dump_fp; + NCONF_get_section; + NCONF_dump_bio; + CONF_dump_bio; + NCONF_free_data; + CONF_set_default_method; + ERR_error_string_n; + BIO_snprintf; + DSO_ctrl; + i2d_ASN1_SET_OF_ASN1_INTEGER; + i2d_ASN1_SET_OF_PKCS12_SAFEBAG; + i2d_ASN1_SET_OF_PKCS7; + BIO_vfree; + d2i_ASN1_SET_OF_ASN1_INTEGER; + d2i_ASN1_SET_OF_PKCS12_SAFEBAG; + ASN1_UTCTIME_get; + X509_REQ_digest; + X509_CRL_digest; + d2i_ASN1_SET_OF_PKCS7; + EVP_CIPHER_CTX_set_key_length; + EVP_CIPHER_CTX_ctrl; + BN_mod_exp_mont_word; + RAND_egd_bytes; + X509_REQ_get1_email; + X509_get1_email; + X509_email_free; + i2d_RSA_NET; + d2i_RSA_NET_2; + d2i_RSA_NET; + DSO_bind_func; + CRYPTO_get_new_dynlockid; + sk_new_null; + CRYPTO_set_dynlock_destroy_callback; + CRYPTO_set_dynlock_destroy_cb; + CRYPTO_destroy_dynlockid; + CRYPTO_set_dynlock_size; + CRYPTO_set_dynlock_create_callback; + CRYPTO_set_dynlock_create_cb; + CRYPTO_set_dynlock_lock_callback; + CRYPTO_set_dynlock_lock_cb; + CRYPTO_get_dynlock_lock_callback; + CRYPTO_get_dynlock_lock_cb; + CRYPTO_get_dynlock_destroy_callback; + CRYPTO_get_dynlock_destroy_cb; + CRYPTO_get_dynlock_value; + CRYPTO_get_dynlock_create_callback; + CRYPTO_get_dynlock_create_cb; + c2i_ASN1_BIT_STRING; + i2c_ASN1_BIT_STRING; + RAND_poll; + c2i_ASN1_INTEGER; + i2c_ASN1_INTEGER; + BIO_dump_indent; + ASN1_parse_dump; + c2i_ASN1_OBJECT; + X509_NAME_print_ex_fp; + ASN1_STRING_print_ex_fp; + X509_NAME_print_ex; + ASN1_STRING_print_ex; + MD4; + MD4_Transform; + MD4_Final; + MD4_Update; + MD4_Init; + EVP_md4; + i2d_PUBKEY_bio; + i2d_PUBKEY_fp; + d2i_PUBKEY_bio; + ASN1_STRING_to_UTF8; + BIO_vprintf; + BIO_vsnprintf; + d2i_PUBKEY_fp; + X509_cmp_time; + X509_STORE_CTX_set_time; + X509_STORE_CTX_get1_issuer; + X509_OBJECT_retrieve_match; + X509_OBJECT_idx_by_subject; + X509_STORE_CTX_set_flags; + X509_STORE_CTX_trusted_stack; + X509_time_adj; + X509_check_issued; + ASN1_UTCTIME_cmp_time_t; + DES_set_weak_key_flag; + DES_check_key; + DES_rw_mode; + RSA_PKCS1_RSAref; + X509_keyid_set1; + BIO_next; + DSO_METHOD_vms; + BIO_f_linebuffer; + BN_bntest_rand; + OPENSSL_issetugid; + BN_rand_range; + ERR_load_ENGINE_strings; + ENGINE_set_DSA; + ENGINE_get_finish_function; + ENGINE_get_default_RSA; + ENGINE_get_BN_mod_exp; + DSA_get_default_openssl_method; + ENGINE_set_DH; + ENGINE_set_def_BN_mod_exp_crt; + ENGINE_set_default_BN_mod_exp_crt; + ENGINE_init; + DH_get_default_openssl_method; + RSA_set_default_openssl_method; + ENGINE_finish; + ENGINE_load_public_key; + ENGINE_get_DH; + ENGINE_ctrl; + ENGINE_get_init_function; + ENGINE_set_init_function; + ENGINE_set_default_DSA; + ENGINE_get_name; + ENGINE_get_last; + ENGINE_get_prev; + ENGINE_get_default_DH; + ENGINE_get_RSA; + ENGINE_set_default; + ENGINE_get_RAND; + ENGINE_get_first; + ENGINE_by_id; + ENGINE_set_finish_function; + ENGINE_get_def_BN_mod_exp_crt; + ENGINE_get_default_BN_mod_exp_crt; + RSA_get_default_openssl_method; + ENGINE_set_RSA; + ENGINE_load_private_key; + ENGINE_set_default_RAND; + ENGINE_set_BN_mod_exp; + ENGINE_remove; + ENGINE_free; + ENGINE_get_BN_mod_exp_crt; + ENGINE_get_next; + ENGINE_set_name; + ENGINE_get_default_DSA; + ENGINE_set_default_BN_mod_exp; + ENGINE_set_default_RSA; + ENGINE_get_default_RAND; + ENGINE_get_default_BN_mod_exp; + ENGINE_set_RAND; + ENGINE_set_id; + ENGINE_set_BN_mod_exp_crt; + ENGINE_set_default_DH; + ENGINE_new; + ENGINE_get_id; + DSA_set_default_openssl_method; + ENGINE_add; + DH_set_default_openssl_method; + ENGINE_get_DSA; + ENGINE_get_ctrl_function; + ENGINE_set_ctrl_function; + BN_pseudo_rand_range; + X509_STORE_CTX_set_verify_cb; + ERR_load_COMP_strings; + PKCS12_item_decrypt_d2i; + ASN1_UTF8STRING_it; + ASN1_UTF8STRING_it; + ENGINE_unregister_ciphers; + ENGINE_get_ciphers; + d2i_OCSP_BASICRESP; + KRB5_CHECKSUM_it; + KRB5_CHECKSUM_it; + EC_POINT_add; + ASN1_item_ex_i2d; + OCSP_CERTID_it; + OCSP_CERTID_it; + d2i_OCSP_RESPBYTES; + X509V3_add1_i2d; + PKCS7_ENVELOPE_it; + PKCS7_ENVELOPE_it; + UI_add_input_boolean; + ENGINE_unregister_RSA; + X509V3_EXT_nconf; + ASN1_GENERALSTRING_free; + d2i_OCSP_CERTSTATUS; + X509_REVOKED_set_serialNumber; + X509_print_ex; + OCSP_ONEREQ_get1_ext_d2i; + ENGINE_register_all_RAND; + ENGINE_load_dynamic; + PBKDF2PARAM_it; + PBKDF2PARAM_it; + EXTENDED_KEY_USAGE_new; + EC_GROUP_clear_free; + OCSP_sendreq_bio; + ASN1_item_digest; + OCSP_BASICRESP_delete_ext; + OCSP_SIGNATURE_it; + OCSP_SIGNATURE_it; + X509_CRL_it; + X509_CRL_it; + OCSP_BASICRESP_add_ext; + KRB5_ENCKEY_it; + KRB5_ENCKEY_it; + UI_method_set_closer; + X509_STORE_set_purpose; + i2d_ASN1_GENERALSTRING; + OCSP_response_status; + i2d_OCSP_SERVICELOC; + ENGINE_get_digest_engine; + EC_GROUP_set_curve_GFp; + OCSP_REQUEST_get_ext_by_OBJ; + _ossl_old_des_random_key; + ASN1_T61STRING_it; + ASN1_T61STRING_it; + EC_GROUP_method_of; + i2d_KRB5_APREQ; + _ossl_old_des_encrypt; + ASN1_PRINTABLE_new; + HMAC_Init_ex; + d2i_KRB5_AUTHENT; + OCSP_archive_cutoff_new; + EC_POINT_set_Jprojective_coordinates_GFp; + EC_POINT_set_Jproj_coords_GFp; + _ossl_old_des_is_weak_key; + OCSP_BASICRESP_get_ext_by_OBJ; + EC_POINT_oct2point; + OCSP_SINGLERESP_get_ext_count; + UI_ctrl; + _shadow_DES_rw_mode; + _shadow_DES_rw_mode; + asn1_do_adb; + ASN1_template_i2d; + ENGINE_register_DH; + UI_construct_prompt; + X509_STORE_set_trust; + UI_dup_input_string; + d2i_KRB5_APREQ; + EVP_MD_CTX_copy_ex; + OCSP_request_is_signed; + i2d_OCSP_REQINFO; + KRB5_ENCKEY_free; + OCSP_resp_get0; + GENERAL_NAME_it; + GENERAL_NAME_it; + ASN1_GENERALIZEDTIME_it; + ASN1_GENERALIZEDTIME_it; + X509_STORE_set_flags; + EC_POINT_set_compressed_coordinates_GFp; + EC_POINT_set_compr_coords_GFp; + OCSP_response_status_str; + d2i_OCSP_REVOKEDINFO; + OCSP_basic_add1_cert; + ERR_get_implementation; + EVP_CipherFinal_ex; + OCSP_CERTSTATUS_new; + CRYPTO_cleanup_all_ex_data; + OCSP_resp_find; + BN_nnmod; + X509_CRL_sort; + X509_REVOKED_set_revocationDate; + ENGINE_register_RAND; + OCSP_SERVICELOC_new; + EC_POINT_set_affine_coordinates_GFp; + EC_POINT_set_affine_coords_GFp; + _ossl_old_des_options; + SXNET_it; + SXNET_it; + UI_dup_input_boolean; + PKCS12_add_CSPName_asc; + EC_POINT_is_at_infinity; + ENGINE_load_cryptodev; + DSO_convert_filename; + POLICYQUALINFO_it; + POLICYQUALINFO_it; + ENGINE_register_ciphers; + BN_mod_lshift_quick; + DSO_set_filename; + ASN1_item_free; + KRB5_TKTBODY_free; + AUTHORITY_KEYID_it; + AUTHORITY_KEYID_it; + KRB5_APREQBODY_new; + X509V3_EXT_REQ_add_nconf; + ENGINE_ctrl_cmd_string; + i2d_OCSP_RESPDATA; + EVP_MD_CTX_init; + EXTENDED_KEY_USAGE_free; + PKCS7_ATTR_SIGN_it; + PKCS7_ATTR_SIGN_it; + UI_add_error_string; + KRB5_CHECKSUM_free; + OCSP_REQUEST_get_ext; + ENGINE_load_ubsec; + ENGINE_register_all_digests; + PKEY_USAGE_PERIOD_it; + PKEY_USAGE_PERIOD_it; + PKCS12_unpack_authsafes; + ASN1_item_unpack; + NETSCAPE_SPKAC_it; + NETSCAPE_SPKAC_it; + X509_REVOKED_it; + X509_REVOKED_it; + ASN1_STRING_encode; + EVP_aes_128_ecb; + KRB5_AUTHENT_free; + OCSP_BASICRESP_get_ext_by_critical; + OCSP_BASICRESP_get_ext_by_crit; + OCSP_cert_status_str; + d2i_OCSP_REQUEST; + UI_dup_info_string; + _ossl_old_des_xwhite_in2out; + PKCS12_it; + PKCS12_it; + OCSP_SINGLERESP_get_ext_by_critical; + OCSP_SINGLERESP_get_ext_by_crit; + OCSP_CERTSTATUS_free; + _ossl_old_des_crypt; + ASN1_item_i2d; + EVP_DecryptFinal_ex; + ENGINE_load_openssl; + ENGINE_get_cmd_defns; + ENGINE_set_load_privkey_function; + ENGINE_set_load_privkey_fn; + EVP_EncryptFinal_ex; + ENGINE_set_default_digests; + X509_get0_pubkey_bitstr; + asn1_ex_i2c; + ENGINE_register_RSA; + ENGINE_unregister_DSA; + _ossl_old_des_key_sched; + X509_EXTENSION_it; + X509_EXTENSION_it; + i2d_KRB5_AUTHENT; + SXNETID_it; + SXNETID_it; + d2i_OCSP_SINGLERESP; + EDIPARTYNAME_new; + PKCS12_certbag2x509; + _ossl_old_des_ofb64_encrypt; + d2i_EXTENDED_KEY_USAGE; + ERR_print_errors_cb; + ENGINE_set_ciphers; + d2i_KRB5_APREQBODY; + UI_method_get_flusher; + X509_PUBKEY_it; + X509_PUBKEY_it; + _ossl_old_des_enc_read; + PKCS7_ENCRYPT_it; + PKCS7_ENCRYPT_it; + i2d_OCSP_RESPONSE; + EC_GROUP_get_cofactor; + PKCS12_unpack_p7data; + d2i_KRB5_AUTHDATA; + OCSP_copy_nonce; + KRB5_AUTHDATA_new; + OCSP_RESPDATA_new; + EC_GFp_mont_method; + OCSP_REVOKEDINFO_free; + UI_get_ex_data; + KRB5_APREQBODY_free; + EC_GROUP_get0_generator; + UI_get_default_method; + X509V3_set_nconf; + PKCS12_item_i2d_encrypt; + X509_add1_ext_i2d; + PKCS7_SIGNER_INFO_it; + PKCS7_SIGNER_INFO_it; + KRB5_PRINCNAME_new; + PKCS12_SAFEBAG_it; + PKCS12_SAFEBAG_it; + EC_GROUP_get_order; + d2i_OCSP_RESPID; + OCSP_request_verify; + NCONF_get_number_e; + _ossl_old_des_decrypt3; + X509_signature_print; + OCSP_SINGLERESP_free; + ENGINE_load_builtin_engines; + i2d_OCSP_ONEREQ; + OCSP_REQUEST_add_ext; + OCSP_RESPBYTES_new; + EVP_MD_CTX_create; + OCSP_resp_find_status; + X509_ALGOR_it; + X509_ALGOR_it; + ASN1_TIME_it; + ASN1_TIME_it; + OCSP_request_set1_name; + OCSP_ONEREQ_get_ext_count; + UI_get0_result; + PKCS12_AUTHSAFES_it; + PKCS12_AUTHSAFES_it; + EVP_aes_256_ecb; + PKCS12_pack_authsafes; + ASN1_IA5STRING_it; + ASN1_IA5STRING_it; + UI_get_input_flags; + EC_GROUP_set_generator; + _ossl_old_des_string_to_2keys; + OCSP_CERTID_free; + X509_CERT_AUX_it; + X509_CERT_AUX_it; + CERTIFICATEPOLICIES_it; + CERTIFICATEPOLICIES_it; + _ossl_old_des_ede3_cbc_encrypt; + RAND_set_rand_engine; + DSO_get_loaded_filename; + X509_ATTRIBUTE_it; + X509_ATTRIBUTE_it; + OCSP_ONEREQ_get_ext_by_NID; + PKCS12_decrypt_skey; + KRB5_AUTHENT_it; + KRB5_AUTHENT_it; + UI_dup_error_string; + RSAPublicKey_it; + RSAPublicKey_it; + i2d_OCSP_REQUEST; + PKCS12_x509crl2certbag; + OCSP_SERVICELOC_it; + OCSP_SERVICELOC_it; + ASN1_item_sign; + X509_CRL_set_issuer_name; + OBJ_NAME_do_all_sorted; + i2d_OCSP_BASICRESP; + i2d_OCSP_RESPBYTES; + PKCS12_unpack_p7encdata; + HMAC_CTX_init; + ENGINE_get_digest; + OCSP_RESPONSE_print; + KRB5_TKTBODY_it; + KRB5_TKTBODY_it; + ACCESS_DESCRIPTION_it; + ACCESS_DESCRIPTION_it; + PKCS7_ISSUER_AND_SERIAL_it; + PKCS7_ISSUER_AND_SERIAL_it; + PBE2PARAM_it; + PBE2PARAM_it; + PKCS12_certbag2x509crl; + PKCS7_SIGNED_it; + PKCS7_SIGNED_it; + ENGINE_get_cipher; + i2d_OCSP_CRLID; + OCSP_SINGLERESP_new; + ENGINE_cmd_is_executable; + RSA_up_ref; + ASN1_GENERALSTRING_it; + ASN1_GENERALSTRING_it; + ENGINE_register_DSA; + X509V3_EXT_add_nconf_sk; + ENGINE_set_load_pubkey_function; + PKCS8_decrypt; + PEM_bytes_read_bio; + DIRECTORYSTRING_it; + DIRECTORYSTRING_it; + d2i_OCSP_CRLID; + EC_POINT_is_on_curve; + CRYPTO_set_locked_mem_ex_functions; + CRYPTO_set_locked_mem_ex_funcs; + d2i_KRB5_CHECKSUM; + ASN1_item_dup; + X509_it; + X509_it; + BN_mod_add; + KRB5_AUTHDATA_free; + _ossl_old_des_cbc_cksum; + ASN1_item_verify; + CRYPTO_set_mem_ex_functions; + EC_POINT_get_Jprojective_coordinates_GFp; + EC_POINT_get_Jproj_coords_GFp; + ZLONG_it; + ZLONG_it; + CRYPTO_get_locked_mem_ex_functions; + CRYPTO_get_locked_mem_ex_funcs; + ASN1_TIME_check; + UI_get0_user_data; + HMAC_CTX_cleanup; + DSA_up_ref; + _ossl_old_des_ede3_cfb64_encrypt; + _ossl_odes_ede3_cfb64_encrypt; + ASN1_BMPSTRING_it; + ASN1_BMPSTRING_it; + ASN1_tag2bit; + UI_method_set_flusher; + X509_ocspid_print; + KRB5_ENCDATA_it; + KRB5_ENCDATA_it; + ENGINE_get_load_pubkey_function; + UI_add_user_data; + OCSP_REQUEST_delete_ext; + UI_get_method; + OCSP_ONEREQ_free; + ASN1_PRINTABLESTRING_it; + ASN1_PRINTABLESTRING_it; + X509_CRL_set_nextUpdate; + OCSP_REQUEST_it; + OCSP_REQUEST_it; + OCSP_BASICRESP_it; + OCSP_BASICRESP_it; + AES_ecb_encrypt; + BN_mod_sqr; + NETSCAPE_CERT_SEQUENCE_it; + NETSCAPE_CERT_SEQUENCE_it; + GENERAL_NAMES_it; + GENERAL_NAMES_it; + AUTHORITY_INFO_ACCESS_it; + AUTHORITY_INFO_ACCESS_it; + ASN1_FBOOLEAN_it; + ASN1_FBOOLEAN_it; + UI_set_ex_data; + _ossl_old_des_string_to_key; + ENGINE_register_all_RSA; + d2i_KRB5_PRINCNAME; + OCSP_RESPBYTES_it; + OCSP_RESPBYTES_it; + X509_CINF_it; + X509_CINF_it; + ENGINE_unregister_digests; + d2i_EDIPARTYNAME; + d2i_OCSP_SERVICELOC; + ENGINE_get_digests; + _ossl_old_des_set_odd_parity; + OCSP_RESPDATA_free; + d2i_KRB5_TICKET; + OTHERNAME_it; + OTHERNAME_it; + EVP_MD_CTX_cleanup; + d2i_ASN1_GENERALSTRING; + X509_CRL_set_version; + BN_mod_sub; + OCSP_SINGLERESP_get_ext_by_NID; + ENGINE_get_ex_new_index; + OCSP_REQUEST_free; + OCSP_REQUEST_add1_ext_i2d; + X509_VAL_it; + X509_VAL_it; + EC_POINTs_make_affine; + EC_POINT_mul; + X509V3_EXT_add_nconf; + X509_TRUST_set; + X509_CRL_add1_ext_i2d; + _ossl_old_des_fcrypt; + DISPLAYTEXT_it; + DISPLAYTEXT_it; + X509_CRL_set_lastUpdate; + OCSP_BASICRESP_free; + OCSP_BASICRESP_add1_ext_i2d; + d2i_KRB5_AUTHENTBODY; + CRYPTO_set_ex_data_implementation; + CRYPTO_set_ex_data_impl; + KRB5_ENCDATA_new; + DSO_up_ref; + OCSP_crl_reason_str; + UI_get0_result_string; + ASN1_GENERALSTRING_new; + X509_SIG_it; + X509_SIG_it; + ERR_set_implementation; + ERR_load_EC_strings; + UI_get0_action_string; + OCSP_ONEREQ_get_ext; + EC_POINT_method_of; + i2d_KRB5_APREQBODY; + _ossl_old_des_ecb3_encrypt; + CRYPTO_get_mem_ex_functions; + ENGINE_get_ex_data; + UI_destroy_method; + ASN1_item_i2d_bio; + OCSP_ONEREQ_get_ext_by_OBJ; + ASN1_primitive_new; + ASN1_PRINTABLE_it; + ASN1_PRINTABLE_it; + EVP_aes_192_ecb; + OCSP_SIGNATURE_new; + LONG_it; + LONG_it; + ASN1_VISIBLESTRING_it; + ASN1_VISIBLESTRING_it; + OCSP_SINGLERESP_add1_ext_i2d; + d2i_OCSP_CERTID; + ASN1_item_d2i_fp; + CRL_DIST_POINTS_it; + CRL_DIST_POINTS_it; + GENERAL_NAME_print; + OCSP_SINGLERESP_delete_ext; + PKCS12_SAFEBAGS_it; + PKCS12_SAFEBAGS_it; + d2i_OCSP_SIGNATURE; + OCSP_request_add1_nonce; + ENGINE_set_cmd_defns; + OCSP_SERVICELOC_free; + EC_GROUP_free; + ASN1_BIT_STRING_it; + ASN1_BIT_STRING_it; + X509_REQ_it; + X509_REQ_it; + _ossl_old_des_cbc_encrypt; + ERR_unload_strings; + PKCS7_SIGN_ENVELOPE_it; + PKCS7_SIGN_ENVELOPE_it; + EDIPARTYNAME_free; + OCSP_REQINFO_free; + EC_GROUP_new_curve_GFp; + OCSP_REQUEST_get1_ext_d2i; + PKCS12_item_pack_safebag; + asn1_ex_c2i; + ENGINE_register_digests; + i2d_OCSP_REVOKEDINFO; + asn1_enc_restore; + UI_free; + UI_new_method; + EVP_EncryptInit_ex; + X509_pubkey_digest; + EC_POINT_invert; + OCSP_basic_sign; + i2d_OCSP_RESPID; + OCSP_check_nonce; + ENGINE_ctrl_cmd; + d2i_KRB5_ENCKEY; + OCSP_parse_url; + OCSP_SINGLERESP_get_ext; + OCSP_CRLID_free; + OCSP_BASICRESP_get1_ext_d2i; + RSAPrivateKey_it; + RSAPrivateKey_it; + ENGINE_register_all_DH; + i2d_EDIPARTYNAME; + EC_POINT_get_affine_coordinates_GFp; + EC_POINT_get_affine_coords_GFp; + OCSP_CRLID_new; + ENGINE_get_flags; + OCSP_ONEREQ_it; + OCSP_ONEREQ_it; + UI_process; + ASN1_INTEGER_it; + ASN1_INTEGER_it; + EVP_CipherInit_ex; + UI_get_string_type; + ENGINE_unregister_DH; + ENGINE_register_all_DSA; + OCSP_ONEREQ_get_ext_by_critical; + bn_dup_expand; + OCSP_cert_id_new; + BASIC_CONSTRAINTS_it; + BASIC_CONSTRAINTS_it; + BN_mod_add_quick; + EC_POINT_new; + EVP_MD_CTX_destroy; + OCSP_RESPBYTES_free; + EVP_aes_128_cbc; + OCSP_SINGLERESP_get1_ext_d2i; + EC_POINT_free; + DH_up_ref; + X509_NAME_ENTRY_it; + X509_NAME_ENTRY_it; + UI_get_ex_new_index; + BN_mod_sub_quick; + OCSP_ONEREQ_add_ext; + OCSP_request_sign; + EVP_DigestFinal_ex; + ENGINE_set_digests; + OCSP_id_issuer_cmp; + OBJ_NAME_do_all; + EC_POINTs_mul; + ENGINE_register_complete; + X509V3_EXT_nconf_nid; + ASN1_SEQUENCE_it; + ASN1_SEQUENCE_it; + UI_set_default_method; + RAND_query_egd_bytes; + UI_method_get_writer; + UI_OpenSSL; + PEM_def_callback; + ENGINE_cleanup; + DIST_POINT_it; + DIST_POINT_it; + OCSP_SINGLERESP_it; + OCSP_SINGLERESP_it; + d2i_KRB5_TKTBODY; + EC_POINT_cmp; + OCSP_REVOKEDINFO_new; + i2d_OCSP_CERTSTATUS; + OCSP_basic_add1_nonce; + ASN1_item_ex_d2i; + BN_mod_lshift1_quick; + UI_set_method; + OCSP_id_get0_info; + BN_mod_sqrt; + EC_GROUP_copy; + KRB5_ENCDATA_free; + _ossl_old_des_cfb_encrypt; + OCSP_SINGLERESP_get_ext_by_OBJ; + OCSP_cert_to_id; + OCSP_RESPID_new; + OCSP_RESPDATA_it; + OCSP_RESPDATA_it; + d2i_OCSP_RESPDATA; + ENGINE_register_all_complete; + OCSP_check_validity; + PKCS12_BAGS_it; + PKCS12_BAGS_it; + OCSP_url_svcloc_new; + ASN1_template_free; + OCSP_SINGLERESP_add_ext; + KRB5_AUTHENTBODY_it; + KRB5_AUTHENTBODY_it; + X509_supported_extension; + i2d_KRB5_AUTHDATA; + UI_method_get_opener; + ENGINE_set_ex_data; + OCSP_REQUEST_print; + CBIGNUM_it; + CBIGNUM_it; + KRB5_TICKET_new; + KRB5_APREQ_new; + EC_GROUP_get_curve_GFp; + KRB5_ENCKEY_new; + ASN1_template_d2i; + _ossl_old_des_quad_cksum; + OCSP_single_get0_status; + BN_swap; + POLICYINFO_it; + POLICYINFO_it; + ENGINE_set_destroy_function; + asn1_enc_free; + OCSP_RESPID_it; + OCSP_RESPID_it; + EC_GROUP_new; + EVP_aes_256_cbc; + i2d_KRB5_PRINCNAME; + _ossl_old_des_encrypt2; + _ossl_old_des_encrypt3; + PKCS8_PRIV_KEY_INFO_it; + PKCS8_PRIV_KEY_INFO_it; + OCSP_REQINFO_it; + OCSP_REQINFO_it; + PBEPARAM_it; + PBEPARAM_it; + KRB5_AUTHENTBODY_new; + X509_CRL_add0_revoked; + EDIPARTYNAME_it; + EDIPARTYNAME_it; + NETSCAPE_SPKI_it; + NETSCAPE_SPKI_it; + UI_get0_test_string; + ENGINE_get_cipher_engine; + ENGINE_register_all_ciphers; + EC_POINT_copy; + BN_kronecker; + _ossl_old_des_ede3_ofb64_encrypt; + _ossl_odes_ede3_ofb64_encrypt; + UI_method_get_reader; + OCSP_BASICRESP_get_ext_count; + ASN1_ENUMERATED_it; + ASN1_ENUMERATED_it; + UI_set_result; + i2d_KRB5_TICKET; + X509_print_ex_fp; + EVP_CIPHER_CTX_set_padding; + d2i_OCSP_RESPONSE; + ASN1_UTCTIME_it; + ASN1_UTCTIME_it; + _ossl_old_des_enc_write; + OCSP_RESPONSE_new; + AES_set_encrypt_key; + OCSP_resp_count; + KRB5_CHECKSUM_new; + ENGINE_load_cswift; + OCSP_onereq_get0_id; + ENGINE_set_default_ciphers; + NOTICEREF_it; + NOTICEREF_it; + X509V3_EXT_CRL_add_nconf; + OCSP_REVOKEDINFO_it; + OCSP_REVOKEDINFO_it; + AES_encrypt; + OCSP_REQUEST_new; + ASN1_ANY_it; + ASN1_ANY_it; + CRYPTO_ex_data_new_class; + _ossl_old_des_ncbc_encrypt; + i2d_KRB5_TKTBODY; + EC_POINT_clear_free; + AES_decrypt; + asn1_enc_init; + UI_get_result_maxsize; + OCSP_CERTID_new; + ENGINE_unregister_RAND; + UI_method_get_closer; + d2i_KRB5_ENCDATA; + OCSP_request_onereq_count; + OCSP_basic_verify; + KRB5_AUTHENTBODY_free; + ASN1_item_d2i; + ASN1_primitive_free; + i2d_EXTENDED_KEY_USAGE; + i2d_OCSP_SIGNATURE; + asn1_enc_save; + ENGINE_load_nuron; + _ossl_old_des_pcbc_encrypt; + PKCS12_MAC_DATA_it; + PKCS12_MAC_DATA_it; + OCSP_accept_responses_new; + asn1_do_lock; + PKCS7_ATTR_VERIFY_it; + PKCS7_ATTR_VERIFY_it; + KRB5_APREQBODY_it; + KRB5_APREQBODY_it; + i2d_OCSP_SINGLERESP; + ASN1_item_ex_new; + UI_add_verify_string; + _ossl_old_des_set_key; + KRB5_PRINCNAME_it; + KRB5_PRINCNAME_it; + EVP_DecryptInit_ex; + i2d_OCSP_CERTID; + ASN1_item_d2i_bio; + EC_POINT_dbl; + asn1_get_choice_selector; + i2d_KRB5_CHECKSUM; + ENGINE_set_table_flags; + AES_options; + ENGINE_load_chil; + OCSP_id_cmp; + OCSP_BASICRESP_new; + OCSP_REQUEST_get_ext_by_NID; + KRB5_APREQ_it; + KRB5_APREQ_it; + ENGINE_get_destroy_function; + CONF_set_nconf; + ASN1_PRINTABLE_free; + OCSP_BASICRESP_get_ext_by_NID; + DIST_POINT_NAME_it; + DIST_POINT_NAME_it; + X509V3_extensions_print; + _ossl_old_des_cfb64_encrypt; + X509_REVOKED_add1_ext_i2d; + _ossl_old_des_ofb_encrypt; + KRB5_TKTBODY_new; + ASN1_OCTET_STRING_it; + ASN1_OCTET_STRING_it; + ERR_load_UI_strings; + i2d_KRB5_ENCKEY; + ASN1_template_new; + OCSP_SIGNATURE_free; + ASN1_item_i2d_fp; + KRB5_PRINCNAME_free; + PKCS7_RECIP_INFO_it; + PKCS7_RECIP_INFO_it; + EXTENDED_KEY_USAGE_it; + EXTENDED_KEY_USAGE_it; + EC_GFp_simple_method; + EC_GROUP_precompute_mult; + OCSP_request_onereq_get0; + UI_method_set_writer; + KRB5_AUTHENT_new; + X509_CRL_INFO_it; + X509_CRL_INFO_it; + DSO_set_name_converter; + AES_set_decrypt_key; + PKCS7_DIGEST_it; + PKCS7_DIGEST_it; + PKCS12_x5092certbag; + EVP_DigestInit_ex; + i2a_ACCESS_DESCRIPTION; + OCSP_RESPONSE_it; + OCSP_RESPONSE_it; + PKCS7_ENC_CONTENT_it; + PKCS7_ENC_CONTENT_it; + OCSP_request_add0_id; + EC_POINT_make_affine; + DSO_get_filename; + OCSP_CERTSTATUS_it; + OCSP_CERTSTATUS_it; + OCSP_request_add1_cert; + UI_get0_output_string; + UI_dup_verify_string; + BN_mod_lshift; + KRB5_AUTHDATA_it; + KRB5_AUTHDATA_it; + asn1_set_choice_selector; + OCSP_basic_add1_status; + OCSP_RESPID_free; + asn1_get_field_ptr; + UI_add_input_string; + OCSP_CRLID_it; + OCSP_CRLID_it; + i2d_KRB5_AUTHENTBODY; + OCSP_REQUEST_get_ext_count; + ENGINE_load_atalla; + X509_NAME_it; + X509_NAME_it; + USERNOTICE_it; + USERNOTICE_it; + OCSP_REQINFO_new; + OCSP_BASICRESP_get_ext; + CRYPTO_get_ex_data_implementation; + CRYPTO_get_ex_data_impl; + ASN1_item_pack; + i2d_KRB5_ENCDATA; + X509_PURPOSE_set; + X509_REQ_INFO_it; + X509_REQ_INFO_it; + UI_method_set_opener; + ASN1_item_ex_free; + ASN1_BOOLEAN_it; + ASN1_BOOLEAN_it; + ENGINE_get_table_flags; + UI_create_method; + OCSP_ONEREQ_add1_ext_i2d; + _shadow_DES_check_key; + _shadow_DES_check_key; + d2i_OCSP_REQINFO; + UI_add_info_string; + UI_get_result_minsize; + ASN1_NULL_it; + ASN1_NULL_it; + BN_mod_lshift1; + d2i_OCSP_ONEREQ; + OCSP_ONEREQ_new; + KRB5_TICKET_it; + KRB5_TICKET_it; + EVP_aes_192_cbc; + KRB5_TICKET_free; + UI_new; + OCSP_response_create; + _ossl_old_des_xcbc_encrypt; + PKCS7_it; + PKCS7_it; + OCSP_REQUEST_get_ext_by_critical; + OCSP_REQUEST_get_ext_by_crit; + ENGINE_set_flags; + _ossl_old_des_ecb_encrypt; + OCSP_response_get1_basic; + EVP_Digest; + OCSP_ONEREQ_delete_ext; + ASN1_TBOOLEAN_it; + ASN1_TBOOLEAN_it; + ASN1_item_new; + ASN1_TIME_to_generalizedtime; + BIGNUM_it; + BIGNUM_it; + AES_cbc_encrypt; + ENGINE_get_load_privkey_function; + ENGINE_get_load_privkey_fn; + OCSP_RESPONSE_free; + UI_method_set_reader; + i2d_ASN1_T61STRING; + EC_POINT_set_to_infinity; + ERR_load_OCSP_strings; + EC_POINT_point2oct; + KRB5_APREQ_free; + ASN1_OBJECT_it; + ASN1_OBJECT_it; + OCSP_crlID_new; + OCSP_crlID2_new; + CONF_modules_load_file; + CONF_imodule_set_usr_data; + ENGINE_set_default_string; + CONF_module_get_usr_data; + ASN1_add_oid_module; + CONF_modules_finish; + OPENSSL_config; + CONF_modules_unload; + CONF_imodule_get_value; + CONF_module_set_usr_data; + CONF_parse_list; + CONF_module_add; + CONF_get1_default_config_file; + CONF_imodule_get_flags; + CONF_imodule_get_module; + CONF_modules_load; + CONF_imodule_get_name; + ERR_peek_top_error; + CONF_imodule_get_usr_data; + CONF_imodule_set_flags; + ENGINE_add_conf_module; + ERR_peek_last_error_line; + ERR_peek_last_error_line_data; + ERR_peek_last_error; + DES_read_2passwords; + DES_read_password; + UI_UTIL_read_pw; + UI_UTIL_read_pw_string; + ENGINE_load_aep; + ENGINE_load_sureware; + OPENSSL_add_all_algorithms_noconf; + OPENSSL_add_all_algo_noconf; + OPENSSL_add_all_algorithms_conf; + OPENSSL_add_all_algo_conf; + OPENSSL_load_builtin_modules; + AES_ofb128_encrypt; + AES_ctr128_encrypt; + AES_cfb128_encrypt; + ENGINE_load_4758cca; + _ossl_096_des_random_seed; + EVP_aes_256_ofb; + EVP_aes_192_ofb; + EVP_aes_128_cfb128; + EVP_aes_256_cfb128; + EVP_aes_128_ofb; + EVP_aes_192_cfb128; + CONF_modules_free; + NCONF_default; + OPENSSL_no_config; + NCONF_WIN32; + ASN1_UNIVERSALSTRING_new; + EVP_des_ede_ecb; + i2d_ASN1_UNIVERSALSTRING; + ASN1_UNIVERSALSTRING_free; + ASN1_UNIVERSALSTRING_it; + ASN1_UNIVERSALSTRING_it; + d2i_ASN1_UNIVERSALSTRING; + EVP_des_ede3_ecb; + X509_REQ_print_ex; + ENGINE_up_ref; + BUF_MEM_grow_clean; + CRYPTO_realloc_clean; + BUF_strlcat; + BIO_indent; + BUF_strlcpy; + OpenSSLDie; + OPENSSL_cleanse; + ENGINE_setup_bsd_cryptodev; + ERR_release_err_state_table; + EVP_aes_128_cfb8; + FIPS_corrupt_rsa; + FIPS_selftest_des; + EVP_aes_128_cfb1; + EVP_aes_192_cfb8; + FIPS_mode_set; + FIPS_selftest_dsa; + EVP_aes_256_cfb8; + FIPS_allow_md5; + DES_ede3_cfb_encrypt; + EVP_des_ede3_cfb8; + FIPS_rand_seeded; + AES_cfbr_encrypt_block; + AES_cfb8_encrypt; + FIPS_rand_seed; + FIPS_corrupt_des; + EVP_aes_192_cfb1; + FIPS_selftest_aes; + FIPS_set_prng_key; + EVP_des_cfb8; + FIPS_corrupt_dsa; + FIPS_test_mode; + FIPS_rand_method; + EVP_aes_256_cfb1; + ERR_load_FIPS_strings; + FIPS_corrupt_aes; + FIPS_selftest_sha1; + FIPS_selftest_rsa; + FIPS_corrupt_sha1; + EVP_des_cfb1; + FIPS_dsa_check; + AES_cfb1_encrypt; + EVP_des_ede3_cfb1; + FIPS_rand_check; + FIPS_md5_allowed; + FIPS_mode; + FIPS_selftest_failed; + sk_is_sorted; + X509_check_ca; + HMAC_CTX_set_flags; + d2i_PROXY_CERT_INFO_EXTENSION; + PROXY_POLICY_it; + PROXY_POLICY_it; + i2d_PROXY_POLICY; + i2d_PROXY_CERT_INFO_EXTENSION; + d2i_PROXY_POLICY; + PROXY_CERT_INFO_EXTENSION_new; + PROXY_CERT_INFO_EXTENSION_free; + PROXY_CERT_INFO_EXTENSION_it; + PROXY_CERT_INFO_EXTENSION_it; + PROXY_POLICY_free; + PROXY_POLICY_new; + BN_MONT_CTX_set_locked; + FIPS_selftest_rng; + EVP_sha384; + EVP_sha512; + EVP_sha224; + EVP_sha256; + FIPS_selftest_hmac; + FIPS_corrupt_rng; + BN_mod_exp_mont_consttime; + RSA_X931_hash_id; + RSA_padding_check_X931; + RSA_verify_PKCS1_PSS; + RSA_padding_add_X931; + RSA_padding_add_PKCS1_PSS; + PKCS1_MGF1; + BN_X931_generate_Xpq; + RSA_X931_generate_key; + BN_X931_derive_prime; + BN_X931_generate_prime; + RSA_X931_derive; + BIO_new_dgram; + BN_get0_nist_prime_384; + ERR_set_mark; + X509_STORE_CTX_set0_crls; + ENGINE_set_STORE; + ENGINE_register_ECDSA; + STORE_meth_set_list_start_fn; + STORE_method_set_list_start_function; + BN_BLINDING_invert_ex; + NAME_CONSTRAINTS_free; + STORE_ATTR_INFO_set_number; + BN_BLINDING_get_thread_id; + X509_STORE_CTX_set0_param; + POLICY_MAPPING_it; + POLICY_MAPPING_it; + STORE_parse_attrs_start; + POLICY_CONSTRAINTS_free; + EVP_PKEY_add1_attr_by_NID; + BN_nist_mod_192; + EC_GROUP_get_trinomial_basis; + STORE_set_method; + GENERAL_SUBTREE_free; + NAME_CONSTRAINTS_it; + NAME_CONSTRAINTS_it; + ECDH_get_default_method; + PKCS12_add_safe; + EC_KEY_new_by_curve_name; + STORE_meth_get_update_store_fn; + STORE_method_get_update_store_function; + ENGINE_register_ECDH; + SHA512_Update; + i2d_ECPrivateKey; + BN_get0_nist_prime_192; + STORE_modify_certificate; + EC_POINT_set_affine_coordinates_GF2m; + EC_POINT_set_affine_coords_GF2m; + BN_GF2m_mod_exp_arr; + STORE_ATTR_INFO_modify_number; + X509_keyid_get0; + ENGINE_load_gmp; + pitem_new; + BN_GF2m_mod_mul_arr; + STORE_list_public_key_endp; + o2i_ECPublicKey; + EC_KEY_copy; + BIO_dump_fp; + X509_policy_node_get0_parent; + EC_GROUP_check_discriminant; + i2o_ECPublicKey; + EC_KEY_precompute_mult; + a2i_IPADDRESS; + STORE_meth_set_initialise_fn; + STORE_method_set_initialise_function; + X509_STORE_CTX_set_depth; + X509_VERIFY_PARAM_inherit; + EC_POINT_point2bn; + STORE_ATTR_INFO_set_dn; + X509_policy_tree_get0_policies; + EC_GROUP_new_curve_GF2m; + STORE_destroy_method; + ENGINE_unregister_STORE; + EVP_PKEY_get1_EC_KEY; + STORE_ATTR_INFO_get0_number; + ENGINE_get_default_ECDH; + EC_KEY_get_conv_form; + ASN1_OCTET_STRING_NDEF_it; + ASN1_OCTET_STRING_NDEF_it; + STORE_delete_public_key; + STORE_get_public_key; + STORE_modify_arbitrary; + ENGINE_get_static_state; + pqueue_iterator; + ECDSA_SIG_new; + OPENSSL_DIR_end; + BN_GF2m_mod_sqr; + EC_POINT_bn2point; + X509_VERIFY_PARAM_set_depth; + EC_KEY_set_asn1_flag; + STORE_get_method; + EC_KEY_get_key_method_data; + ECDSA_sign_ex; + STORE_parse_attrs_end; + EC_GROUP_get_point_conversion_form; + EC_GROUP_get_point_conv_form; + STORE_method_set_store_function; + STORE_ATTR_INFO_in; + PEM_read_bio_ECPKParameters; + EC_GROUP_get_pentanomial_basis; + EVP_PKEY_add1_attr_by_txt; + BN_BLINDING_set_flags; + X509_VERIFY_PARAM_set1_policies; + X509_VERIFY_PARAM_set1_name; + X509_VERIFY_PARAM_set_purpose; + STORE_get_number; + ECDSA_sign_setup; + BN_GF2m_mod_solve_quad_arr; + EC_KEY_up_ref; + POLICY_MAPPING_free; + BN_GF2m_mod_div; + X509_VERIFY_PARAM_set_flags; + EC_KEY_free; + STORE_meth_set_list_next_fn; + STORE_method_set_list_next_function; + PEM_write_bio_ECPrivateKey; + d2i_EC_PUBKEY; + STORE_meth_get_generate_fn; + STORE_method_get_generate_function; + STORE_meth_set_list_end_fn; + STORE_method_set_list_end_function; + pqueue_print; + EC_GROUP_have_precompute_mult; + EC_KEY_print_fp; + BN_GF2m_mod_arr; + PEM_write_bio_X509_CERT_PAIR; + EVP_PKEY_cmp; + X509_policy_level_node_count; + STORE_new_engine; + STORE_list_public_key_start; + X509_VERIFY_PARAM_new; + ECDH_get_ex_data; + EVP_PKEY_get_attr; + ECDSA_do_sign; + ENGINE_unregister_ECDH; + ECDH_OpenSSL; + EC_KEY_set_conv_form; + EC_POINT_dup; + GENERAL_SUBTREE_new; + STORE_list_crl_endp; + EC_get_builtin_curves; + X509_policy_node_get0_qualifiers; + X509_pcy_node_get0_qualifiers; + STORE_list_crl_end; + EVP_PKEY_set1_EC_KEY; + BN_GF2m_mod_sqrt_arr; + i2d_ECPrivateKey_bio; + ECPKParameters_print_fp; + pqueue_find; + ECDSA_SIG_free; + PEM_write_bio_ECPKParameters; + STORE_method_set_ctrl_function; + STORE_list_public_key_end; + EC_KEY_set_private_key; + pqueue_peek; + STORE_get_arbitrary; + STORE_store_crl; + X509_policy_node_get0_policy; + PKCS12_add_safes; + BN_BLINDING_convert_ex; + X509_policy_tree_free; + OPENSSL_ia32cap_loc; + BN_GF2m_poly2arr; + STORE_ctrl; + STORE_ATTR_INFO_compare; + BN_get0_nist_prime_224; + i2d_ECParameters; + i2d_ECPKParameters; + BN_GENCB_call; + d2i_ECPKParameters; + STORE_meth_set_generate_fn; + STORE_method_set_generate_function; + ENGINE_set_ECDH; + NAME_CONSTRAINTS_new; + SHA256_Init; + EC_KEY_get0_public_key; + PEM_write_bio_EC_PUBKEY; + STORE_ATTR_INFO_set_cstr; + STORE_list_crl_next; + STORE_ATTR_INFO_in_range; + ECParameters_print; + STORE_meth_set_delete_fn; + STORE_method_set_delete_function; + STORE_list_certificate_next; + ASN1_generate_nconf; + BUF_memdup; + BN_GF2m_mod_mul; + STORE_meth_get_list_next_fn; + STORE_method_get_list_next_function; + STORE_ATTR_INFO_get0_dn; + STORE_list_private_key_next; + EC_GROUP_set_seed; + X509_VERIFY_PARAM_set_trust; + STORE_ATTR_INFO_free; + STORE_get_private_key; + EVP_PKEY_get_attr_count; + STORE_ATTR_INFO_new; + EC_GROUP_get_curve_GF2m; + STORE_meth_set_revoke_fn; + STORE_method_set_revoke_function; + STORE_store_number; + BN_is_prime_ex; + STORE_revoke_public_key; + X509_STORE_CTX_get0_param; + STORE_delete_arbitrary; + PEM_read_X509_CERT_PAIR; + X509_STORE_set_depth; + ECDSA_get_ex_data; + SHA224; + BIO_dump_indent_fp; + EC_KEY_set_group; + BUF_strndup; + STORE_list_certificate_start; + BN_GF2m_mod; + X509_REQ_check_private_key; + EC_GROUP_get_seed_len; + ERR_load_STORE_strings; + PEM_read_bio_EC_PUBKEY; + STORE_list_private_key_end; + i2d_EC_PUBKEY; + ECDSA_get_default_method; + ASN1_put_eoc; + X509_STORE_CTX_get_explicit_policy; + X509_STORE_CTX_get_expl_policy; + X509_VERIFY_PARAM_table_cleanup; + STORE_modify_private_key; + X509_VERIFY_PARAM_free; + EC_METHOD_get_field_type; + EC_GFp_nist_method; + STORE_meth_set_modify_fn; + STORE_method_set_modify_function; + STORE_parse_attrs_next; + ENGINE_load_padlock; + EC_GROUP_set_curve_name; + X509_CERT_PAIR_it; + X509_CERT_PAIR_it; + STORE_meth_get_revoke_fn; + STORE_method_get_revoke_function; + STORE_method_set_get_function; + STORE_modify_number; + STORE_method_get_store_function; + STORE_store_private_key; + BN_GF2m_mod_sqr_arr; + RSA_setup_blinding; + BIO_s_datagram; + STORE_Memory; + sk_find_ex; + EC_GROUP_set_curve_GF2m; + ENGINE_set_default_ECDSA; + POLICY_CONSTRAINTS_new; + BN_GF2m_mod_sqrt; + ECDH_set_default_method; + EC_KEY_generate_key; + SHA384_Update; + BN_GF2m_arr2poly; + STORE_method_get_get_function; + STORE_meth_set_cleanup_fn; + STORE_method_set_cleanup_function; + EC_GROUP_check; + d2i_ECPrivateKey_bio; + EC_KEY_insert_key_method_data; + STORE_meth_get_lock_store_fn; + STORE_method_get_lock_store_function; + X509_VERIFY_PARAM_get_depth; + SHA224_Final; + STORE_meth_set_update_store_fn; + STORE_method_set_update_store_function; + SHA224_Update; + d2i_ECPrivateKey; + ASN1_item_ndef_i2d; + STORE_delete_private_key; + ERR_pop_to_mark; + ENGINE_register_all_STORE; + X509_policy_level_get0_node; + i2d_PKCS7_NDEF; + EC_GROUP_get_degree; + ASN1_generate_v3; + STORE_ATTR_INFO_modify_cstr; + X509_policy_tree_level_count; + BN_GF2m_add; + EC_KEY_get0_group; + STORE_generate_crl; + STORE_store_public_key; + X509_CERT_PAIR_free; + STORE_revoke_private_key; + BN_nist_mod_224; + SHA512_Final; + STORE_ATTR_INFO_modify_dn; + STORE_meth_get_initialise_fn; + STORE_method_get_initialise_function; + STORE_delete_number; + i2d_EC_PUBKEY_bio; + BIO_dgram_non_fatal_error; + EC_GROUP_get_asn1_flag; + STORE_ATTR_INFO_in_ex; + STORE_list_crl_start; + ECDH_get_ex_new_index; + STORE_meth_get_modify_fn; + STORE_method_get_modify_function; + v2i_ASN1_BIT_STRING; + STORE_store_certificate; + OBJ_bsearch_ex; + X509_STORE_CTX_set_default; + STORE_ATTR_INFO_set_sha1str; + BN_GF2m_mod_inv; + BN_GF2m_mod_exp; + STORE_modify_public_key; + STORE_meth_get_list_start_fn; + STORE_method_get_list_start_function; + EC_GROUP_get0_seed; + STORE_store_arbitrary; + STORE_meth_set_unlock_store_fn; + STORE_method_set_unlock_store_function; + BN_GF2m_mod_div_arr; + ENGINE_set_ECDSA; + STORE_create_method; + ECPKParameters_print; + EC_KEY_get0_private_key; + PEM_write_EC_PUBKEY; + X509_VERIFY_PARAM_set1; + ECDH_set_method; + v2i_GENERAL_NAME_ex; + ECDH_set_ex_data; + STORE_generate_key; + BN_nist_mod_521; + X509_policy_tree_get0_level; + EC_GROUP_set_point_conversion_form; + EC_GROUP_set_point_conv_form; + PEM_read_EC_PUBKEY; + i2d_ECDSA_SIG; + ECDSA_OpenSSL; + STORE_delete_crl; + EC_KEY_get_enc_flags; + ASN1_const_check_infinite_end; + EVP_PKEY_delete_attr; + ECDSA_set_default_method; + EC_POINT_set_compressed_coordinates_GF2m; + EC_POINT_set_compr_coords_GF2m; + EC_GROUP_cmp; + STORE_revoke_certificate; + BN_get0_nist_prime_256; + STORE_meth_get_delete_fn; + STORE_method_get_delete_function; + SHA224_Init; + PEM_read_ECPrivateKey; + SHA512_Init; + STORE_parse_attrs_endp; + BN_set_negative; + ERR_load_ECDSA_strings; + EC_GROUP_get_basis_type; + STORE_list_public_key_next; + i2v_ASN1_BIT_STRING; + STORE_OBJECT_free; + BN_nist_mod_384; + i2d_X509_CERT_PAIR; + PEM_write_ECPKParameters; + ECDH_compute_key; + STORE_ATTR_INFO_get0_sha1str; + ENGINE_register_all_ECDH; + pqueue_pop; + STORE_ATTR_INFO_get0_cstr; + POLICY_CONSTRAINTS_it; + POLICY_CONSTRAINTS_it; + STORE_get_ex_new_index; + EVP_PKEY_get_attr_by_OBJ; + X509_VERIFY_PARAM_add0_policy; + BN_GF2m_mod_solve_quad; + SHA256; + i2d_ECPrivateKey_fp; + X509_policy_tree_get0_user_policies; + X509_pcy_tree_get0_usr_policies; + OPENSSL_DIR_read; + ENGINE_register_all_ECDSA; + X509_VERIFY_PARAM_lookup; + EC_POINT_get_affine_coordinates_GF2m; + EC_POINT_get_affine_coords_GF2m; + EC_GROUP_dup; + ENGINE_get_default_ECDSA; + EC_KEY_new; + SHA256_Transform; + EC_KEY_set_enc_flags; + ECDSA_verify; + EC_POINT_point2hex; + ENGINE_get_STORE; + SHA512; + STORE_get_certificate; + ECDSA_do_sign_ex; + ECDSA_do_verify; + d2i_ECPrivateKey_fp; + STORE_delete_certificate; + SHA512_Transform; + X509_STORE_set1_param; + STORE_method_get_ctrl_function; + STORE_free; + PEM_write_ECPrivateKey; + STORE_meth_get_unlock_store_fn; + STORE_method_get_unlock_store_function; + STORE_get_ex_data; + EC_KEY_set_public_key; + PEM_read_ECPKParameters; + X509_CERT_PAIR_new; + ENGINE_register_STORE; + RSA_generate_key_ex; + DSA_generate_parameters_ex; + ECParameters_print_fp; + X509V3_NAME_from_section; + EVP_PKEY_add1_attr; + STORE_modify_crl; + STORE_list_private_key_start; + POLICY_MAPPINGS_it; + POLICY_MAPPINGS_it; + GENERAL_SUBTREE_it; + GENERAL_SUBTREE_it; + EC_GROUP_get_curve_name; + PEM_write_X509_CERT_PAIR; + BIO_dump_indent_cb; + d2i_X509_CERT_PAIR; + STORE_list_private_key_endp; + asn1_const_Finish; + i2d_EC_PUBKEY_fp; + BN_nist_mod_256; + X509_VERIFY_PARAM_add0_table; + pqueue_free; + BN_BLINDING_create_param; + ECDSA_size; + d2i_EC_PUBKEY_bio; + BN_get0_nist_prime_521; + STORE_ATTR_INFO_modify_sha1str; + BN_generate_prime_ex; + EC_GROUP_new_by_curve_name; + SHA256_Final; + DH_generate_parameters_ex; + PEM_read_bio_ECPrivateKey; + STORE_meth_get_cleanup_fn; + STORE_method_get_cleanup_function; + ENGINE_get_ECDH; + d2i_ECDSA_SIG; + BN_is_prime_fasttest_ex; + ECDSA_sign; + X509_policy_check; + EVP_PKEY_get_attr_by_NID; + STORE_set_ex_data; + ENGINE_get_ECDSA; + EVP_ecdsa; + BN_BLINDING_get_flags; + PKCS12_add_cert; + STORE_OBJECT_new; + ERR_load_ECDH_strings; + EC_KEY_dup; + EVP_CIPHER_CTX_rand_key; + ECDSA_set_method; + a2i_IPADDRESS_NC; + d2i_ECParameters; + STORE_list_certificate_end; + STORE_get_crl; + X509_POLICY_NODE_print; + SHA384_Init; + EC_GF2m_simple_method; + ECDSA_set_ex_data; + SHA384_Final; + PKCS7_set_digest; + EC_KEY_print; + STORE_meth_set_lock_store_fn; + STORE_method_set_lock_store_function; + ECDSA_get_ex_new_index; + SHA384; + POLICY_MAPPING_new; + STORE_list_certificate_endp; + X509_STORE_CTX_get0_policy_tree; + EC_GROUP_set_asn1_flag; + EC_KEY_check_key; + d2i_EC_PUBKEY_fp; + PKCS7_set0_type_other; + PEM_read_bio_X509_CERT_PAIR; + pqueue_next; + STORE_meth_get_list_end_fn; + STORE_method_get_list_end_function; + EVP_PKEY_add1_attr_by_OBJ; + X509_VERIFY_PARAM_set_time; + pqueue_new; + ENGINE_set_default_ECDH; + STORE_new_method; + PKCS12_add_key; + DSO_merge; + EC_POINT_hex2point; + BIO_dump_cb; + SHA256_Update; + pqueue_insert; + pitem_free; + BN_GF2m_mod_inv_arr; + ENGINE_unregister_ECDSA; + BN_BLINDING_set_thread_id; + get_rfc3526_prime_8192; + X509_VERIFY_PARAM_clear_flags; + get_rfc2409_prime_1024; + DH_check_pub_key; + get_rfc3526_prime_2048; + get_rfc3526_prime_6144; + get_rfc3526_prime_1536; + get_rfc3526_prime_3072; + get_rfc3526_prime_4096; + get_rfc2409_prime_768; + X509_VERIFY_PARAM_get_flags; + EVP_CIPHER_CTX_new; + EVP_CIPHER_CTX_free; + Camellia_cbc_encrypt; + Camellia_cfb128_encrypt; + Camellia_cfb1_encrypt; + Camellia_cfb8_encrypt; + Camellia_ctr128_encrypt; + Camellia_cfbr_encrypt_block; + Camellia_decrypt; + Camellia_ecb_encrypt; + Camellia_encrypt; + Camellia_ofb128_encrypt; + Camellia_set_key; + EVP_camellia_128_cbc; + EVP_camellia_128_cfb128; + EVP_camellia_128_cfb1; + EVP_camellia_128_cfb8; + EVP_camellia_128_ecb; + EVP_camellia_128_ofb; + EVP_camellia_192_cbc; + EVP_camellia_192_cfb128; + EVP_camellia_192_cfb1; + EVP_camellia_192_cfb8; + EVP_camellia_192_ecb; + EVP_camellia_192_ofb; + EVP_camellia_256_cbc; + EVP_camellia_256_cfb128; + EVP_camellia_256_cfb1; + EVP_camellia_256_cfb8; + EVP_camellia_256_ecb; + EVP_camellia_256_ofb; + a2i_ipadd; + ASIdentifiers_free; + i2d_ASIdOrRange; + EVP_CIPHER_block_size; + v3_asid_is_canonical; + IPAddressChoice_free; + EVP_CIPHER_CTX_set_app_data; + BIO_set_callback_arg; + v3_addr_add_prefix; + IPAddressOrRange_it; + IPAddressOrRange_it; + BIO_set_flags; + ASIdentifiers_it; + ASIdentifiers_it; + v3_addr_get_range; + BIO_method_type; + v3_addr_inherits; + IPAddressChoice_it; + IPAddressChoice_it; + AES_ige_encrypt; + v3_addr_add_range; + EVP_CIPHER_CTX_nid; + d2i_ASRange; + v3_addr_add_inherit; + v3_asid_add_id_or_range; + v3_addr_validate_resource_set; + EVP_CIPHER_iv_length; + EVP_MD_type; + v3_asid_canonize; + IPAddressRange_free; + v3_asid_add_inherit; + EVP_CIPHER_CTX_key_length; + IPAddressRange_new; + ASIdOrRange_new; + EVP_MD_size; + EVP_MD_CTX_test_flags; + BIO_clear_flags; + i2d_ASRange; + IPAddressRange_it; + IPAddressRange_it; + IPAddressChoice_new; + ASIdentifierChoice_new; + ASRange_free; + EVP_MD_pkey_type; + EVP_MD_CTX_clear_flags; + IPAddressFamily_free; + i2d_IPAddressFamily; + IPAddressOrRange_new; + EVP_CIPHER_flags; + v3_asid_validate_resource_set; + d2i_IPAddressRange; + AES_bi_ige_encrypt; + BIO_get_callback; + IPAddressOrRange_free; + v3_addr_subset; + d2i_IPAddressFamily; + v3_asid_subset; + BIO_test_flags; + i2d_ASIdentifierChoice; + ASRange_it; + ASRange_it; + d2i_ASIdentifiers; + ASRange_new; + d2i_IPAddressChoice; + v3_addr_get_afi; + EVP_CIPHER_key_length; + EVP_Cipher; + i2d_IPAddressOrRange; + ASIdOrRange_it; + ASIdOrRange_it; + EVP_CIPHER_nid; + i2d_IPAddressChoice; + EVP_CIPHER_CTX_block_size; + ASIdentifiers_new; + v3_addr_validate_path; + IPAddressFamily_new; + EVP_MD_CTX_set_flags; + v3_addr_is_canonical; + i2d_IPAddressRange; + IPAddressFamily_it; + IPAddressFamily_it; + v3_asid_inherits; + EVP_CIPHER_CTX_cipher; + EVP_CIPHER_CTX_get_app_data; + EVP_MD_block_size; + EVP_CIPHER_CTX_flags; + v3_asid_validate_path; + d2i_IPAddressOrRange; + v3_addr_canonize; + ASIdentifierChoice_it; + ASIdentifierChoice_it; + EVP_MD_CTX_md; + d2i_ASIdentifierChoice; + BIO_method_name; + EVP_CIPHER_CTX_iv_length; + ASIdOrRange_free; + ASIdentifierChoice_free; + BIO_get_callback_arg; + BIO_set_callback; + d2i_ASIdOrRange; + i2d_ASIdentifiers; + SEED_decrypt; + SEED_encrypt; + SEED_cbc_encrypt; + EVP_seed_ofb; + SEED_cfb128_encrypt; + SEED_ofb128_encrypt; + EVP_seed_cbc; + SEED_ecb_encrypt; + EVP_seed_ecb; + SEED_set_key; + EVP_seed_cfb128; + X509_EXTENSIONS_it; + X509_EXTENSIONS_it; + X509_get1_ocsp; + OCSP_REQ_CTX_free; + i2d_X509_EXTENSIONS; + OCSP_sendreq_nbio; + OCSP_sendreq_new; + d2i_X509_EXTENSIONS; + X509_ALGORS_it; + X509_ALGORS_it; + X509_ALGOR_get0; + X509_ALGOR_set0; + AES_unwrap_key; + AES_wrap_key; + X509at_get0_data_by_OBJ; + ASN1_TYPE_set1; + ASN1_STRING_set0; + i2d_X509_ALGORS; + BIO_f_zlib; + COMP_zlib_cleanup; + d2i_X509_ALGORS; + CMS_ReceiptRequest_free; + PEM_write_CMS; + CMS_add0_CertificateChoices; + CMS_unsigned_add1_attr_by_OBJ; + ERR_load_CMS_strings; + CMS_sign_receipt; + i2d_CMS_ContentInfo; + CMS_signed_delete_attr; + d2i_CMS_bio; + CMS_unsigned_get_attr_by_NID; + CMS_verify; + SMIME_read_CMS; + CMS_decrypt_set1_key; + CMS_SignerInfo_get0_algs; + CMS_add1_cert; + CMS_set_detached; + CMS_encrypt; + CMS_EnvelopedData_create; + CMS_uncompress; + CMS_add0_crl; + CMS_SignerInfo_verify_content; + CMS_unsigned_get0_data_by_OBJ; + PEM_write_bio_CMS; + CMS_unsigned_get_attr; + CMS_RecipientInfo_ktri_cert_cmp; + CMS_RecipientInfo_ktri_get0_algs; + CMS_RecipInfo_ktri_get0_algs; + CMS_ContentInfo_free; + CMS_final; + CMS_add_simple_smimecap; + CMS_SignerInfo_verify; + CMS_data; + CMS_ContentInfo_it; + CMS_ContentInfo_it; + d2i_CMS_ReceiptRequest; + CMS_compress; + CMS_digest_create; + CMS_SignerInfo_cert_cmp; + CMS_SignerInfo_sign; + CMS_data_create; + i2d_CMS_bio; + CMS_EncryptedData_set1_key; + CMS_decrypt; + int_smime_write_ASN1; + CMS_unsigned_delete_attr; + CMS_unsigned_get_attr_count; + CMS_add_smimecap; + PEM_read_CMS; + CMS_signed_get_attr_by_OBJ; + d2i_CMS_ContentInfo; + CMS_add_standard_smimecap; + CMS_ContentInfo_new; + CMS_RecipientInfo_type; + CMS_get0_type; + CMS_is_detached; + CMS_sign; + CMS_signed_add1_attr; + CMS_unsigned_get_attr_by_OBJ; + SMIME_write_CMS; + CMS_EncryptedData_decrypt; + CMS_get0_RecipientInfos; + CMS_add0_RevocationInfoChoice; + CMS_decrypt_set1_pkey; + CMS_SignerInfo_set1_signer_cert; + CMS_get0_signers; + CMS_ReceiptRequest_get0_values; + CMS_signed_get0_data_by_OBJ; + CMS_get0_SignerInfos; + CMS_add0_cert; + CMS_EncryptedData_encrypt; + CMS_digest_verify; + CMS_set1_signers_certs; + CMS_signed_get_attr; + CMS_RecipientInfo_set0_key; + CMS_SignedData_init; + CMS_RecipientInfo_kekri_get0_id; + CMS_verify_receipt; + CMS_ReceiptRequest_it; + CMS_ReceiptRequest_it; + PEM_read_bio_CMS; + CMS_get1_crls; + CMS_add0_recipient_key; + SMIME_read_ASN1; + CMS_ReceiptRequest_new; + CMS_get0_content; + CMS_get1_ReceiptRequest; + CMS_signed_add1_attr_by_OBJ; + CMS_RecipientInfo_kekri_id_cmp; + CMS_add1_ReceiptRequest; + CMS_SignerInfo_get0_signer_id; + CMS_unsigned_add1_attr_by_NID; + CMS_unsigned_add1_attr; + CMS_signed_get_attr_by_NID; + CMS_get1_certs; + CMS_signed_add1_attr_by_NID; + CMS_unsigned_add1_attr_by_txt; + CMS_dataFinal; + CMS_RecipientInfo_ktri_get0_signer_id; + CMS_RecipInfo_ktri_get0_sigr_id; + i2d_CMS_ReceiptRequest; + CMS_add1_recipient_cert; + CMS_dataInit; + CMS_signed_add1_attr_by_txt; + CMS_RecipientInfo_decrypt; + CMS_signed_get_attr_count; + CMS_get0_eContentType; + CMS_set1_eContentType; + CMS_ReceiptRequest_create0; + CMS_add1_signer; + CMS_RecipientInfo_set0_pkey; + ENGINE_set_load_ssl_client_cert_function; + ENGINE_set_ld_ssl_clnt_cert_fn; + ENGINE_get_ssl_client_cert_function; + ENGINE_get_ssl_client_cert_fn; + ENGINE_load_ssl_client_cert; + ENGINE_load_capi; + OPENSSL_isservice; + FIPS_dsa_sig_decode; + EVP_CIPHER_CTX_clear_flags; + FIPS_rand_status; + FIPS_rand_set_key; + CRYPTO_set_mem_info_functions; + RSA_X931_generate_key_ex; + int_ERR_set_state_func; + int_EVP_MD_set_engine_callbacks; + int_CRYPTO_set_do_dynlock_callback; + FIPS_rng_stick; + EVP_CIPHER_CTX_set_flags; + BN_X931_generate_prime_ex; + FIPS_selftest_check; + FIPS_rand_set_dt; + CRYPTO_dbg_pop_info; + FIPS_dsa_free; + RSA_X931_derive_ex; + FIPS_rsa_new; + FIPS_rand_bytes; + fips_cipher_test; + EVP_CIPHER_CTX_test_flags; + CRYPTO_malloc_debug_init; + CRYPTO_dbg_push_info; + FIPS_corrupt_rsa_keygen; + FIPS_dh_new; + FIPS_corrupt_dsa_keygen; + FIPS_dh_free; + fips_pkey_signature_test; + EVP_add_alg_module; + int_RAND_init_engine_callbacks; + int_EVP_CIPHER_set_engine_callbacks; + int_EVP_MD_init_engine_callbacks; + FIPS_rand_test_mode; + FIPS_rand_reset; + FIPS_dsa_new; + int_RAND_set_callbacks; + BN_X931_derive_prime_ex; + int_ERR_lib_init; + int_EVP_CIPHER_init_engine_callbacks; + FIPS_rsa_free; + FIPS_dsa_sig_encode; + CRYPTO_dbg_remove_all_info; + OPENSSL_init; + CRYPTO_strdup; + JPAKE_STEP3A_process; + JPAKE_STEP1_release; + JPAKE_get_shared_key; + JPAKE_STEP3B_init; + JPAKE_STEP1_generate; + JPAKE_STEP1_init; + JPAKE_STEP3B_process; + JPAKE_STEP2_generate; + JPAKE_CTX_new; + JPAKE_CTX_free; + JPAKE_STEP3B_release; + JPAKE_STEP3A_release; + JPAKE_STEP2_process; + JPAKE_STEP3B_generate; + JPAKE_STEP1_process; + JPAKE_STEP3A_generate; + JPAKE_STEP2_release; + JPAKE_STEP3A_init; + ERR_load_JPAKE_strings; + JPAKE_STEP2_init; + pqueue_size; + i2d_TS_ACCURACY; + i2d_TS_MSG_IMPRINT_fp; + i2d_TS_MSG_IMPRINT; + EVP_PKEY_print_public; + EVP_PKEY_CTX_new; + i2d_TS_TST_INFO; + EVP_PKEY_asn1_find; + DSO_METHOD_beos; + TS_CONF_load_cert; + TS_REQ_get_ext; + EVP_PKEY_sign_init; + ASN1_item_print; + TS_TST_INFO_set_nonce; + TS_RESP_dup; + ENGINE_register_pkey_meths; + EVP_PKEY_asn1_add0; + PKCS7_add0_attrib_signing_time; + i2d_TS_TST_INFO_fp; + BIO_asn1_get_prefix; + TS_TST_INFO_set_time; + EVP_PKEY_meth_set_decrypt; + EVP_PKEY_set_type_str; + EVP_PKEY_CTX_get_keygen_info; + TS_REQ_set_policy_id; + d2i_TS_RESP_fp; + ENGINE_get_pkey_asn1_meth_engine; + ENGINE_get_pkey_asn1_meth_eng; + WHIRLPOOL_Init; + TS_RESP_set_status_info; + EVP_PKEY_keygen; + EVP_DigestSignInit; + TS_ACCURACY_set_millis; + TS_REQ_dup; + GENERAL_NAME_dup; + ASN1_SEQUENCE_ANY_it; + ASN1_SEQUENCE_ANY_it; + WHIRLPOOL; + X509_STORE_get1_crls; + ENGINE_get_pkey_asn1_meth; + EVP_PKEY_asn1_new; + BIO_new_NDEF; + ENGINE_get_pkey_meth; + TS_MSG_IMPRINT_set_algo; + i2d_TS_TST_INFO_bio; + TS_TST_INFO_set_ordering; + TS_TST_INFO_get_ext_by_OBJ; + CRYPTO_THREADID_set_pointer; + TS_CONF_get_tsa_section; + SMIME_write_ASN1; + TS_RESP_CTX_set_signer_key; + EVP_PKEY_encrypt_old; + EVP_PKEY_encrypt_init; + CRYPTO_THREADID_cpy; + ASN1_PCTX_get_cert_flags; + i2d_ESS_SIGNING_CERT; + TS_CONF_load_key; + i2d_ASN1_SEQUENCE_ANY; + d2i_TS_MSG_IMPRINT_bio; + EVP_PKEY_asn1_set_public; + b2i_PublicKey_bio; + BIO_asn1_set_prefix; + EVP_PKEY_new_mac_key; + BIO_new_CMS; + CRYPTO_THREADID_cmp; + TS_REQ_ext_free; + EVP_PKEY_asn1_set_free; + EVP_PKEY_get0_asn1; + d2i_NETSCAPE_X509; + EVP_PKEY_verify_recover_init; + EVP_PKEY_CTX_set_data; + EVP_PKEY_keygen_init; + TS_RESP_CTX_set_status_info; + TS_MSG_IMPRINT_get_algo; + TS_REQ_print_bio; + EVP_PKEY_CTX_ctrl_str; + EVP_PKEY_get_default_digest_nid; + PEM_write_bio_PKCS7_stream; + TS_MSG_IMPRINT_print_bio; + BN_asc2bn; + TS_REQ_get_policy_id; + ENGINE_set_default_pkey_asn1_meths; + ENGINE_set_def_pkey_asn1_meths; + d2i_TS_ACCURACY; + DSO_global_lookup; + TS_CONF_set_tsa_name; + i2d_ASN1_SET_ANY; + ENGINE_load_gost; + WHIRLPOOL_BitUpdate; + ASN1_PCTX_get_flags; + TS_TST_INFO_get_ext_by_NID; + TS_RESP_new; + ESS_CERT_ID_dup; + TS_STATUS_INFO_dup; + TS_REQ_delete_ext; + EVP_DigestVerifyFinal; + EVP_PKEY_print_params; + i2d_CMS_bio_stream; + TS_REQ_get_msg_imprint; + OBJ_find_sigid_by_algs; + TS_TST_INFO_get_serial; + TS_REQ_get_nonce; + X509_PUBKEY_set0_param; + EVP_PKEY_CTX_set0_keygen_info; + DIST_POINT_set_dpname; + i2d_ISSUING_DIST_POINT; + ASN1_SET_ANY_it; + ASN1_SET_ANY_it; + EVP_PKEY_CTX_get_data; + TS_STATUS_INFO_print_bio; + EVP_PKEY_derive_init; + d2i_TS_TST_INFO; + EVP_PKEY_asn1_add_alias; + d2i_TS_RESP_bio; + OTHERNAME_cmp; + GENERAL_NAME_set0_value; + PKCS7_RECIP_INFO_get0_alg; + TS_RESP_CTX_new; + TS_RESP_set_tst_info; + PKCS7_final; + EVP_PKEY_base_id; + TS_RESP_CTX_set_signer_cert; + TS_REQ_set_msg_imprint; + EVP_PKEY_CTX_ctrl; + TS_CONF_set_digests; + d2i_TS_MSG_IMPRINT; + EVP_PKEY_meth_set_ctrl; + TS_REQ_get_ext_by_NID; + PKCS5_pbe_set0_algor; + BN_BLINDING_thread_id; + TS_ACCURACY_new; + X509_CRL_METHOD_free; + ASN1_PCTX_get_nm_flags; + EVP_PKEY_meth_set_sign; + CRYPTO_THREADID_current; + EVP_PKEY_decrypt_init; + NETSCAPE_X509_free; + i2b_PVK_bio; + EVP_PKEY_print_private; + GENERAL_NAME_get0_value; + b2i_PVK_bio; + ASN1_UTCTIME_adj; + TS_TST_INFO_new; + EVP_MD_do_all_sorted; + TS_CONF_set_default_engine; + TS_ACCURACY_set_seconds; + TS_TST_INFO_get_time; + PKCS8_pkey_get0; + EVP_PKEY_asn1_get0; + OBJ_add_sigid; + PKCS7_SIGNER_INFO_sign; + EVP_PKEY_paramgen_init; + EVP_PKEY_sign; + OBJ_sigid_free; + EVP_PKEY_meth_set_init; + d2i_ESS_ISSUER_SERIAL; + ISSUING_DIST_POINT_new; + ASN1_TIME_adj; + TS_OBJ_print_bio; + EVP_PKEY_meth_set_verify_recover; + EVP_PKEY_meth_set_vrfy_recover; + TS_RESP_get_status_info; + CMS_stream; + EVP_PKEY_CTX_set_cb; + PKCS7_to_TS_TST_INFO; + ASN1_PCTX_get_oid_flags; + TS_TST_INFO_add_ext; + EVP_PKEY_meth_set_derive; + i2d_TS_RESP_fp; + i2d_TS_MSG_IMPRINT_bio; + TS_RESP_CTX_set_accuracy; + TS_REQ_set_nonce; + ESS_CERT_ID_new; + ENGINE_pkey_asn1_find_str; + TS_REQ_get_ext_count; + BUF_reverse; + TS_TST_INFO_print_bio; + d2i_ISSUING_DIST_POINT; + ENGINE_get_pkey_meths; + i2b_PrivateKey_bio; + i2d_TS_RESP; + b2i_PublicKey; + TS_VERIFY_CTX_cleanup; + TS_STATUS_INFO_free; + TS_RESP_verify_token; + OBJ_bsearch_ex_; + ASN1_bn_print; + EVP_PKEY_asn1_get_count; + ENGINE_register_pkey_asn1_meths; + ASN1_PCTX_set_nm_flags; + EVP_DigestVerifyInit; + ENGINE_set_default_pkey_meths; + TS_TST_INFO_get_policy_id; + TS_REQ_get_cert_req; + X509_CRL_set_meth_data; + PKCS8_pkey_set0; + ASN1_STRING_copy; + d2i_TS_TST_INFO_fp; + X509_CRL_match; + EVP_PKEY_asn1_set_private; + TS_TST_INFO_get_ext_d2i; + TS_RESP_CTX_add_policy; + d2i_TS_RESP; + TS_CONF_load_certs; + TS_TST_INFO_get_msg_imprint; + ERR_load_TS_strings; + TS_TST_INFO_get_version; + EVP_PKEY_CTX_dup; + EVP_PKEY_meth_set_verify; + i2b_PublicKey_bio; + TS_CONF_set_certs; + EVP_PKEY_asn1_get0_info; + TS_VERIFY_CTX_free; + TS_REQ_get_ext_by_critical; + TS_RESP_CTX_set_serial_cb; + X509_CRL_get_meth_data; + TS_RESP_CTX_set_time_cb; + TS_MSG_IMPRINT_get_msg; + TS_TST_INFO_ext_free; + TS_REQ_get_version; + TS_REQ_add_ext; + EVP_PKEY_CTX_set_app_data; + OBJ_bsearch_; + EVP_PKEY_meth_set_verifyctx; + i2d_PKCS7_bio_stream; + CRYPTO_THREADID_set_numeric; + PKCS7_sign_add_signer; + d2i_TS_TST_INFO_bio; + TS_TST_INFO_get_ordering; + TS_RESP_print_bio; + TS_TST_INFO_get_exts; + HMAC_CTX_copy; + PKCS5_pbe2_set_iv; + ENGINE_get_pkey_asn1_meths; + b2i_PrivateKey; + EVP_PKEY_CTX_get_app_data; + TS_REQ_set_cert_req; + CRYPTO_THREADID_set_callback; + TS_CONF_set_serial; + TS_TST_INFO_free; + d2i_TS_REQ_fp; + TS_RESP_verify_response; + i2d_ESS_ISSUER_SERIAL; + TS_ACCURACY_get_seconds; + EVP_CIPHER_do_all; + b2i_PrivateKey_bio; + OCSP_CERTID_dup; + X509_PUBKEY_get0_param; + TS_MSG_IMPRINT_dup; + PKCS7_print_ctx; + i2d_TS_REQ_bio; + EVP_whirlpool; + EVP_PKEY_asn1_set_param; + EVP_PKEY_meth_set_encrypt; + ASN1_PCTX_set_flags; + i2d_ESS_CERT_ID; + TS_VERIFY_CTX_new; + TS_RESP_CTX_set_extension_cb; + ENGINE_register_all_pkey_meths; + TS_RESP_CTX_set_status_info_cond; + TS_RESP_CTX_set_stat_info_cond; + EVP_PKEY_verify; + WHIRLPOOL_Final; + X509_CRL_METHOD_new; + EVP_DigestSignFinal; + TS_RESP_CTX_set_def_policy; + NETSCAPE_X509_it; + NETSCAPE_X509_it; + TS_RESP_create_response; + PKCS7_SIGNER_INFO_get0_algs; + TS_TST_INFO_get_nonce; + EVP_PKEY_decrypt_old; + TS_TST_INFO_set_policy_id; + TS_CONF_set_ess_cert_id_chain; + EVP_PKEY_CTX_get0_pkey; + d2i_TS_REQ; + EVP_PKEY_asn1_find_str; + BIO_f_asn1; + ESS_SIGNING_CERT_new; + EVP_PBE_find; + X509_CRL_get0_by_cert; + EVP_PKEY_derive; + i2d_TS_REQ; + TS_TST_INFO_delete_ext; + ESS_ISSUER_SERIAL_free; + ASN1_PCTX_set_str_flags; + ENGINE_get_pkey_asn1_meth_str; + TS_CONF_set_signer_key; + TS_ACCURACY_get_millis; + TS_RESP_get_token; + TS_ACCURACY_dup; + ENGINE_register_all_pkey_asn1_meths; + ENGINE_reg_all_pkey_asn1_meths; + X509_CRL_set_default_method; + CRYPTO_THREADID_hash; + CMS_ContentInfo_print_ctx; + TS_RESP_free; + ISSUING_DIST_POINT_free; + ESS_ISSUER_SERIAL_new; + CMS_add1_crl; + PKCS7_add1_attrib_digest; + TS_RESP_CTX_add_md; + TS_TST_INFO_dup; + ENGINE_set_pkey_asn1_meths; + PEM_write_bio_Parameters; + TS_TST_INFO_get_accuracy; + X509_CRL_get0_by_serial; + TS_TST_INFO_set_version; + TS_RESP_CTX_get_tst_info; + TS_RESP_verify_signature; + CRYPTO_THREADID_get_callback; + TS_TST_INFO_get_tsa; + TS_STATUS_INFO_new; + EVP_PKEY_CTX_get_cb; + TS_REQ_get_ext_d2i; + GENERAL_NAME_set0_othername; + TS_TST_INFO_get_ext_count; + TS_RESP_CTX_get_request; + i2d_NETSCAPE_X509; + ENGINE_get_pkey_meth_engine; + EVP_PKEY_meth_set_signctx; + EVP_PKEY_asn1_copy; + ASN1_TYPE_cmp; + EVP_CIPHER_do_all_sorted; + EVP_PKEY_CTX_free; + ISSUING_DIST_POINT_it; + ISSUING_DIST_POINT_it; + d2i_TS_MSG_IMPRINT_fp; + X509_STORE_get1_certs; + EVP_PKEY_CTX_get_operation; + d2i_ESS_SIGNING_CERT; + TS_CONF_set_ordering; + EVP_PBE_alg_add_type; + TS_REQ_set_version; + EVP_PKEY_get0; + BIO_asn1_set_suffix; + i2d_TS_STATUS_INFO; + EVP_MD_do_all; + TS_TST_INFO_set_accuracy; + PKCS7_add_attrib_content_type; + ERR_remove_thread_state; + EVP_PKEY_meth_add0; + TS_TST_INFO_set_tsa; + EVP_PKEY_meth_new; + WHIRLPOOL_Update; + TS_CONF_set_accuracy; + ASN1_PCTX_set_oid_flags; + ESS_SIGNING_CERT_dup; + d2i_TS_REQ_bio; + X509_time_adj_ex; + TS_RESP_CTX_add_flags; + d2i_TS_STATUS_INFO; + TS_MSG_IMPRINT_set_msg; + BIO_asn1_get_suffix; + TS_REQ_free; + EVP_PKEY_meth_free; + TS_REQ_get_exts; + TS_RESP_CTX_set_clock_precision_digits; + TS_RESP_CTX_set_clk_prec_digits; + TS_RESP_CTX_add_failure_info; + i2d_TS_RESP_bio; + EVP_PKEY_CTX_get0_peerkey; + PEM_write_bio_CMS_stream; + TS_REQ_new; + TS_MSG_IMPRINT_new; + EVP_PKEY_meth_find; + EVP_PKEY_id; + TS_TST_INFO_set_serial; + a2i_GENERAL_NAME; + TS_CONF_set_crypto_device; + EVP_PKEY_verify_init; + TS_CONF_set_policies; + ASN1_PCTX_new; + ESS_CERT_ID_free; + ENGINE_unregister_pkey_meths; + TS_MSG_IMPRINT_free; + TS_VERIFY_CTX_init; + PKCS7_stream; + TS_RESP_CTX_set_certs; + TS_CONF_set_def_policy; + ASN1_GENERALIZEDTIME_adj; + NETSCAPE_X509_new; + TS_ACCURACY_free; + TS_RESP_get_tst_info; + EVP_PKEY_derive_set_peer; + PEM_read_bio_Parameters; + TS_CONF_set_clock_precision_digits; + TS_CONF_set_clk_prec_digits; + ESS_ISSUER_SERIAL_dup; + TS_ACCURACY_get_micros; + ASN1_PCTX_get_str_flags; + NAME_CONSTRAINTS_check; + ASN1_BIT_STRING_check; + X509_check_akid; + ENGINE_unregister_pkey_asn1_meths; + ENGINE_unreg_pkey_asn1_meths; + ASN1_PCTX_free; + PEM_write_bio_ASN1_stream; + i2d_ASN1_bio_stream; + TS_X509_ALGOR_print_bio; + EVP_PKEY_meth_set_cleanup; + EVP_PKEY_asn1_free; + ESS_SIGNING_CERT_free; + TS_TST_INFO_set_msg_imprint; + GENERAL_NAME_cmp; + d2i_ASN1_SET_ANY; + ENGINE_set_pkey_meths; + i2d_TS_REQ_fp; + d2i_ASN1_SEQUENCE_ANY; + GENERAL_NAME_get0_otherName; + d2i_ESS_CERT_ID; + OBJ_find_sigid_algs; + EVP_PKEY_meth_set_keygen; + PKCS5_PBKDF2_HMAC; + EVP_PKEY_paramgen; + EVP_PKEY_meth_set_paramgen; + BIO_new_PKCS7; + EVP_PKEY_verify_recover; + TS_ext_print_bio; + TS_ASN1_INTEGER_print_bio; + check_defer; + DSO_pathbyaddr; + EVP_PKEY_set_type; + TS_ACCURACY_set_micros; + TS_REQ_to_TS_VERIFY_CTX; + EVP_PKEY_meth_set_copy; + ASN1_PCTX_set_cert_flags; + TS_TST_INFO_get_ext; + EVP_PKEY_asn1_set_ctrl; + TS_TST_INFO_get_ext_by_critical; + EVP_PKEY_CTX_new_id; + TS_REQ_get_ext_by_OBJ; + TS_CONF_set_signer_cert; + X509_NAME_hash_old; + ASN1_TIME_set_string; + EVP_MD_flags; + TS_RESP_CTX_free; + DSAparams_dup; + DHparams_dup; + OCSP_REQ_CTX_add1_header; + OCSP_REQ_CTX_set1_req; + X509_STORE_set_verify_cb; + X509_STORE_CTX_get0_current_crl; + X509_STORE_CTX_get0_parent_ctx; + X509_STORE_CTX_get0_current_issuer; + X509_STORE_CTX_get0_cur_issuer; + X509_issuer_name_hash_old; + X509_subject_name_hash_old; + EVP_CIPHER_CTX_copy; + UI_method_get_prompt_constructor; + UI_method_get_prompt_constructr; + UI_method_set_prompt_constructor; + UI_method_set_prompt_constructr; + EVP_read_pw_string_min; + CRYPTO_cts128_encrypt; + CRYPTO_cts128_decrypt_block; + CRYPTO_cfb128_1_encrypt; + CRYPTO_cbc128_encrypt; + CRYPTO_ctr128_encrypt; + CRYPTO_ofb128_encrypt; + CRYPTO_cts128_decrypt; + CRYPTO_cts128_encrypt_block; + CRYPTO_cbc128_decrypt; + CRYPTO_cfb128_encrypt; + CRYPTO_cfb128_8_encrypt; + + local: + *; +}; + + +OPENSSL_1.0.1 { + global: + SSL_renegotiate_abbreviated; + TLSv1_1_method; + TLSv1_1_client_method; + TLSv1_1_server_method; + SSL_CTX_set_srp_client_pwd_callback; + SSL_CTX_set_srp_client_pwd_cb; + SSL_get_srp_g; + SSL_CTX_set_srp_username_callback; + SSL_CTX_set_srp_un_cb; + SSL_get_srp_userinfo; + SSL_set_srp_server_param; + SSL_set_srp_server_param_pw; + SSL_get_srp_N; + SSL_get_srp_username; + SSL_CTX_set_srp_password; + SSL_CTX_set_srp_strength; + SSL_CTX_set_srp_verify_param_callback; + SSL_CTX_set_srp_vfy_param_cb; + SSL_CTX_set_srp_cb_arg; + SSL_CTX_set_srp_username; + SSL_CTX_SRP_CTX_init; + SSL_SRP_CTX_init; + SRP_Calc_A_param; + SRP_generate_server_master_secret; + SRP_gen_server_master_secret; + SSL_CTX_SRP_CTX_free; + SRP_generate_client_master_secret; + SRP_gen_client_master_secret; + SSL_srp_server_param_with_username; + SSL_srp_server_param_with_un; + SSL_SRP_CTX_free; + SSL_set_debug; + SSL_SESSION_get0_peer; + TLSv1_2_client_method; + SSL_SESSION_set1_id_context; + TLSv1_2_server_method; + SSL_cache_hit; + SSL_get0_kssl_ctx; + SSL_set0_kssl_ctx; + SSL_set_state; + SSL_CIPHER_get_id; + TLSv1_2_method; + kssl_ctx_get0_client_princ; + SSL_export_keying_material; + SSL_set_tlsext_use_srtp; + SSL_CTX_set_next_protos_advertised_cb; + SSL_CTX_set_next_protos_adv_cb; + SSL_get0_next_proto_negotiated; + SSL_get_selected_srtp_profile; + SSL_CTX_set_tlsext_use_srtp; + SSL_select_next_proto; + SSL_get_srtp_profiles; + SSL_CTX_set_next_proto_select_cb; + SSL_CTX_set_next_proto_sel_cb; + SSL_SESSION_get_compress_id; + + SRP_VBASE_get_by_user; + SRP_Calc_server_key; + SRP_create_verifier; + SRP_create_verifier_BN; + SRP_Calc_u; + SRP_VBASE_free; + SRP_Calc_client_key; + SRP_get_default_gN; + SRP_Calc_x; + SRP_Calc_B; + SRP_VBASE_new; + SRP_check_known_gN_param; + SRP_Calc_A; + SRP_Verify_A_mod_N; + SRP_VBASE_init; + SRP_Verify_B_mod_N; + EC_KEY_set_public_key_affine_coordinates; + EC_KEY_set_pub_key_aff_coords; + EVP_aes_192_ctr; + EVP_PKEY_meth_get0_info; + EVP_PKEY_meth_copy; + ERR_add_error_vdata; + EVP_aes_128_ctr; + EVP_aes_256_ctr; + EC_GFp_nistp224_method; + EC_KEY_get_flags; + RSA_padding_add_PKCS1_PSS_mgf1; + EVP_aes_128_xts; + EVP_aes_256_xts; + EVP_aes_128_gcm; + EC_KEY_clear_flags; + EC_KEY_set_flags; + EVP_aes_256_ccm; + RSA_verify_PKCS1_PSS_mgf1; + EVP_aes_128_ccm; + EVP_aes_192_gcm; + X509_ALGOR_set_md; + RAND_init_fips; + EVP_aes_256_gcm; + EVP_aes_192_ccm; + CMAC_CTX_copy; + CMAC_CTX_free; + CMAC_CTX_get0_cipher_ctx; + CMAC_CTX_cleanup; + CMAC_Init; + CMAC_Update; + CMAC_resume; + CMAC_CTX_new; + CMAC_Final; + CRYPTO_ctr128_encrypt_ctr32; + CRYPTO_gcm128_release; + CRYPTO_ccm128_decrypt_ccm64; + CRYPTO_ccm128_encrypt; + CRYPTO_gcm128_encrypt; + CRYPTO_xts128_encrypt; + EVP_rc4_hmac_md5; + CRYPTO_nistcts128_decrypt_block; + CRYPTO_gcm128_setiv; + CRYPTO_nistcts128_encrypt; + EVP_aes_128_cbc_hmac_sha1; + CRYPTO_gcm128_tag; + CRYPTO_ccm128_encrypt_ccm64; + ENGINE_load_rdrand; + CRYPTO_ccm128_setiv; + CRYPTO_nistcts128_encrypt_block; + CRYPTO_gcm128_aad; + CRYPTO_ccm128_init; + CRYPTO_nistcts128_decrypt; + CRYPTO_gcm128_new; + CRYPTO_ccm128_tag; + CRYPTO_ccm128_decrypt; + CRYPTO_ccm128_aad; + CRYPTO_gcm128_init; + CRYPTO_gcm128_decrypt; + ENGINE_load_rsax; + CRYPTO_gcm128_decrypt_ctr32; + CRYPTO_gcm128_encrypt_ctr32; + CRYPTO_gcm128_finish; + EVP_aes_256_cbc_hmac_sha1; + PKCS5_pbkdf2_set; + CMS_add0_recipient_password; + CMS_decrypt_set1_password; + CMS_RecipientInfo_set0_password; + RAND_set_fips_drbg_type; + X509_REQ_sign_ctx; + RSA_PSS_PARAMS_new; + X509_CRL_sign_ctx; + X509_signature_dump; + d2i_RSA_PSS_PARAMS; + RSA_PSS_PARAMS_it; + RSA_PSS_PARAMS_it; + RSA_PSS_PARAMS_free; + X509_sign_ctx; + i2d_RSA_PSS_PARAMS; + ASN1_item_sign_ctx; + EC_GFp_nistp521_method; + EC_GFp_nistp256_method; + OPENSSL_stderr; + OPENSSL_cpuid_setup; + OPENSSL_showfatal; + BIO_new_dgram_sctp; + BIO_dgram_sctp_msg_waiting; + BIO_dgram_sctp_wait_for_dry; + BIO_s_datagram_sctp; + BIO_dgram_is_sctp; + BIO_dgram_sctp_notification_cb; +} OPENSSL_1.0.0; + +OPENSSL_1.0.1d { + global: + CRYPTO_memcmp; +} OPENSSL_1.0.1; + Index: openssl-1.0.1d/engines/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/engines/openssl.ld 2013-02-06 19:41:43.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; + local: + *; +}; + Index: openssl-1.0.1d/engines/ccgost/openssl.ld =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.1d/engines/ccgost/openssl.ld 2013-02-06 19:41:43.000000000 +0100 @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: + bind_engine; + v_check; + OPENSSL_init; + OPENSSL_finish; + local: + *; +}; + debian/patches/CVE-2014-3568.patch0000644000000000000000000000555412417523432013256 0ustar From 26a59d9b46574e457870197dffa802871b4c8fc7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 15 Oct 2014 03:25:50 -0400 Subject: [PATCH] Fix no-ssl3 configuration option CVE-2014-3568 Reviewed-by: Emilia Kasper Reviewed-by: Rich Salz --- ssl/s23_clnt.c | 9 +++++++-- ssl/s23_srvr.c | 18 +++++++++--------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index d4e43c3..86ab3de 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver) if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_client_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_client_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_client_method()); @@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s) { /* we have sslv3 or tls1 (server hello or alert) */ +#ifndef OPENSSL_NO_SSL3 if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s) s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } - else if ((p[2] == TLS1_VERSION_MINOR) && + else +#endif + if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 567a6b1..93ca7d5 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver) if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_server_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_server_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_server_method()); @@ -600,6 +602,12 @@ int ssl23_get_client_hello(SSL *s) if ((type == 2) || (type == 3)) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ + s->method = ssl23_get_server_method(s->version); + if (s->method == NULL) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } if (!ssl_init_wbio_buffer(s,1)) goto err; @@ -627,14 +635,6 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - if (s->version == TLS1_2_VERSION) - s->method = TLSv1_2_server_method(); - else if (s->version == TLS1_1_VERSION) - s->method = TLSv1_1_server_method(); - else if (s->version == TLS1_VERSION) - s->method = TLSv1_server_method(); - else - s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif -- 1.7.9.5 debian/patches/CVE-2014-0224-2.patch0000644000000000000000000000144412343104321013357 0ustar commit a5852a6db4b36f91d6254b2d8757f125e6e8e5cb Author: Dr. Stephen Henson Date: Fri May 16 12:55:16 2014 +0100 Additional CVE-2014-0224 protection. Return a fatal error if an attempt is made to use a zero length master secret. Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2014-06-02 10:23:10.052618525 -0400 +++ openssl-1.0.1f/ssl/s3_pkt.c 2014-06-02 10:23:10.048618525 -0400 @@ -1444,7 +1444,7 @@ if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); debian/patches/CVE-2016-6303.patch0000644000000000000000000000163012770757512013247 0ustar Backport of: From 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 19 Aug 2016 23:28:29 +0100 Subject: [PATCH] Avoid overflow in MDC2_Update() Thanks to Shi Lei for reporting this issue. CVE-2016-6303 Reviewed-by: Matt Caswell (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07) --- crypto/mdc2/mdc2dgst.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/mdc2/mdc2dgst.c =================================================================== --- openssl-1.0.1f.orig/crypto/mdc2/mdc2dgst.c 2016-09-22 09:39:40.554401091 -0400 +++ openssl-1.0.1f/crypto/mdc2/mdc2dgst.c 2016-09-22 09:40:05.542708564 -0400 @@ -92,7 +92,7 @@ i=c->num; if (i != 0) { - if (i+len < MDC2_BLOCK) + if (len < MDC2_BLOCK - i) { /* partial block */ memcpy(&(c->data[i]),in,len); debian/patches/CVE-2017-3731.patch0000644000000000000000000000242213043677473013253 0ustar Backport of: From 51d009043670a627d6abe66894126851cf3690e9 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 19 Jan 2017 00:17:30 +0100 Subject: [PATCH] crypto/evp: harden RC4_MD5 cipher. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. CVE-2017-3731 Reviewed-by: Rich Salz --- crypto/evp/e_rc4_hmac_md5.c | 2 ++ 1 file changed, 2 insertions(+) Index: openssl-1.0.1f/crypto/evp/e_rc4_hmac_md5.c =================================================================== --- openssl-1.0.1f.orig/crypto/evp/e_rc4_hmac_md5.c 2017-01-30 13:00:25.236707109 -0500 +++ openssl-1.0.1f/crypto/evp/e_rc4_hmac_md5.c 2017-01-30 13:00:25.232707057 -0500 @@ -262,6 +262,8 @@ if (!ctx->encrypt) { + if (len < MD5_DIGEST_LENGTH) + return -1; len -= MD5_DIGEST_LENGTH; p[arg-2] = len>>8; p[arg-1] = len; debian/patches/min_1024_dh_size.patch0000644000000000000000000000202712710425446014602 0ustar Backport of: From a4530ce0398d673b25a15b72a18dee1d8b14c07d Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 10 Jan 2016 13:55:08 +0100 Subject: [PATCH] Change minimum DH size from 768 to 1024 Reviewed-by: Viktor Dukhovni --- CHANGES | 3 ++- ssl/s3_clnt.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/ssl/s3_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_clnt.c 2016-04-28 11:21:45.882889790 -0400 +++ openssl-1.0.1f/ssl/s3_clnt.c 2016-04-28 11:22:05.123178021 -0400 @@ -3324,7 +3324,7 @@ /* Check DHE only: static DH not implemented. */ if (alg_k & SSL_kEDH) { int dh_size = BN_num_bits(dh->p); - if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024) || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); goto f_err; debian/patches/update-expired-smime-test-certs.patch0000644000000000000000000010502612770765215020001 0ustar Description: Update expired S/MIME test certificates The expired test certs were causing build test failures. Origin: backport, https://git.openssl.org/?p=openssl.git;a=commit;h=a0957d55059f0b6052235737f7441fc35da41afd Index: openssl-1.0.1f/test/smime-certs/smdsa1.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smdsa1.pem +++ openssl-1.0.1f/test/smime-certs/smdsa1.pem @@ -1,34 +1,47 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd -YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 -C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx -9fMUZq1v0ePD4Wo0Xkxo ------END DSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN -CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M -7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG -h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU -4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO -kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 -phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n -hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv +ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x +EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV +86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE +DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp +O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit +1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO +xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx +d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 +MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z +Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt +17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf +0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smdsa2.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smdsa2.pem +++ openssl-1.0.1f/test/smime-certs/smdsa2.pem @@ -1,34 +1,47 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v -It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ -VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 -Nf8SimTZYB0/CKje6M5ufA== ------END DSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA -g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm -6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs -j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE -FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab -rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB -FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF -FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l -6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 -jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== +ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E +h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt +tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa +LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn +3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 +KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k +qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp +VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb +uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV +6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD +2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 +GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smdsa3.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smdsa3.pem +++ openssl-1.0.1f/test/smime-certs/smdsa3.pem @@ -1,34 +1,47 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 -OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt -GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J -jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt -wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK -+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z -SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 -GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju -TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g -Y+XZd0Sv69CatDIRYWvaIA== ------END DSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6 +k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou +zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO +wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK +v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC +0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA +rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM +zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx +DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy +xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9 +ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h +Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ +TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 -CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ -mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 -jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB -CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV -kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D -xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj -M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz -aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ -pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU -VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput -aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV -c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m -k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu -rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 -OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x +ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 +uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS +7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS +wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 ++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 +Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D +AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb +0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu +g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 +0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv +yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf +7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P +aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 +msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf +zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 +cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp +N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS +2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE +FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs +MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask +pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK +YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM +khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i +Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv +4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smroot.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smroot.pem +++ openssl-1.0.1f/test/smime-certs/smroot.pem @@ -1,30 +1,49 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki -9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ -speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB -AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY -JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 -xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ -U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS -Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO -1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 -3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a -3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN -U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 -0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq +nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL +DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc +BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI +MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV +kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q +LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c +b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R +Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu +ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4 +Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF +ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp +PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx +mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw +nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z +8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw +fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu +PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T +5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP +aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq +qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr +yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK +NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53 +bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI +vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ +KfvPCYimQwBjVrEnSntLPR0= +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx -CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU -ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF -9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk -81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O -BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX -dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG -SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS -l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp -r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG +MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx +CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU +ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT +JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ +LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E +J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ +MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe +untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb +i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB +AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb +Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl +zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt +9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C +7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt +Emsny2ah6fU2z7PztrUy/A80 -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smrsa1.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smrsa1.pem +++ openssl-1.0.1f/test/smime-certs/smrsa1.pem @@ -1,31 +1,49 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E -ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 -JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB -AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i -KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl -JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn -xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf -KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY -Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW -h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg -oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f -QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 -SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC +xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID +3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU +/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D +orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs +CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH +XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp +KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i +cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL +s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35 +27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak +cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT +8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze +j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG +ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da +ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk +LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+ +msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q +55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or +sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8 +d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR +355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG +hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu +iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST +1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn +zQpuMJliRlrq/5JkIbH6SA== +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl -ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ -yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi -O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj -9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC -I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== +ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK +2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt ++W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF +Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe +bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM +kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o +E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK +WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp +lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT +GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu +9Hjq6s316fk4Ne0EUF3PbA== -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smrsa2.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smrsa2.pem +++ openssl-1.0.1f/test/smime-certs/smrsa2.pem @@ -1,31 +1,49 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe -59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT -WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB -AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 -+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q -dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx -bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 -QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS -M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY -iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex -A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 -jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG -6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2 +iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq +V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD +lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5 +U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3 +NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB +Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1 +J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI +dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW +3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz +XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK +3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK +Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa +P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI +LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN +bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX +q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8 +38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm +hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t +QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb +0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS +8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0 +KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e +y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR +hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n +yrLyf+8hjm6H6zkjqiOkHAl+ +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ -eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 -00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD -VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 -rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe -ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 -YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== +ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF +AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp +cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS +0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 +NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 +EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 +Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv +/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c +XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv +6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i +NzYzLAPBkHCMY0Is3KKIBw== -----END CERTIFICATE----- Index: openssl-1.0.1f/test/smime-certs/smrsa3.pem =================================================================== --- openssl-1.0.1f.orig/test/smime-certs/smrsa3.pem +++ openssl-1.0.1f/test/smime-certs/smrsa3.pem @@ -1,31 +1,49 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy -ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM -h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB -AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi -iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT -/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p -ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC -hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs -OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj -RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T -9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 -GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd -VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji +OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3 +Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX +63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H +XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l +vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6 +L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP +lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf +BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR +OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+ +i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se +snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9 +wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn +8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+ +ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm +oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX +LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E +yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7 +2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc +RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK +KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk +isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL +rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw +IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh +yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF +RvOAi5wVkYylDxV4238MAZIq +-----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv -TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx +MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV +BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv +TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU -ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z -Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H -Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD -VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z -OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud -EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE -tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq -jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ -PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== +ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC +FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF +STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW +m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha +v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p +1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD +VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV +HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA +JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp +sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa +VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr +O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 +tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY +CscFo2Z2pYROGtZDmYqhRw== -----END CERTIFICATE----- debian/patches/CVE-2016-0798.patch0000644000000000000000000002562012664070130013252 0ustar Backport of: From 59a908f1e8380412a81392c468b83bf6071beb2a Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 24 Feb 2016 12:59:59 +0100 Subject: [PATCH] CVE-2016-0798: avoid memory leak in SRP The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory management semantics; the returned pointer was sometimes newly allocated, and sometimes owned by the callee. The calling code has no way of distinguishing these two cases. Specifically, SRP servers that configure a secret seed to hide valid login information are vulnerable to a memory leak: an attacker connecting with an invalid username can cause a memory leak of around 300 bytes per connection. Servers that do not configure SRP, or configure SRP but do not configure a seed are not vulnerable. In Apache, the seed directive is known as SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user is now disabled even if the user has configured a seed. Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong guarantees about the indistinguishability of valid and invalid logins. In particular, computations are currently not carried out in constant time. Reviewed-by: Rich Salz --- CHANGES | 19 +++++++++++++++++- apps/s_server.c | 39 ++++++++++++++++++++++------------- crypto/srp/srp.h | 10 +++++++++ crypto/srp/srp_vfy.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++----- util/libeay.num | 2 ++ 5 files changed, 107 insertions(+), 20 deletions(-) #diff --git a/CHANGES b/CHANGES #index cdc4e6f..b95a3ed 100644 #--- a/CHANGES #+++ b/CHANGES #@@ -4,7 +4,24 @@ # # Changes between 1.0.1r and 1.0.1s [xx XXX xxxx] # #- *) #+ *) Disable SRP fake user seed to address a server memory leak. #+ #+ Add a new method SRP_VBASE_get1_by_user that handles the seed properly. #+ #+ SRP_VBASE_get_by_user had inconsistent memory management behaviour. #+ In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user #+ was changed to ignore the "fake user" SRP seed, even if the seed #+ is configured. #+ #+ Users should use SRP_VBASE_get1_by_user instead. Note that in #+ SRP_VBASE_get1_by_user, caller must free the returned value. Note #+ also that even though configuring the SRP seed attempts to hide #+ invalid usernames by continuing the handshake with fake #+ credentials, this behaviour is not constant time and no strong #+ guarantees are made that the handshake is indistinguishable from #+ that of a valid user. #+ (CVE-2016-0798) #+ [Emilia Käsper] # # Changes between 1.0.1q and 1.0.1r [28 Jan 2016] # Index: openssl-1.0.1f/apps/s_server.c =================================================================== --- openssl-1.0.1f.orig/apps/s_server.c 2016-02-26 10:33:01.127025983 -0500 +++ openssl-1.0.1f/apps/s_server.c 2016-02-26 10:33:01.123025947 -0500 @@ -415,6 +415,8 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *)arg; + int ret = SSL3_AL_FATAL; + if (p->login == NULL && p->user == NULL ) { p->login = SSL_get_srp_username(s); @@ -425,19 +427,23 @@ if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; + goto err; } + if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; + goto err; } BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); - /* need to check whether there are memory leaks */ + ret = SSL_ERROR_NONE; + +err: + SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; - return SSL_ERROR_NONE; + return ret; } #endif @@ -2280,7 +2286,8 @@ while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out,"LOOKUP renego during write\n"); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = SRP_VBASE_get1_by_user(srp_callback_parm.vb, srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); else @@ -2339,7 +2346,8 @@ while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out,"LOOKUP renego during read\n"); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = SRP_VBASE_get1_by_user(srp_callback_parm.vb, srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); else @@ -2428,7 +2436,8 @@ while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = SRP_VBASE_get1_by_user(srp_callback_parm.vb, srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); else @@ -2670,7 +2679,8 @@ while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); - srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = SRP_VBASE_get1_by_user(srp_callback_parm.vb, srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); else Index: openssl-1.0.1f/crypto/srp/srp.h =================================================================== --- openssl-1.0.1f.orig/crypto/srp/srp.h 2016-02-26 10:33:01.127025983 -0500 +++ openssl-1.0.1f/crypto/srp/srp.h 2016-02-26 10:33:01.123025947 -0500 @@ -83,16 +83,21 @@ typedef struct SRP_user_pwd_st { + /* Owned by us. */ char *id; BIGNUM *s; BIGNUM *v; + /* Not owned by us. */ const BIGNUM *g; const BIGNUM *N; + /* Owned by us. */ char *info; } SRP_user_pwd; DECLARE_STACK_OF(SRP_user_pwd) +void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + typedef struct SRP_VBASE_st { STACK_OF(SRP_user_pwd) *users_pwd; @@ -117,7 +122,12 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key); int SRP_VBASE_free(SRP_VBASE *vb); int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file); + +/* This method ignores the configured seed and fails for an unknown user. */ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); +/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + char *SRP_create_verifier(const char *user, const char *pass, char **salt, char **verifier, const char *N, const char *g); int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g); Index: openssl-1.0.1f/crypto/srp/srp_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/srp/srp_vfy.c 2016-02-26 10:33:01.127025983 -0500 +++ openssl-1.0.1f/crypto/srp/srp_vfy.c 2016-02-26 10:33:01.123025947 -0500 @@ -179,7 +179,7 @@ return olddst; } -static void SRP_user_pwd_free(SRP_user_pwd *user_pwd) +void SRP_user_pwd_free(SRP_user_pwd *user_pwd) { if (user_pwd == NULL) return; @@ -241,6 +241,24 @@ return (vinfo->s != NULL && vinfo->v != NULL) ; } +static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) +{ + SRP_user_pwd *ret; + + if (src == NULL) + return NULL; + if ((ret = SRP_user_pwd_new()) == NULL) + return NULL; + + SRP_user_pwd_set_gN(ret, src->g, src->N); + if (!SRP_user_pwd_set_ids(ret, src->id, src->info) + || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) { + SRP_user_pwd_free(ret); + return NULL; + } + return ret; +} + SRP_VBASE *SRP_VBASE_new(char *seed_key) { SRP_VBASE *vb = (SRP_VBASE *) OPENSSL_malloc(sizeof(SRP_VBASE)); @@ -472,22 +490,51 @@ } -SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) +static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) { int i; SRP_user_pwd *user; - unsigned char digv[SHA_DIGEST_LENGTH]; - unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; if (vb == NULL) return NULL; + for(i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) { user = sk_SRP_user_pwd_value(vb->users_pwd, i); if (strcmp(user->id,username)==0) return user; } + + return NULL; +} + +/* + * This method ignores the configured seed and fails for an unknown user. + * Ownership of the returned pointer is not released to the caller. + * In other words, caller must not free the result. + */ +SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) +{ + return find_user(vb, username); +} + +/* + * Ownership of the returned pointer is released to the caller. + * In other words, caller must free the result once done. + */ +SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) +{ + SRP_user_pwd *user; + unsigned char digv[SHA_DIGEST_LENGTH]; + unsigned char digs[SHA_DIGEST_LENGTH]; + EVP_MD_CTX ctxt; + + if (vb == NULL) + return NULL; + + if ((user = find_user(vb, username)) != NULL) + return srp_user_pwd_dup(user); + if ((vb->seed_key == NULL) || (vb->default_g == NULL) || (vb->default_N == NULL)) Index: openssl-1.0.1f/util/libeay.num =================================================================== --- openssl-1.0.1f.orig/util/libeay.num 2016-02-26 10:33:01.127025983 -0500 +++ openssl-1.0.1f/util/libeay.num 2016-02-26 10:33:01.127025983 -0500 @@ -1806,6 +1806,8 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP +SRP_VBASE_get1_by_user 2393 EXIST::FUNCTION:SRP +SRP_user_pwd_free 2394 EXIST::FUNCTION:SRP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: Index: openssl-1.0.1f/openssl.ld =================================================================== --- openssl-1.0.1f.orig/openssl.ld 2016-02-26 10:32:59.947014926 -0500 +++ openssl-1.0.1f/openssl.ld 2016-02-26 10:33:37.343365188 -0500 @@ -4506,6 +4506,8 @@ SSL_SESSION_get_compress_id; SRP_VBASE_get_by_user; + SRP_VBASE_get1_by_user; + SRP_user_pwd_free; SRP_Calc_server_key; SRP_create_verifier; SRP_create_verifier_BN; debian/patches/fix-pod-errors.patch0000644000000000000000000002763312255611130014525 0ustar Description: Fix pod errors The version of pod from perl 5.18 is fussier than previous versions changing thigs that were previously warnings into errors. This patch fixes the errors and makes the package build but I have not checked the correctness of the output. Author: Peter Michael Green Bug-Debian: http://bugs.debian.org/723954 Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest Index: openssl-1.0.1e/doc/apps/smime.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/apps/smime.pod 2013-12-22 17:21:52.909435656 +0100 @@ -308,28 +308,28 @@ =over 4 -=item 0 +=item C<0> the operation was completely successfully. -=item 1 +=item C<1> an error occurred parsing the command options. -=item 2 +=item C<2> one of the input files could not be read. -=item 3 +=item C<3> an error occurred creating the PKCS#7 file or when reading the MIME message. -=item 4 +=item C<4> an error occurred decrypting or verifying the message. -=item 5 +=item C<5> the message was verified correctly but an error occurred writing out the signers certificates. Index: openssl-1.0.1e/doc/apps/cms.pod =================================================================== --- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/apps/cms.pod 2013-12-22 17:21:52.909435656 +0100 @@ -450,28 +450,28 @@ =over 4 -=item 0 +=item C<0> the operation was completely successfully. -=item 1 +=item C<1> an error occurred parsing the command options. -=item 2 +=item C<2> one of the input files could not be read. -=item 3 +=item C<3> an error occurred creating the CMS file or when reading the MIME message. -=item 4 +=item C<4> an error occurred decrypting or verifying the message. -=item 5 +=item C<5> the message was verified correctly but an error occurred writing out the signers certificates. Index: openssl-1.0.1e/doc/ssl/SSL_clear.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-12-22 17:21:52.909435656 +0100 @@ -56,12 +56,12 @@ =over 4 -=item 0 +=item C<0> The SSL_clear() operation could not be performed. Check the error stack to find out the reason. -=item 1 +=item C<1> The SSL_clear() operation was successful. Index: openssl-1.0.1e/doc/ssl/SSL_session_reused.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-12-22 17:21:52.909435656 +0100 @@ -27,11 +27,11 @@ =over 4 -=item 0 +=item C<0> A new session was negotiated. -=item 1 +=item C<1> A session was reused. Index: openssl-1.0.1e/doc/ssl/SSL_set_session.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-12-22 17:21:52.909435656 +0100 @@ -37,11 +37,11 @@ =over 4 -=item 0 +=item C<0> The operation failed; check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_connect.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-12-22 17:22:42.956402467 +0100 @@ -41,13 +41,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_shutdown.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-12-22 17:23:49.347031915 +0100 @@ -92,14 +92,14 @@ =over 4 -=item 0 +=item C<0> The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. The output of L may be misleading, as an erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. -=item 1 +=item C<1> The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-12-22 17:24:41.985942861 +0100 @@ -66,13 +66,13 @@ =over 4 -=item 0 +=item C<0> A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from B. Check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_accept.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-12-22 17:24:17.466450402 +0100 @@ -44,13 +44,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-12-22 17:21:52.909435656 +0100 @@ -64,13 +64,13 @@ =over 4 -=item 0 +=item C<0> The length B of the session id context B exceeded the maximum allowed length of B. The error is logged to the error stack. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_write.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-12-22 17:21:52.909435656 +0100 @@ -79,7 +79,7 @@ The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection. -=item 0 +=item C<0> The write operation was not successful. Probably the underlying connection was closed. Call SSL_get_error() with the return value B to find out, Index: openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-12-22 17:21:52.909435656 +0100 @@ -100,13 +100,13 @@ =over 4 -=item 0 +=item C<0> The operation failed because B and B are NULL or the processing at one of the locations specified failed. Check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_set_fd.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-12-22 17:21:52.909435656 +0100 @@ -35,11 +35,11 @@ =over 4 -=item 0 +=item C<0> The operation failed. Check the error stack to find out why. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-12-22 17:21:52.909435656 +0100 @@ -96,7 +96,7 @@ connection will fail with decryption_error before it will be finished completely. -=item 0 +=item C<0> PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. Index: openssl-1.0.1e/doc/ssl/SSL_read.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-12-22 17:21:52.909435656 +0100 @@ -86,7 +86,7 @@ The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. -=item 0 +=item C<0> The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case Index: openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_set_shutdown.pod 2013-12-22 17:21:52.909435656 +0100 @@ -24,7 +24,7 @@ =over 4 -=item 0 +=item C<0> No shutdown setting, yet. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-12-22 17:21:52.909435656 +0100 @@ -52,13 +52,13 @@ =over 4 -=item 0 +=item C<0> The operation failed. In case of the add operation, it was tried to add the same (identical) session twice. In case of the remove operation, the session was not found in the cache. -=item 1 +=item C<1> The operation succeeded. Index: openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-12-22 17:23:09.503854843 +0100 @@ -45,13 +45,13 @@ =over 4 -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the return value B to find out the reason. -=item 1 +=item C<1> The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been established. Index: openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-12-22 17:21:52.909435656 +0100 @@ -53,11 +53,11 @@ =over 4 -=item 0 +=item C<0> The operation succeeded. -=item 1 +=item C<1> The operation failed. Check the error queue to find out the reason. Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod =================================================================== --- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.913435572 +0100 +++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-12-22 17:21:52.909435656 +0100 @@ -42,11 +42,11 @@ =over 4 -=item 0 +=item C<0> The new choice failed, check the error stack to find out the reason. -=item 1 +=item C<1> The operation succeeded. debian/patches/CVE-2010-5298.patch0000644000000000000000000000142112330770211013232 0ustar Description: fix denial of service via use after free Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d1f4b Bug: https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest Bug: https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2014-05-02 15:00:18.948467658 -0400 +++ openssl-1.0.1f/ssl/s3_pkt.c 2014-05-02 15:00:18.940467658 -0400 @@ -1055,7 +1055,7 @@ { s->rstate=SSL_ST_READ_HEADER; rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } debian/patches/CVE-2016-2179.patch0000644000000000000000000002131212770754777013267 0ustar Backport of: From 00a4c1421407b6ac796688871b0a49a179c694d9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 30 Jun 2016 13:17:08 +0100 Subject: [PATCH] Fix DTLS buffered message DoS attack DTLS can handle out of order record delivery. Additionally since handshake messages can be bigger than will fit into a single packet, the messages can be fragmented across multiple records (as with normal TLS). That means that the messages can arrive mixed up, and we have to reassemble them. We keep a queue of buffered messages that are "from the future", i.e. messages we're not ready to deal with yet but have arrived early. The messages held there may not be full yet - they could be one or more fragments that are still in the process of being reassembled. The code assumes that we will eventually complete the reassembly and when that occurs the complete message is removed from the queue at the point that we need to use it. However, DTLS is also tolerant of packet loss. To get around that DTLS messages can be retransmitted. If we receive a full (non-fragmented) message from the peer after previously having received a fragment of that message, then we ignore the message in the queue and just use the non-fragmented version. At that point the queued message will never get removed. Additionally the peer could send "future" messages that we never get to in order to complete the handshake. Each message has a sequence number (starting from 0). We will accept a message fragment for the current message sequence number, or for any sequence up to 10 into the future. However if the Finished message has a sequence number of 2, anything greater than that in the queue is just left there. So, in those two ways we can end up with "orphaned" data in the queue that will never get removed - except when the connection is closed. At that point all the queues are flushed. An attacker could seek to exploit this by filling up the queues with lots of large messages that are never going to be used in order to attempt a DoS by memory exhaustion. I will assume that we are only concerned with servers here. It does not seem reasonable to be concerned about a memory exhaustion attack on a client. They are unlikely to process enough connections for this to be an issue. A "long" handshake with many messages might be 5 messages long (in the incoming direction), e.g. ClientHello, Certificate, ClientKeyExchange, CertificateVerify, Finished. So this would be message sequence numbers 0 to 4. Additionally we can buffer up to 10 messages in the future. Therefore the maximum number of messages that an attacker could send that could get orphaned would typically be 15. The maximum size that a DTLS message is allowed to be is defined by max_cert_list, which by default is 100k. Therefore the maximum amount of "orphaned" memory per connection is 1500k. Message sequence numbers get reset after the Finished message, so renegotiation will not extend the maximum number of messages that can be orphaned per connection. As noted above, the queues do get cleared when the connection is closed. Therefore in order to mount an effective attack, an attacker would have to open many simultaneous connections. Issue reported by Quan Luo. CVE-2016-2179 Reviewed-by: Richard Levitte --- ssl/d1_both.c | 32 ++++++++++++++++---------------- ssl/d1_clnt.c | 1 + ssl/d1_lib.c | 37 ++++++++++++++++++++++++++----------- ssl/d1_srvr.c | 3 ++- ssl/ssl_locl.h | 3 ++- 5 files changed, 47 insertions(+), 29 deletions(-) Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2016-09-22 09:08:24.531478770 -0400 +++ openssl-1.0.1f/ssl/d1_both.c 2016-09-22 09:10:32.997088534 -0400 @@ -545,11 +545,22 @@ int al; *ok = 0; - item = pqueue_peek(s->d1->buffered_messages); - if ( item == NULL) - return 0; + do { + item = pqueue_peek(s->d1->buffered_messages); + if (item == NULL) + return 0; - frag = (hm_fragment *)item->data; + frag = (hm_fragment *)item->data; + + if (frag->msg_header.seq < s->d1->handshake_read_seq) { + /* This is a stale message that has been buffered so clear it */ + pqueue_pop(s->d1->buffered_messages); + dtls1_hm_fragment_free(frag); + pitem_free(item); + item = NULL; + frag = NULL; + } + } while (item == NULL); /* Don't return if reassembly still in progress */ if (frag->reassembly != NULL) @@ -1337,21 +1348,6 @@ return ret; } -/* call this function when the buffered messages are no longer needed */ -void -dtls1_clear_record_buffer(SSL *s) - { - pitem *item; - - for(item = pqueue_pop(s->d1->sent_messages); - item != NULL; item = pqueue_pop(s->d1->sent_messages)) - { - dtls1_hm_fragment_free((hm_fragment *)item->data); - pitem_free(item); - } - } - - unsigned char * dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, unsigned long len, unsigned long frag_off, unsigned long frag_len) Index: openssl-1.0.1f/ssl/d1_clnt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_clnt.c 2016-09-22 09:08:24.531478770 -0400 +++ openssl-1.0.1f/ssl/d1_clnt.c 2016-09-22 09:11:02.341454406 -0400 @@ -731,6 +731,7 @@ /* done with handshaking */ s->d1->handshake_read_seq = 0; s->d1->next_handshake_write_seq = 0; + dtls1_clear_received_buffer(s); goto end; /* break; */ Index: openssl-1.0.1f/ssl/d1_lib.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_lib.c 2016-09-22 09:08:24.531478770 -0400 +++ openssl-1.0.1f/ssl/d1_lib.c 2016-09-22 09:15:45.760957652 -0400 @@ -131,9 +131,8 @@ } static void dtls1_clear_queues(SSL *s) - { +{ pitem *item = NULL; - hm_fragment *frag = NULL; DTLS1_RECORD_DATA *rdata; while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) @@ -158,6 +157,26 @@ pitem_free(item); } + while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) + { + rdata = (DTLS1_RECORD_DATA *)item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } + OPENSSL_free(item->data); + pitem_free(item); + } + + dtls1_clear_received_buffer(s); + dtls1_clear_sent_buffer(s); +} + +void dtls1_clear_received_buffer(SSL *s) +{ + pitem *item = NULL; + hm_fragment *frag = NULL; + while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL) { frag = (hm_fragment *)item->data; @@ -165,6 +184,12 @@ OPENSSL_free(frag); pitem_free(item); } +} + +void dtls1_clear_sent_buffer(SSL *s) +{ + pitem *item = NULL; + hm_fragment *frag = NULL; while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL) { @@ -173,18 +198,7 @@ OPENSSL_free(frag); pitem_free(item); } - - while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) - { - rdata = (DTLS1_RECORD_DATA *) item->data; - if (rdata->rbuf.buf) - { - OPENSSL_free(rdata->rbuf.buf); - } - OPENSSL_free(item->data); - pitem_free(item); - } - } +} void dtls1_free(SSL *s) { @@ -410,7 +424,7 @@ s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); /* Clear retransmission buffer */ - dtls1_clear_record_buffer(s); + dtls1_clear_sent_buffer(s); } int dtls1_check_timeout_num(SSL *s) Index: openssl-1.0.1f/ssl/d1_srvr.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_srvr.c 2016-09-22 09:08:24.531478770 -0400 +++ openssl-1.0.1f/ssl/d1_srvr.c 2016-09-22 09:16:21.065390583 -0400 @@ -276,7 +276,7 @@ case SSL3_ST_SW_HELLO_REQ_B: s->shutdown=0; - dtls1_clear_record_buffer(s); + dtls1_clear_sent_buffer(s); dtls1_start_timer(s); ret=dtls1_send_hello_request(s); if (ret <= 0) goto end; @@ -803,6 +803,7 @@ /* next message is server hello */ s->d1->handshake_write_seq = 0; s->d1->next_handshake_write_seq = 0; + dtls1_clear_received_buffer(s); goto end; /* break; */ Index: openssl-1.0.1f/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_locl.h 2016-09-22 09:08:24.531478770 -0400 +++ openssl-1.0.1f/ssl/ssl_locl.h 2016-09-22 09:16:41.681643079 -0400 @@ -974,7 +974,8 @@ unsigned long frag_off, int *found); int dtls1_get_queue_priority(unsigned short seq, int is_ccs); int dtls1_retransmit_buffered_messages(SSL *s); -void dtls1_clear_record_buffer(SSL *s); +void dtls1_clear_received_buffer(SSL *s); +void dtls1_clear_sent_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_seq_numbers(SSL *s, int rw); debian/patches/CVE-2015-1790.patch0000644000000000000000000000364012535317454013252 0ustar Description: fix denial of service via missing EnvelopedContent Origin: based on patch by Emilia Käsper Index: openssl-1.0.1f/crypto/pkcs7/pk7_doit.c =================================================================== --- openssl-1.0.1f.orig/crypto/pkcs7/pk7_doit.c 2015-06-08 09:06:32.056325940 -0400 +++ openssl-1.0.1f/crypto/pkcs7/pk7_doit.c 2015-06-08 09:09:19.970150117 -0400 @@ -468,12 +468,19 @@ switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body=PKCS7_get_octet_string(p7->d.sign->contents); md_sk=p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; md_sk=p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body=p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); @@ -486,6 +493,7 @@ case NID_pkcs7_enveloped: rsk=p7->d.enveloped->recipientinfo; enc_alg=p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body=p7->d.enveloped->enc_data->enc_data; evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) @@ -499,6 +507,13 @@ goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { @@ -655,7 +670,7 @@ } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) + if (in_bio != NULL) { bio=in_bio; } debian/patches/alt-cert-chains-2.patch0000644000000000000000000000416712655206530014767 0ustar Backport of: From cf1bf3f03250113c04dcfb929a1e83c744a14e9d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 27 Jan 2015 10:35:27 +0000 Subject: [PATCH] Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx --- crypto/x509/x509_vfy.c | 6 ++++-- crypto/x509/x509_vfy.h | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2016-02-05 15:57:36.802967587 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2016-02-05 15:58:52.691806009 -0500 @@ -307,10 +307,12 @@ /* * If we haven't got a least one certificate from our store then check - * if there is an alternative chain that could be used. + * if there is an alternative chain that could be used. We only do this + * if the user hasn't switched off alternate chain checking */ retry = 0; - if (j == ctx->last_untrusted) { + if (j == ctx->last_untrusted && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { while (j-- > 1) { xtmp2 = sk_X509_value(ctx->chain, j - 1); ok = ctx->get_issuer(&xtmp, ctx, xtmp2); Index: openssl-1.0.1f/crypto/x509/x509_vfy.h =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.h 2016-02-05 15:57:36.802967587 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.h 2016-02-05 15:59:31.300233429 -0500 @@ -389,7 +389,12 @@ #define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 - +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting + * this flag will force the behaviour to match that of previous versions. + */ +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 #define X509_VP_FLAG_DEFAULT 0x1 #define X509_VP_FLAG_OVERWRITE 0x2 debian/patches/CVE-2014-0076.patch0000644000000000000000000001371012320577604013241 0ustar Description: fix side-channel attack on Montgomery ladder implementation Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 Origin: upstream, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742923 Index: openssl-1.0.1f/crypto/bn/bn.h =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn.h 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/bn/bn.h 2014-04-07 15:37:00.924343048 -0400 @@ -538,6 +538,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Index: openssl-1.0.1f/crypto/bn/bn_lib.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_lib.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/bn/bn_lib.c 2014-04-07 15:37:00.924343048 -0400 @@ -824,3 +824,55 @@ } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Index: openssl-1.0.1f/crypto/ec/ec2_mult.c =================================================================== --- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c 2014-01-06 08:47:42.000000000 -0500 +++ openssl-1.0.1f/crypto/ec/ec2_mult.c 2014-04-07 15:37:00.924343048 -0400 @@ -208,11 +208,15 @@ return ret; } + /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -246,6 +250,11 @@ x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -270,16 +279,12 @@ word = scalar->d[i]; while (mask) { - if (word & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); mask >>= 1; } mask = BN_TBIT; Index: openssl-1.0.1f/util/libeay.num =================================================================== --- openssl-1.0.1f.orig/util/libeay.num 2014-01-06 09:35:55.000000000 -0500 +++ openssl-1.0.1f/util/libeay.num 2014-04-07 15:37:03.976343033 -0400 @@ -3511,6 +3511,7 @@ d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 CRYPTO_memcmp 3906 EXIST::FUNCTION: +BN_consttime_swap 3907 EXIST::FUNCTION: SEED_decrypt 3908 EXIST::FUNCTION:SEED SEED_encrypt 3909 EXIST::FUNCTION:SEED SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED debian/patches/config-hurd.patch0000644000000000000000000000063511501173436014050 0ustar Index: openssl-1.0.0c/config =================================================================== --- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100 +++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100 @@ -170,8 +170,8 @@ echo "${MACHINE}-whatever-linux1"; exit 0 ;; - GNU*) - echo "hurd-x86"; exit 0; + GNU:*|GNU/*:*) + echo "${MACHINE}-gnuish"; exit 0; ;; LynxOS:*) debian/patches/CVE-2014-8176.patch0000644000000000000000000000157312535317423013255 0ustar From bcc311668ede6ffdcd6dc5a65454a548b5404fcc Mon Sep 17 00:00:00 2001 From: zhu qun-ying Date: Mon, 2 Jun 2014 14:38:52 +0100 Subject: [PATCH] Free up s->d1->buffered_app_data.q properly. PR#3286 (cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b) --- ssl/d1_lib.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 106939f..6bde16f 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -176,9 +176,12 @@ static void dtls1_clear_queues(SSL *s) while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { - frag = (hm_fragment *)item->data; - OPENSSL_free(frag->fragment); - OPENSSL_free(frag); + rdata = (DTLS1_RECORD_DATA *) item->data; + if (rdata->rbuf.buf) + { + OPENSSL_free(rdata->rbuf.buf); + } + OPENSSL_free(item->data); pitem_free(item); } } -- 1.9.1 debian/patches/CVE-2015-0209.patch0000644000000000000000000000216612502067240013233 0ustar Backport of: From 89117535f1bb3ea72a17933b703271587d7aaf0b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 9 Feb 2015 11:38:41 +0000 Subject: [PATCH] Fix a failure to NULL a pointer freed on error. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia Käsper --- crypto/ec/ec_asn1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/ec/ec_asn1.c =================================================================== --- openssl-1.0.1f.orig/crypto/ec/ec_asn1.c 2015-03-17 12:55:32.300486467 -0400 +++ openssl-1.0.1f/crypto/ec/ec_asn1.c 2015-03-17 12:57:45.657580886 -0400 @@ -1142,8 +1142,6 @@ ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1208,11 +1206,13 @@ } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } debian/patches/CVE-2014-3505.patch0000644000000000000000000000241612370665616013250 0ustar Description: fix double free when processing DTLS packets Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2172d4f63c61922487008f42511cc6bdae9b47a0 Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e7b9d9be48cdc598a46c8e1536035ed29a9af254 Index: openssl-1.0.1f/ssl/d1_both.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_both.c 2014-08-07 07:36:13.000000000 -0400 +++ openssl-1.0.1f/ssl/d1_both.c 2014-08-07 07:58:15.074807054 -0400 @@ -639,7 +639,8 @@ /* If message is already reassembled, this must be a - * retransmit and can be dropped. + * retransmit and can be dropped. In this case item != NULL and so frag + * does not need to be freed. */ if (frag->reassembly == NULL) { @@ -693,8 +694,7 @@ return DTLS1_HM_FRAGMENT_RETRY; err: - if (frag != NULL) dtls1_hm_fragment_free(frag); - if (item != NULL) OPENSSL_free(item); + if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; } @@ -778,8 +778,7 @@ return DTLS1_HM_FRAGMENT_RETRY; err: - if ( frag != NULL) dtls1_hm_fragment_free(frag); - if ( item != NULL) OPENSSL_free(item); + if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; } debian/patches/CVE-2015-1789.patch0000644000000000000000000000552112535317445013262 0ustar Description: fix denial of service via out-of-bounds read in X509_cmp_time Origin: based on patch by Emilia Käsper Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2015-06-08 08:59:40.867846179 -0400 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2015-06-08 09:05:57.371948773 -0400 @@ -1713,49 +1713,92 @@ ASN1_TIME atm; long offset; char buff1[24],buff2[24],*p; - int i,j; + int i,j,remaining; p=buff1; - i=ctm->length; + remaining=ctm->length; str=(char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) return 0; + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) + return 0; memcpy(p,str,10); p+=10; str+=10; + remaining-=10; } else { - if (i < 13) return 0; + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) + return 0; memcpy(p,str,12); p+=12; str+=12; + remaining-=12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++)='0'; *(p++)='0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++)= *(str++); *(p++)= *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) + { + if (*str < '0' || *str > '9') + break; + } } } *(p++)='Z'; *(p++)='\0'; + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; if (*str == 'Z') + { + if (remaining != 1) + return 0; offset=0; + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') debian/patches/CVE-2016-7056.patch0000644000000000000000000001465513043674417013264 0ustar From 8aed2a7548362e88e84a7feb795a3a97e8395008 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Fri, 12 Sep 2014 00:13:20 +0200 Subject: [PATCH] Reserve option to use BN_mod_exp_mont_consttime in ECDSA. Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz (cherry picked from commit f54be179aa4cbbd944728771d7d59ed588158a12) --- crypto/ec/ec.h | 6 +++++ crypto/ec/ec_lcl.h | 11 ++++++++ crypto/ec/ec_lib.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++ crypto/ecdsa/ecs_ossl.c | 36 +++++++++++++++++++++---- 4 files changed, 119 insertions(+), 5 deletions(-) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 7ae8e8a..b8551c5 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -243,6 +243,12 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIG */ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +/** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). +*/ +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + /** Gets the order of a EC_GROUP * \param group EC_GROUP object * \param order BIGNUM to which the order is copied diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index b0d48b6..22b53d2 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -235,6 +235,8 @@ struct ec_group_st { void *field_data1; /* method-specific (e.g., Montgomery structure) */ void *field_data2; /* method-specific */ int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ + + BN_MONT_CTX *mont_data; /* data for ECDSA inverse */ } /* EC_GROUP */; struct ec_key_st { @@ -444,3 +446,12 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, void (*felem_contract)(void *out, const void *in)); void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); #endif +int ec_precompute_mont_data(EC_GROUP *); + +#ifdef ECP_NISTZ256_ASM +/** Returns GFp methods using montgomery multiplication, with x86-64 optimized + * P256. See http://eprint.iacr.org/2013/816. + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistz256_method(void); +#endif diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index e2c4741..7fe3115 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -98,6 +98,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->extra_data = NULL; + ret->mont_data = NULL; ret->generator = NULL; BN_init(&ret->order); @@ -129,6 +130,9 @@ void EC_GROUP_free(EC_GROUP *group) EC_EX_DATA_free_all_data(&group->extra_data); + if (group->mont_data) + BN_MONT_CTX_free(group->mont_data); + if (group->generator != NULL) EC_POINT_free(group->generator); BN_free(&group->order); @@ -152,6 +156,9 @@ void EC_GROUP_clear_free(EC_GROUP *group) EC_EX_DATA_clear_free_all_data(&group->extra_data); + if (group->mont_data) + BN_MONT_CTX_free(group->mont_data); + if (group->generator != NULL) EC_POINT_clear_free(group->generator); BN_clear_free(&group->order); @@ -197,6 +204,25 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } + if (src->mont_data != NULL) + { + if (dest->mont_data == NULL) + { + dest->mont_data = BN_MONT_CTX_new(); + if (dest->mont_data == NULL) return 0; + } + if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data)) return 0; + } + else + { + /* src->generator == NULL */ + if (dest->mont_data != NULL) + { + BN_MONT_CTX_free(dest->mont_data); + dest->mont_data = NULL; + } + } + if (src->generator != NULL) { if (dest->generator == NULL) @@ -306,6 +332,11 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIG else BN_zero(&group->cofactor); + /* We ignore the return value because some groups have an order with + * factors of two, which makes the Montgomery setup fail. + * |group->mont_data| will be NULL in this case. */ + ec_precompute_mont_data(group); + return 1; } @@ -315,6 +346,10 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) return group->generator; } +BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group) + { + return group->mont_data; + } int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) { @@ -1094,3 +1129,39 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group) else return 0; /* cannot tell whether precomputation has been performed */ } + +/* ec_precompute_mont_data sets |group->mont_data| from |group->order| and + * returns one on success. On error it returns zero. */ +int ec_precompute_mont_data(EC_GROUP *group) + { + BN_CTX *ctx = BN_CTX_new(); + int ret = 0; + + if (group->mont_data) + { + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; + } + + if (ctx == NULL) + goto err; + + group->mont_data = BN_MONT_CTX_new(); + if (!group->mont_data) + goto err; + + if (!BN_MONT_CTX_set(group->mont_data, &group->order, ctx)) + { + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; + goto err; + } + + ret = 1; + +err: + + if (ctx) + BN_CTX_free(ctx); + return ret; + } diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 7725935..c23343b 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -187,11 +187,37 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, while (BN_is_zero(r)); /* compute the inverse of k */ - if (!BN_mod_inverse(k, k, order, ctx)) - { - ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } + if (EC_GROUP_get_mont_data(group) != NULL) + { + /* We want inverse in constant time, therefore we utilize the + * fact order must be prime and use Fermats Little Theorem + * instead. */ + if (!BN_set_word(X, 2) ) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_sub(X, order, X, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + BN_set_flags(X, BN_FLG_CONSTTIME); + if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx, EC_GROUP_get_mont_data(group))) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + } + else + { + if (!BN_mod_inverse(k, k, order, ctx)) + { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; + } + } + /* clear old values if necessary */ if (*rp != NULL) BN_clear_free(*rp); -- 2.7.4 debian/patches/CVE-2014-3571-2.patch0000644000000000000000000000224612453766115013411 0ustar From 45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sat, 3 Jan 2015 00:54:35 +0000 Subject: [PATCH] Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Steve Henson --- ssl/d1_pkt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2015-01-09 07:56:03.571632281 -0500 +++ openssl-1.0.1f/ssl/d1_pkt.c 2015-01-09 07:56:03.567632253 -0500 @@ -675,7 +675,8 @@ * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; debian/patches/alt-cert-chains-5.patch0000644000000000000000000000274512655207500014770 0ustar Backport of: From 9a0db453ba017ebcaccbee933ee6511a9ae4d1c8 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 24 Jun 2015 15:55:36 +0100 Subject: [PATCH] Fix alternate chains certificate forgery issue During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This occurs where at least one cert is added to the first chain from the trust store, but that chain still ends up being untrusted. In that case ctx->last_untrusted is decremented in error. Patch provided by the BoringSSL project. CVE-2015-1793 Reviewed-by: Stephen Henson --- crypto/x509/x509_vfy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: openssl-1.0.1f/crypto/x509/x509_vfy.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_vfy.c 2016-02-05 16:07:17.385431908 -0500 +++ openssl-1.0.1f/crypto/x509/x509_vfy.c 2016-02-05 16:07:53.445836601 -0500 @@ -333,8 +333,8 @@ xtmp = sk_X509_pop(ctx->chain); X509_free(xtmp); num--; - ctx->last_untrusted--; } + ctx->last_untrusted = sk_X509_num(ctx->chain); retry = 1; break; } debian/patches/CVE-2016-2180.patch0000644000000000000000000000231212770755076013247 0ustar Backport of: From 6adf409c7432b90c06d9890787fe56c48f2a16e7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 21 Jul 2016 15:24:16 +0100 Subject: [PATCH] Fix OOB read in TS_OBJ_print_bio(). TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result as a null terminated buffer. The length value returned is the total length the complete text reprsentation would need not the amount of data written. CVE-2016-2180 Thanks to Shi Lei for reporting this bug. Reviewed-by: Matt Caswell (cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a) --- crypto/ts/ts_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/ts/ts_lib.c =================================================================== --- openssl-1.0.1f.orig/crypto/ts/ts_lib.c 2016-09-22 09:18:05.586668403 -0400 +++ openssl-1.0.1f/crypto/ts/ts_lib.c 2016-09-22 09:18:37.779060859 -0400 @@ -90,9 +90,8 @@ { char obj_txt[128]; - int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); - BIO_write(bio, obj_txt, len); - BIO_write(bio, "\n", 1); + OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); + BIO_printf(bio, "%s\n", obj_txt); return 1; } debian/patches/CVE-2018-0737-4.patch0000644000000000000000000000203213312440425013375 0ustar Backport of: From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001 From: Billy Brumley Date: Wed, 11 Apr 2018 10:10:58 +0300 Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787) --- crypto/rsa/rsa_gen.c | 2 ++ 1 file changed, 2 insertions(+) Index: openssl-1.0.1f/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.1f.orig/crypto/rsa/rsa_gen.c 2018-06-20 07:56:44.874753755 -0400 +++ openssl-1.0.1f/crypto/rsa/rsa_gen.c 2018-06-20 07:56:59.470765107 -0400 @@ -130,6 +130,8 @@ static int rsa_builtin_keygen(RSA *rsa, BN_copy(rsa->e, e_value); + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) debian/patches/CVE-2014-3571-3.patch0000644000000000000000000000164112770765720013413 0ustar Backport of: From 1895583835239bc44c3f6584e48f0279ad884f3b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 26 Jan 2015 16:47:36 +0000 Subject: [PATCH] Make DTLS always act as if read_ahead is set. The actual value of read_ahead is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa) --- ssl/s3_pkt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2016-09-22 10:28:48.878769222 -0400 +++ openssl-1.0.1f/ssl/s3_pkt.c 2016-09-22 10:29:32.347301613 -0400 @@ -217,7 +217,8 @@ return -1; } - if (!s->read_ahead) + /* We always act like read_ahead is set for DTLS */ + if (!s->read_ahead && !SSL_IS_DTLS(s)) /* ignore max parameter */ max = n; else debian/patches/pic.patch0000644000000000000000000001300512005224543012405 0ustar Index: openssl-1.0.1c/crypto/des/asm/desboth.pl =================================================================== --- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 +++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 @@ -16,6 +16,11 @@ &push("edi"); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebp"); + &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); @@ -47,15 +52,21 @@ &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); &mov(&swtmp(1), "edi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "esi"); &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); + &exch("ebx", "ebp"); + &call("DES_encrypt2\@PLT"); + &exch("ebx", "ebp"); &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); Index: openssl-1.0.1c/crypto/perlasm/cbc.pl =================================================================== --- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 +++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 @@ -122,7 +122,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point0")); + &set_label("pic_point0"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -185,7 +189,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($enc_func); + &call (&label("pic_point1")); + &set_label("pic_point1"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); + &call("$enc_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); @@ -218,7 +226,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point2")); + &set_label("pic_point2"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # @@ -261,7 +273,11 @@ &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - &call($dec_func); + &call (&label("pic_point3")); + &set_label("pic_point3"); + &blindpop("ebx"); + &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); + &call("$dec_func\@PLT"); &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl =================================================================== --- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 +++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 @@ -161,6 +161,7 @@ if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } + if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } } push(@out,$initseg) if ($initseg); } @@ -218,8 +219,23 @@ elsif ($::elf) { $initseg.=<<___; .section .init +___ + if ($::pic) + { $initseg.=<<___; + pushl %ebx + call .pic_point0 +.pic_point0: + popl %ebx + addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx + call $f\@PLT + popl %ebx +___ + } + else + { $initseg.=<<___; call $f ___ + } } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw Index: openssl-1.0.1c/crypto/x86cpuid.pl =================================================================== --- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 +++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 @@ -8,6 +8,8 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +push(@out, ".hidden OPENSSL_ia32cap_P\n"); + &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); @@ -139,9 +141,7 @@ &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_rdtsc"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); @@ -155,7 +155,7 @@ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_instrument_halt"); &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC @@ -222,7 +222,7 @@ &ret (); &function_end_B("OPENSSL_far_spin"); -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); +&function_begin_B("OPENSSL_wipe_cpu"); &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); debian/patches/stddef.patch0000644000000000000000000000061011501173436013105 0ustar Index: openssl-0.9.8k/crypto/sha/sha.h =================================================================== --- openssl-0.9.8k.orig/crypto/sha/sha.h 2008-09-16 12:47:28.000000000 +0200 +++ openssl-0.9.8k/crypto/sha/sha.h 2009-07-19 11:36:28.000000000 +0200 @@ -59,6 +59,7 @@ #ifndef HEADER_SHA_H #define HEADER_SHA_H +#include #include #include debian/patches/pod_req_misspell2.patch0000644000000000000000000000060711575362341015273 0ustar diff --git a/doc/apps/req.pod b/doc/apps/req.pod --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -303,7 +303,7 @@ =item B<-newhdr> -Adds the word B to the PEM file header and footer lines on the outputed +Adds the word B to the PEM file header and footer lines on the outputted request. Some software (Netscape certificate server) and some CAs need this. =item B<-batch> debian/patches/CVE-2016-8610.patch0000644000000000000000000000773513043675256013264 0ustar Backport of: From 22646a075e75991b4e8f5d67171e45a6aead5b48 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 21 Sep 2016 14:48:16 +0100 Subject: [PATCH] Don't allow too many consecutive warning alerts Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. Reviewed-by: Rich Salz --- ssl/d1_pkt.c | 15 +++++++++++++++ ssl/s3_pkt.c | 15 +++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_locl.h | 4 ++++ 4 files changed, 35 insertions(+) Index: openssl-1.0.1f/ssl/d1_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/d1_pkt.c 2017-01-30 12:34:38.876598997 -0500 +++ openssl-1.0.1f/ssl/d1_pkt.c 2017-01-30 12:37:24.370762576 -0500 @@ -910,6 +910,13 @@ goto start; } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->cert->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1179,6 +1186,14 @@ if (alert_level == 1) /* warning */ { s->s3->warn_alert = alert_descr; + + s->cert->alert_count++; + if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP Index: openssl-1.0.1f/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1f.orig/ssl/s3_pkt.c 2017-01-30 12:34:38.876598997 -0500 +++ openssl-1.0.1f/ssl/s3_pkt.c 2017-01-30 12:38:42.263782297 -0500 @@ -1013,6 +1013,13 @@ if (ret <= 0) return(ret); } + /* + * Reset the count of consecutive warning alerts if we've got a non-empty + * record that isn't an alert. + */ + if (rr->type != SSL3_RT_ALERT && rr->length != 0) + s->cert->alert_count = 0; + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -1229,6 +1236,14 @@ if (alert_level == 1) /* warning */ { s->s3->warn_alert = alert_descr; + + s->cert->alert_count++; + if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); + goto f_err; + } + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; Index: openssl-1.0.1f/ssl/ssl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl.h 2017-01-30 12:34:38.876598997 -0500 +++ openssl-1.0.1f/ssl/ssl.h 2017-01-30 12:39:16.524230727 -0500 @@ -2548,6 +2548,7 @@ #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +#define SSL_R_TOO_MANY_WARN_ALERTS 409 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 Index: openssl-1.0.1f/ssl/ssl_locl.h =================================================================== --- openssl-1.0.1f.orig/ssl/ssl_locl.h 2017-01-30 12:34:38.876598997 -0500 +++ openssl-1.0.1f/ssl/ssl_locl.h 2017-01-30 12:40:37.325288124 -0500 @@ -478,6 +478,8 @@ #define NAMED_CURVE_TYPE 3 #endif /* OPENSSL_NO_EC */ +# define MAX_WARN_ALERT_COUNT 5 + typedef struct cert_pkey_st { X509 *x509; @@ -517,6 +519,8 @@ CERT_PKEY pkeys[SSL_PKEY_NUM]; int references; /* >1 only if SSL_copy_session_id is used */ + /* Count of the number of consecutive warning alerts received */ + unsigned int alert_count; } CERT; debian/patches/perlpath-quilt.patch0000644000000000000000000000063212263334623014616 0ustar diff -Nur openssl-0.9.8o/util/perlpath.pl openssl-0.9.8o.new/util/perlpath.pl --- openssl-0.9.8o/util/perlpath.pl 2010-06-14 10:17:46.000000000 -0400 +++ openssl-0.9.8o.new/util/perlpath.pl 2010-06-14 10:18:04.000000000 -0400 @@ -11,6 +11,10 @@ sub wanted { + if (/^\.pc/) { + $prune = 1; + return; + } return unless /\.pl$/ || /^[Cc]onfigur/; open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; debian/patches/valgrind.patch0000644000000000000000000000130311501173436013442 0ustar Index: openssl-1.0.0c/crypto/rand/md_rand.c =================================================================== --- openssl-1.0.0c.orig/crypto/rand/md_rand.c 2010-06-16 15:17:22.000000000 +0200 +++ openssl-1.0.0c/crypto/rand/md_rand.c 2010-12-12 17:02:50.000000000 +0100 @@ -476,6 +476,7 @@ MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); #ifndef PURIFY /* purify complains */ +#if 0 /* The following line uses the supplied buffer as a small * source of entropy: since this buffer is often uninitialised * it may cause programs such as purify or valgrind to @@ -485,6 +486,7 @@ */ MD_Update(&m,buf,j); #endif +#endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; if (k > 0) debian/patches/CVE-2016-2182-2.patch0000644000000000000000000000226212771214373013403 0ustar Backport of: From 3612ff6fcec0e3d1f2a598135fe12177c0419582 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Mon, 22 Aug 2016 02:36:36 +0900 Subject: [PATCH] Fix overflow check in BN_bn2dec() Fix an off by one error in the overflow check added by 07bed46f332fc ("Check for errors in BN_bn2dec()"). Reviewed-by: Stephen Henson Reviewed-by: Matt Caswell (cherry picked from commit 099e2968ed3c7d256cda048995626664082b1b30) --- crypto/bn/bn_print.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Index: openssl-1.0.1f/crypto/bn/bn_print.c =================================================================== --- openssl-1.0.1f.orig/crypto/bn/bn_print.c 2016-09-23 07:56:02.527253387 -0400 +++ openssl-1.0.1f/crypto/bn/bn_print.c 2016-09-23 07:56:44.315702238 -0400 @@ -140,15 +140,14 @@ if (BN_is_negative(t)) *p++ = '-'; - i=0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp=BN_div_word(t,BN_DEC_CONV); if (*lp == (BN_ULONG)-1) goto err; lp++; - if (lp - bn_data >= bn_data_num) - goto err; } lp--; /* We now have a series of blocks, BN_DEC_NUM chars debian/patches/CVE-2015-0288.patch0000644000000000000000000000155312502067256013250 0ustar Backport of: From 51527f1e3564f210e984fe5b654c45d34e4f03d7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 18 Feb 2015 00:34:59 +0000 Subject: [PATCH] Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) --- crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) Index: openssl-1.0.1f/crypto/x509/x509_req.c =================================================================== --- openssl-1.0.1f.orig/crypto/x509/x509_req.c 2015-03-17 13:06:47.965965657 -0400 +++ openssl-1.0.1f/crypto/x509/x509_req.c 2015-03-17 13:07:23.354248877 -0400 @@ -92,6 +92,8 @@ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; debian/libssl1.0.0.templates0000644000000000000000000000227711501472103012755 0ustar Template: libssl1.0.0/restart-services Type: string _Description: Services to restart to make them use the new libraries: This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections. . Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty. . Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble. Template: libssl1.0.0/restart-failed Type: error #flag:translate!:3 #flag:comment:2 # This paragraph is followed by a (non translatable) paragraph containing # a list of services that could not be restarted _Description: Failure restarting some services for OpenSSL upgrade The following services could not be restarted for the OpenSSL library upgrade: . ${services} . You will need to start these manually by running '/etc/init.d/ start'. debian/libssl1.0.0.dirs0000644000000000000000000000003211632643401011711 0ustar usr/share/doc/libssl1.0.0 debian/README.debian0000644000000000000000000000411210425453631011270 0ustar openssl for DEBIAN ---------------------- openssl replaces ssleay. The application links to openssl like req, ca, verify and s_client have been removed. Instead of `` please call now `openssl ` eg: instead of `req` please call `openssl req` PATENT ISSUES ------------- Some algorithms used in the library are covered by patents. As a result, the following algorithms in libcrypto have been disabled: - RC5 - MDC2 - IDEA Also see the patents section in the README file. Self-signed certs and webservers: --------------------------------- If you get with a selfsigned certificate and a webserver: > "The certificate is not approved for the attempted operation." Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) writes: >Probably you are using a CA certificate for your server; if you use >"openssl req" to generate a new key and self-signed certificate with >the default openssl.cnf, the certificate you get includes certain >X.509v3 extensions that make it unfit for use as a server certificate. >This was not so with earlier versions of the software because back >then there was far less X.509v3 support. > >To look at the certificate some HTTPS server presents to its cliens, >use "openssl s_client -port 443 -host your.server", store the output >(at least the part from "-----BEGIN CERTIFICATE-----" up to "-----END >CERTIFICATE-----", including these separators) in a file and use >"openssl x509 -in the_file_you_just_stored -text" to look at it in >readable form. If it has in the "X509v3 extensions section" any of >the following entries, it is not usable as a server certificate: > > X509v3 Basic Constraints: > CA:TRUE > > X509v3 Key Usage: > Certificate Sign, CRL Sign > >To quickly create a new server key and certificate that works with >Netscape, you can just copy the original openssl.cnf file and comment >out the "x509_extensions" entry in the "[ req ]" section. >The, use "openssl req ..." as before to create a new certificate and >key. Christoph Martin , Wed, 31 Mar 1999 16:00:51 +0200 debian/README.optimization0000644000000000000000000000255110323246103012570 0ustar openssl ships optimized libraries for some cpus. The loading of these libraries depends on the ability of the dynamic linker to automaticly search additional directories depending on the cpu. If you want to find out which are these directories for your computer, run the following command: LD_LIBRARY_PATH=/usr/lib strace true 2>&1 | fgrep "open(\"/usr/lib" On a Pentium III this gives: open("/usr/lib/i686/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) Following is a list of cpus, library paths and possible optimizations: 486 /usr/lib/i486 -march=i486 -mcpu=i486 +asm Pentium /usr/lib/i586 -march=i586 -mcpu=i586 +asm Pentium MMX /usr/lib/i586 -march=i586 -mcpu=i586 +asm Pentium II /usr/lib/i686 -march=i686 -mcpu=i686 +asm Pentium III /usr/lib/i686 -march=i686 -mcpu=i686 +asm AMD-K6 /usr/lib/i586 -march=i586 -mcpu=i586 +asm AMD-K7 /usr/lib/i686 -march=i686 -mcpu=i686 +asm Sparc v8 /usr/lib/v8 -mcpu=v8 +asm Sparc v9 /usr/lib/v9 -mcpu=v9 -Wa,-Av8plus +asm Alpha EV4 /usr/lib/ev4 -mcpu=ev4 Alpha EV5 /usr/lib/ev5 -mcpu=ev5 +asm means that the handcrafted 586 assembler routines can be used. debian/libssl-dev.dirs0000644000000000000000000000004111501503354012105 0ustar usr/lib usr/share/doc/libssl-dev debian/openssl.dirs0000644000000000000000000000005611501502627011534 0ustar usr/bin usr/lib etc/ssl/certs etc/ssl/private debian/compat0000644000000000000000000000000212234750600010363 0ustar 9 debian/copyright0000644000000000000000000001462310323246103011121 0ustar This package was debianized by Christoph Martin martin@uni-mainz.de on Fri, 22 Nov 1996 21:29:51 +0100. Copyright (c) 1998-2004 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson The upstream sources were obtained from http://www.openssl.org/ LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------- /* ==================================================================== * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ debian/libssl1.0.0.files0000644000000000000000000000016412263334623012064 0ustar lib/*/*.so.*.*.* lib/*/*/*.so.*.*.* lib/*/i686/cmov/*.so.*.*.* usr/lib/*/*.so.*.*.* usr/lib/*/openssl-1.0.0/engines debian/upstream-signing-key.pgp0000644000000000000000000000237412257406620013772 0ustar  6s|4'2/{u͔ tW`NyQ}#M~ID#1PWX:`7 c 3]{CZA XD.J~1oܫo(dשkp%3FAq߂ Ɋg SE#TG-y@F;J#~)yRN6ee%aK;z,Nȭf 1CuiI қ{Y1Dr Stephen Henson CPқ{YIcbjX k8ᔄ js겳x/hkz{yhmB!^4(B~&`5ԫEpہbENe/N=$9}V8Hx̝[ގeZR`:VټIdPt0x.僓qLVߋz_At<&w!|?IXACs*=%! ܝۑ:gOחpL3Dr S N Henson 6s|қ{YA!\I>Я|e5u ӛ8׆lt0E-{\E <_Z,V@s~>25$a.SOOҔ@ eyafɦU HQ*܎D.jVg;Ǻt^{DZ׀S#KCeB'xQLuq.hP$dd ?eyQWd7iV-<0V\JLz-m Y'h8tUi^ɕI >ts:Dr Stephen Henson CPқ{YkV^ Fcr_+yj. /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') # apache2 ships its init script in apache2-common, but the # script is apache2 check=$(echo $check | sed 's/apache2-common/apache2/g') # For mod-ssl apache has to be restarted check=$(echo $check | sed 's/libapache-mod-ssl/apache/g') # The name of proftpd-{ldap,mysql,pgsql} init script is # same as "proftpd". check=$(echo $check | sed 's/proftpd-.*/proftpd/g') # dovecot-common ships its init script, but the # script name is dovecot for dovecot-{imapd,pop3d}. check=$(echo $check | sed 's/dovecot-common/dovecot/g') # openssh-server's init script it called ssh check=$(echo $check | sed 's/openssh-server/ssh/g') echo "done." echo "Checking init scripts..." for service in $check; do if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1) if [ -n "$idl" ] && [ -x $idl ]; then services="$service $services" else echo "WARNING: init script for $service not found." fi else if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then idl=$(filerc $rl $service) else idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) fi if [ -n "$idl" ] && [ -x $idl ]; then services="$service $services" fi fi done if [ -n "$services" ]; then db_reset libssl1.0.0/restart-services db_set libssl1.0.0/restart-services "$services" if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then db_input medium libssl1.0.0/restart-services || true else db_input critical libssl1.0.0/restart-services || true fi db_go || true db_get libssl1.0.0/restart-services if [ "x$RET" != "x" ] then services=$RET answer=yes else answer=no fi echo if [ "$answer" = yes ] && [ "$services" != "" ]; then echo "Restarting services possibly affected by the upgrade:" failed="" rl=$(runlevel | sed 's/.*\ //') for service in $services; do if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then idl="invoke-rc.d ${service}" elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then idl=$(filerc $rl $service) else idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) fi if ! $idl restart; then failed="$service $failed" fi done echo if [ -n "$failed" ]; then db_subst libssl1.0.0/restart-failed services "$failed" db_input critical libssl1.0.0/restart-failed || true db_go || true else echo "Services restarted successfully." fi echo fi else echo "Nothing to restart." fi # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop fi # end upgrading and $2 lt 0.9.8c-2 # Here we issue the reboot notification for upgrades and # security updates. We do want services to be restarted when we # update for a security issue, but planned by the sysadmin, not # automatically. # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi fi # Upgrading fi #DEBHELPER# debian/libcrypto1.0.0-udeb.dirs0000644000000000000000000000000412263334623013350 0ustar lib debian/libssl-doc.files0000644000000000000000000000002311501160600012226 0ustar usr/share/man/man3 debian/openssl.docs0000644000000000000000000000017711501500627011525 0ustar doc/fingerprints.txt doc/HOWTO doc/openssl_button.gif doc/openssl_button.html doc/openssl.txt doc/README doc/standards.txt FAQ debian/po/0000755000000000000000000000000012262570146007611 5ustar debian/po/sk.po0000644000000000000000000000620611501472260010563 0ustar msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-5\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-21 11:41+0100\n" "Last-Translator: Ivan Masár \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Služby, ktoré sa majú reštartovať, aby začali používať nové knižnice:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Táto verzia OpenSSL opravuje niektoré bezpečnostné problémy. Služby nezačnú " "používať tieto opravy až pokým nebudú reštartované. Prosím, pamätajte, že " "reštartovanie SSH servera (sshd) by nemalo mať vplyv na žiadne už nadviazané " "spojenia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Prosím, skontrolujte zoznam zistených služieb, ktoré sa majú reštartovať a " "ak je to potrebné, opravte ho. Názvy služieb musia byť rovnaké ako názvy " "inicializačných skriptov v /etc/init.d a oddelené medzerami. Ak tento zoznam " "bude prázdny, žiadne služby sa nebudú reštartovať." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Každá služba, ktorá po vykonaní tejto aktualizácie zlyhá, by mala byť " "reštartovaná. Odporúča sa reštartovať tento počítač, aby ste sa vyhli " "akýmkoľvek problémom týkajúcim sa SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Počas aktualizácie knižnice OpenSSL sa nepodarilo sa reštartovať niektoré " "služby." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Nasledovné služby nebolo možné reštartovať počas aktualizácie knižnice " "OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Budete ich musieť reštartovať ručne spustením „/etc/init.d/ start“." debian/po/ca.po0000644000000000000000000000664511501472257010546 0ustar # # Catalan translation for openssl package. # Copyright (C) 2007 Debian OpenSSL Team. # This file is distributed under the same license as the openssl package. # # Aleix Badia i Bosch , 2004 # Jordà Polo , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8g-3\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-24 16:43+0100\n" "Last-Translator: Jordà Polo \n" "Language-Team: Català \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serveis que cal reiniciar perquè utilitzin les noves biblioteques:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Aquesta versió d'OpenSSL resol alguns problemes de seguretat. Els serveis no " "utilitzaran les correccions fins que no es tornin a iniciar. Fixeu-vos que " "reiniciar el servidor SSH (sshd) no hauria d'afectar cap de les connexions " "existents." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Si us plau, comproveu la llista de serveis detectats que caldria reiniciar, " "i esmeneu-la si és necessari. Els noms dels serveis han de ser idèntics als " "noms dels scripts que hi ha al directori /etc/init.d, i haurien d'estar " "separats per espais. Si la llista és buida no es reiniciarà cap servei." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Si després de l'actualització fallen altres serveis de forma inesperada, és " "possible que també calgui tornar a iniciar-los. Si els problemes relacionats " "amb SSL persisteixen, podeu reiniciar l'ordinador." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "S'ha trobat un error mentre es reiniciaven alguns serveis per " "l'actualització de l'OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "No s'han pogut reiniciar els següents serveis per l'actualització de la " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Aquests els haureu d'iniciar manualment executant «/etc/init.d/ " "start»." #~ msgid "${services}" #~ msgstr "${services}" debian/po/ru.po0000644000000000000000000001026711501472260010576 0ustar # translation of openssl_0.9.8g-10.1_ru.po to Russian # This file is distributed under the same license as the PACKAGE package. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. # # Yuriy Talakan' , 2006. # Yuriy Talakan' , 2007. # Yuri Kozlov , 2008. msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8g-10.1\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-06-03 21:21+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Перезапускаемые службы для использования новой библиотеки:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Этот выпуск OpenSSL исправляет некоторые проблемы безопасности. Службы не " "могут использовать эти исправления, пока не будут перезапущены. Обратите " "внимание, что перезапуск сервера SSH (sshd) не повлияет на существующие " "соединения." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Проверьте список обнаруженных служб, которые надо перезапустить и поправьте " "его, если необходимо. Имена служб должны соответствовать именам сценариев " "запуска в /etc/init.d и должны быть разделены пробелами. Если список пустой, " "службы не будут перезапущены." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Надо перезапустить любую службу, которая после этого обновления неожиданно " "начнёт работать с ошибками. Рекомендуется перегрузить машину во избежание " "проблем, связанных с SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Не удалось перезапустить некоторые службы при обновлении OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Следующие службы не удалось перезапустить при обновлении библиотеки OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Вам нужно будет перезапустить их вручную с помощью команд '/etc/init.d/" "<служба> start'." debian/po/ja.po0000644000000000000000000000652411501472257010551 0ustar msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-22 07:37+0900\n" "Last-Translator: Hideki Yamane (Debian-JP) \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "新しいライブラリを使うために再起動するサービス:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL は、今回のリリースでセキュリティホールが修正されました。各サービスは" "再起動を行わないと、この修正されたライブラリを利用しません。注意: SSH サーバ " "(sshd) を再起動しても、現状の接続には何ら影響しません。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "再起動が必要だと判断されたサービスのリストを確認してください。必要であれば修" "正してください。サービス名は /etc/init.d にあるスクリプトの名前を指し、空白で" "区切る必要があります。リストが空の場合は、どのサービスも再起動されません。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "他のサービスがここでのアップグレードの後に何故かエラーを起こし始めた場合、そ" "れらも再起動する必要があります。SSL 関連のトラブルを避けるためには、マシンを" "再起動するのをお勧めします。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "OpenSSL のアップグレードによって再起動に失敗したサービス" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "以下のサービスは OpenSSL ライブラリのアップグレードに伴った再起動を行うことが" "できませんでした。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "開始するには '/etc/init.d/ start' を手動で実行する必要があります。" debian/po/pt.po0000644000000000000000000000645411501472257010604 0ustar # Portuguese translation for openssl's debconf messages # Copyright (C) 2007, Carlos Lisboa # This file is distributed under the same license as the openssl package. # Carlos Lisboa , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-04-10 20:36+0100\n" "Last-Translator: Carlos Lisboa \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serviços a reiniciar para que usem as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Este lançamento do OpenSSL resolve alguns problemas de segurança. Os " "serviços podem não usar as correcções até que sejam reiniciados. Note que " "reiniciar o servidor SSH (sshd) não deve afectar quaisquer ligações " "existentes." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor verifique a lista de serviços detectados que necessitam de ser " "reiniciados e corrija-a, se necessário. Os nomes dos serviços devem ser " "idênticos aos nomes dos scripts de inicialização em /etc/init.d e separados " "por espaços. Nennhum serviço será reiniciado se a lista estiver vazia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualquer serviço que mais tarde falhe de forma inesperada após esta " "actualização deverá ser reiniciado. É recomendado que reinicie este " "computador para evitar qualquer problema relacionado como SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Falha ao reiniciar alguns serviços para a actualização do OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Os seguintes serviços não poderam ser reiniciados para a actualização da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Terá que iniciá-los manualmente correndo '/etc/init.d/ start'." debian/po/ko.po0000644000000000000000000000625711501472257010573 0ustar # Korean translations for openssl package # openssl 패키지에 대한 한국어 번역문. # Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # Sunjae Park , 2007. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-11 13:43-0400\n" "Last-Translator: Sunjae Park \n" "Language-Team: Korean \n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "새 라이브러리를 사용하도록 재시작할 서비스 목록:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "이번 OpenSSL 릴리즈는 보안 문제를 몇 개 해결합니다. 서비스들을 재시작시킬 때" "까지는 이 문제들이 해결되지 않습니다. 참고로 SSH 서버(sshd)를 재시작시키더라" "도 기존 연결에는 영향을 주지 않을 것입니다." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "재시작시킬 서비스의 목록을 확인하시고 필요할 경우 목록을 수정하십시오. 서비스" "의 이름들은 /etc/init.d에 있는 초기화 스크립트의 이름과 같아야 하며 빈칸으로 " "구분되어야 합니다. 목록이 비어있을 경우에는 서비스를 재시작시키지 않습니다." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "이 업그레이드를 적용한 후 갑자기 오동작을 하는 서비스는 재시작시키십시오. " "SSL 관련된 문제가 없도록 이 호스트를 재부팅하시길 권장합니다." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/eu.po0000644000000000000000000000652611501472257010572 0ustar # translation of eu.po to Euskara # Openssl debconf template basque translation # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Piarres Beobide , 2007. msgid "" msgstr "" "Project-Id-Version: eu\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-12-21 10:56+0100\n" "Last-Translator: Piarres Beobide \n" "Language-Team: Euskara \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Liburutegi berriak erabili ditzaten berrabiarazi behar diren zerbitzuak:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL bertsio honek zenbait segurtasun arazo konpontzen ditu. Zerbitzuak " "ez dituzte konponketa hauek erabiliko berrabiarazi arte. Kontutan izan SSH " "zerbitzua berrabiarazteak ez dituela sorturik dauden konexioei eragingo." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Mesedez egiaztatu antzemandako berrabiarazi beharra dute zerbitzuen zerrenda " "eta zuzendu behar izanez gero. Zerbitzu izenak /etc/init.d-eko abiarazte " "Script-en berdinak izan behar dira. Zerrenda hutsik utziaz ez da zerbitzurik " "berrabiaraziko." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Bertsio berritze honen ondoren esperogabe huts egiten duen edozein zerbitzu " "berrabiarazi egin beharko zenuke. Ostalari osoa berrabiaraztea gomendatzen " "da SSL inguruko arazoak saihesteko." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Huts OpenSSL bertsio-berritzerako zerbitzu batzuek berrabiaraztean." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Hurrengo zerbitzuak ezin izan dira berrabiarazi OpenSSL liburutegi bertsio-" "berritzerako:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Eskuz berrabiarazi beharko dituzu '/etc/ init.d/ start' eginez." #~ msgid "${services}" #~ msgstr "${services}" debian/po/nb.po0000644000000000000000000000656612234744477010576 0ustar # translation of openssl_0.9.8c-4_templates.po to Norwegian Bokmål # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Bjørn Steensrud , 2007. # Bjørn Steensrud , 2011. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8c-4_templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2011-12-29 14:19+0100\n" "Last-Translator: Bjørn Steensrud \n" "Language-Team: Norwegian Bokmål \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjenester som skal startes på nytt slik at de bruker de nye bibliotekene." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Denne utgaven av OpenSSL retter noen sikkerhetsproblemer. Tjenester kan ikke " "bruke disse rettelsene før de er startet på nytt. Merk: om sshd startes på " "nytt blir antakelig ingen eksisterende tilkoblinger påvirket." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Kontroller lista over funne tjenester som trenger omstart. Rett på lista " "om den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " "være atskilt med mellomrom. Hvis du tømmer lista blir ingen tjenester " "omstartet." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Hvis andre tjenester begynner å svikte på mystisk måte etter denne " "oppgraderingen, så blir det anbefalt at maskinen stoppes og startes for å " "unngå vansker i " "forbindelse med SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Noen tjenester kunne ikke restartes for OpenSSL-oppgradering" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Følgende tjenester kunne ikke restartes for oppgradering av " "OpenSSL-biblioteket:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Du må starte disse manuelt ved å kjøre «/etc/init.d/ start»." debian/po/POTFILES.in0000644000000000000000000000006011501472251011353 0ustar [type: gettext/rfc822deb] libssl1.0.0.templates debian/po/pl.po0000644000000000000000000000671412146432247010574 0ustar # Copyright (C) 2010 # This file is distributed under the same license as the openssl package. # # Michał Kułach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2012-01-31 18:52+0100\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Usługi które mają być zrestartowane, aby mogły używać nowych bibliotek:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "To wydanie OpenSSL naprawia kilka problemów bezpieczeństwa. Usługi nie będą " "mogły skorzystać z tych poprawek, dopóki nie zostaną zrestartowane. Proszę " "zauważyć, że zrestartowanie serwera SSH (sshd) nie powinno mieć wpływu na " "istniejące połączenia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Proszę sprawdzić listę wykrytych usług, które powinny zostać zrestartowane, i " "poprawić ją, jeśli to konieczne. Nazwy usług muszą się zgadzać z nazwami " "skryptów startowych w /etc/init.d i muszą być rozdzielone spacjami. Jeśli " "lista będzie pusta, żadne usługi nie zostaną zrestartowane." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Każda usługa w której wystąpi nieoczekiwany błąd po tej aktualizacji, powinna " "zostać zrestartowana. Zaleca się ponowne uruchomienie komputera, co umożliwi " "uniknięcie wszystkich problemów związanych z SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Zrestartowanie niektórych usług podczas aktualizacji OpenSSL nie powiodło się" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Następujące usługi nie mogły zostać zrestartowane w celu aktualizacji " "biblioteki OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Należy zrestartować te usługi ręcznie, przez wykonanie \"/etc/init.d/ " "start\"" debian/po/gl.po0000644000000000000000000000634711501472257010564 0ustar # Galician translation of openssl's debconf templates. # This file is distributed under the same license as the openssl package. # Jacobo Tarrio , 2006, 2007, 2008. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-13 00:08+0100\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Servizos a reiniciar para facer que empreguen as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versión de OpenSSL arranxa algúns fallos de seguridade. Os servizos non " "han ter eses fallos arranxados ata que se reinicien. Teña en conta que " "reiniciar o servidor de SSH (sshd) non debería afectar a ningunha conexión " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Verifique a lista de servizos detectados que hai que reiniciar e corríxaa se " "é preciso. Os nomes dos servizos deben ser idénticos aos nomes dos scripts " "de inicialización de /etc/init.d e deben ir separados por espazos. Non se ha " "reiniciar ningún servizo se a lista está baleira." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Tamén se debería reiniciar calquera servizo que falle de xeito inesperado " "trala actualización. Recoméndase reiniciar esta máquina para evitar " "experimentar problemas relacionados con SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Problemas ao reiniciar algúns servizos para a actualización de OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Non se puido reiniciar os seguintes servizos para a actualización da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Ha ter que reinicialos manualmente executando \"/etc/init.d/ start" "\"." debian/po/ar.po0000644000000000000000000000743711501472257010565 0ustar # translation of openssl-ar.po to Arabic # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Ossama M. Khayat , 2007, 2010. msgid "" msgstr "" "Project-Id-Version: openssl-ar\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-09-09 01:29+0300\n" "Last-Translator: Ossama M. Khayat \n" "Language-Team: Arabic \n" "Language: ar\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=6; plural=n==1 ? 0 : n==0 ? 1 : n==2 ? 2: n%100>=3 && " "n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "الخدمات المطلوب إعادة تشغيلها لجعلها تستخدم المكتبات الجديدة:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "هذا الإصدار من OpenSSL يحل بعض المشاكل الأمنية. ولن تستخدم الخدمات هذه " "الحلول حتى يتم إعادة تشغيلها. الرجاء التنبه إلى أن إعادة تشغيل خادم SSH " "(sshd) لا يؤثر على أية اتصالات حالية." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "الرجاء التحقق من قائمة الخدمات المكتشفة والتي يجب إعادة تشغيلها وقم بتصحيحها " "إن كانت هناك حاجة لذلك. يجب أن تكون أسماء الخدمات مطابقة لأسماء ملفات شيفرات " "التشغيل في /etc/init.d وتفصلها مسافات. لن تتم إعادة تشغيل أية خدمات إن كانت " "القائمة فارغة." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "يجب إعادة تشغيل أية خدمة تفشل بشكل غير متوقع عقب عملية الترقية هذه. كما أنه " "من المستحسن إعادة تشغيل هذا الجهاز لتجنب أية مشاكل متعلقة بخدمة SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "فشل إعادة تشغيل بعض الخدمات لترقية OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "تعذر إعادة تشغيل الخدمات التالية لترقية مكتبة OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "يجب أن تقوم بتشغيل هذه الخدمات يدوياً بتفيذ الأمر '/etc/init.d/ " "start'." debian/po/pt_BR.po0000644000000000000000000000735011501472257011163 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # Flamarion Jorge , 2010. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-07-18 15:03-0300\n" "Last-Translator: Flamarion Jorge \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "pt_BR utf-8\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Serviços a serem reiniciados para que possam utilizar as novas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versão do OpenSSL corrige alguns problemas de segurança. Os serviços " "não utilizarão essas correções até que sejam reiniciados. Por favor, note " "que reiniciar o servidor SSH (sshd) não deve afetar nenhuma conexão " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor, confira a lista de serviços detectados que precisam ser " "reiniciados e a corrija, caso necessário. Os nomes dos serviços devem ser " "idênticos aos nomes dos scripts de inicialização em /etc/init.d e devem ser " "separados por espaços. Nenhum serviço será reiniciado caso a lista esteja " "vazia." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualquer serviço que falhar inesperadamente após esta atualização deverá ser " "reiniciado. É recomendado reinicializar este host para evitar qualquer " "problema relacionado a SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Falha ao reiniciar alguns serviços para a atualização do OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Os seguintes serviços não puderam ser reiniciados para a atualização da " "biblioteca OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Você terá que iniciá-los manualmente executando '/etc/init.d/ " "start'." debian/po/ro.po0000644000000000000000000000700311501472257010570 0ustar # translation of ro.po to Romanian # Romanian translation of openssl. # Copyright (C) 2006 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # # Stan Ioan-Eugen , 2006. # Eddy Petrișor , 2007, 2008. msgid "" msgstr "" "Project-Id-Version: ro\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-06-30 02:26+0300\n" "Last-Translator: Eddy Petrișor \n" "Language-Team: Romanian \n" "Language: ro\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " "20)) ? 1 : 2;\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Serviciile repornite pentru a asigura folosirea noilor biblioteci:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Cu această nouă versiune s-au rezolvat probleme de securitate. Serviciile nu " "vor folosi aceste îmbunătățiri dacă nu sunt repornite. A se reține că " "repornirea serverului SSH (sshd) nu ar trebui să afecteze conexiunile deja " "existente." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Verificați și corectați, dacă este nevoie, lista cu serviciile detectate " "care ar trebui repornite. Numele serviciilor trebuie să fie identice cu " "numele scripturilor de inițializare din /etc/init.d și trebuie să fie " "separate prin spații. Dacă lista este goală, nu va fi repornit nici un " "serviciu." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Orice alt serviciu care prezintă probleme neașteptate după această " "actualizare, ar trebui repornit. Recomandăm să reporniți calculatorul pentru " "a evita probleme legate de SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Eșec la repornirea unor servicii pentru actualizarea lui OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Următoarele servicii nu au putut fi repornite pentru actualizarea " "bibliotecii OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Va trebui să le porniți manual cu o comandă de tipul „/etc/init.d/ " "start'." debian/po/zh_TW.po0000644000000000000000000000543211501472260011201 0ustar msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-18 01:10+0800\n" "Last-Translator: Tetralet \n" "Language-Team: Debian-user in Chinese [Big5] \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "必須重新啟動才能使用新函式庫的服務程式:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "這個 OpenSSL 的釋出版修正了一些安全上的問題。這些服務程式必須重新啟動否則無法" "套用這些修正。請注意到,重新啟動 SSH 服務程式 (sshd) 並不會影響到任何現有的連" "線。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "請檢視被偵測到需重新啟動的服務程式之列表,有必要時請加以修正。這些服務程式名" "稱必須和 /etc/init.d 裡的初始化 Script 名稱一致,並以空白分隔。如果列表裡空無" "一物,就表示沒有服務程式會被重新啟動。" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "在此更新之後,必須將任何預料之外無法成功運行的服務程式重新啟動。建議重新啟動" "這台主機以避免發生任何 SSL 相關的問題。" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/es.po0000644000000000000000000001041711501472257010562 0ustar # openssl translation to spanish # Copyright (C) 2004 Software in the Public Interest # This file is distributed under the same license as the openssl package. # # Changes: # - Initial translation # Lucas Wall , 2004 # # - Last revision # Manuel Porras Peralta «Venturi», 2007 # Maximiliano Marín, 2007 # # # Traductores, si no conoce el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/coordinacion # especialmente las notas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.7d-3\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-05-01 17:20+0200\n" "Last-Translator: Manuel Porras Peralta «Venturi» \n" "Language-Team: Debian Spanish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Servicios que tienen que reiniciarse para que usen las nuevas bibliotecas:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Esta versión de OpenSSL corrige algunos problemas de seguridad. Los " "servicios no usarán los arreglos hasta que se reinicien. Tenga en cuenta que " "reiniciar el servicio SSH (sshd) no debería afectar a ninguna de las " "conexiones existentes." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Por favor, compruebe la lista de los servicios detectados que necesitan " "reiniciarse y corríjala si fuese necesario. Los nombres de los servicios " "deben ser idénticos a los nombres de los programas de inicio en «/etc/init." "d» y deben estar separados por espacios. No se reiniciará ningún servicio si " "deja la lista en blanco." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Tras esta actualización, debería reiniciar más tarde cualquier servicio que " "falle inesperadamente. Se recomienda reiniciar el sistema para evitar " "cualquier problema relacionado con SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Fallo al reiniciar algunos servicios por la actualización de OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "No fue posible reiniciar los servicios indicados a continuación por la " "actualización de OpenSSL: " #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Tendrá que iniciarlos manualmente ejecutando « /etc/init.d/ start " "» " #~ msgid "${services}" #~ msgstr "${services}" debian/po/da.po0000644000000000000000000000647211501472257010545 0ustar # Danish translation openssl. # Copyright (C) 2010 openssl & Joe Hansen. # This file is distributed under the same license as the openssl package. # Claus Hindsgaul , 2004. # Claus Hindsgaul , 2007. # Joe Hansen , 2010. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-10-07 05:26+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjenester der skal genstartes for at få dem til at benytte de nye " "biblioteker:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Denne version af OpenSSL retter nogle sikkerhedsproblemer. Tjenester vil " "ikke benytte disse rettelser, før de er blevet genstartet. Bemærk at det " "ikke vil påvirke eksisterende forbindelser at genstarte SSH-serveren (sshd)." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Tjek listen over fundne tjenester, som skal genstartes, og ret den om " "nødvendigt. Tjenestenavnene skal være identiske med " "initialiseringsskriptenes navne i /etc/init.d, og være adskilt med " "mellemrum. Hvis listen er tom, vil ingen tjenester blive genstartet." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Enhver tjeneste, der fejler uden grund efter denne opgradering, bør " "genstartes. Det anbefales at genstarte denne maskine for at undgå SSL-" "relaterede problemer." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Fejl ved genstart af nogle tjenester for OpenSSl-opgradering" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "De følgende tjenester kunne ikke genstartes for OpenSSL-" "biblioteksopgraderingen:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du skal genstarte disse manuelt ved at køre '/etc/init.d/ start'." debian/po/templates.pot0000644000000000000000000000430211501472257012331 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/fi.po0000644000000000000000000000644311501472257010555 0ustar msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8e-8\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-12-30 00:00+0200\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Finnish\n" "X-Poedit-Country: FINLAND\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Palvelut, jotka käynnistetään uudelleen uusien kirjastojen käyttämiseksi:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Tämä OpenSSL:n julkaisu sisältää joitain turvapäivityksiä. Palvelut eivät " "käytä näitä päivityksiä ennen kuin ne on käynnistetty uudelleen. Huomaa, " "että SSH-palvelimen (sshd) uudelleenkäynnistyksen ei pitäisi vaikuttaa " "olemassa oleviin yhteyksiin." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Tarkista alla oleva lista löydetyistä palveluista, jotka pitää käynnistää " "uudelleen, ja korjaa sitä tarvittaessa. Palveluiden nimien pitää täsmätä " "hakemistossa /etc/init.d olevien alustustiedostojen nimiin ja olla " "välilyönnein eroteltuja. Jos lista on tyhjä, mitään palveluita ei " "käynnistetä uudelleen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Palvelut, joissa esiintyy odottamattomia häiriöitä päivityksen jälkeen " "tulisi käynnistää uudelleen. On suositeltavaa käynnistää kone uudelleen SSL:" "än liittyvien ongelmien välttämiseksi." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Joidenkin palveluiden käynnistäminen uudelleen OpenSSL:n päivityksen " "yhteydessä epäonnistui." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Seuraavia palveluita ei voitu käynnistää uudelleen päivitettäessä OpenSSL-" "kirjasto:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Nämä tarvitsee käynnistää käsin ajamalla ”/etc/init.d/ start”." #~ msgid "${services}" #~ msgstr "${services}" debian/po/sv.po0000644000000000000000000000716511501472260010603 0ustar # translation of openssl_0.9.8g-10_sv.po to swedish # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. # # Martin Bagge , 2008. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8g-10_sv\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-23 00:17+0200\n" "Last-Translator: Martin Bagge \n" "Language-Team: swedish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Tjnster som ska startas om fr att f dem att anvnda de nya biblioteken:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Den hr utgvan av OpenSSL rttar till ett antal skerhetsproblem. " "Tjnsterna kommer inte att anvnda dessa rttningar frrn de har startats " "om. Observera att omstart av SSH-servern (sshd) inte kommer att pverka " "befintliga anslutningar." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Undersk listan ver identifierade tjnster som behver startas om och gr " "ndringar i den om det behvs. Tjnstenamnen mste vara identiska fr " "initieringsskripten i /etc/init.d och mste separeras med blanksteg. Inga " "tjnster kommer att startas om om listan r tom." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Om andra tjnster senare brjar att f underliga problem efter denna " "uppgradering br de startas om. Vi rekommenderar att du startar om din " "dator fr att undvika SSL-relaterade problem." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Misslyckades med att starta om tjnster fr uppgraderingen av OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Fljande tjnster kunde inte startas om vid uppgraderingen av OpenSSL " "biblioteket:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du mste starta om dessa tjnster manuellt genom att kra '/etc/init.d/" " start'" debian/po/vi.po0000755000000000000000000000675011501472260010573 0ustar # Vietnamese translation for OpenSSL. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2005-2010. # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8o-2\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2010-10-27 15:40+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Dịch vụ cần khởi chạy lại để sử dụng thư viện mới:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Phiên bản OpenSSL này sửa chữa một số vấn đề bảo mật. Dịch vụ sẽ chỉ sử dụng " "những sự sửa này sau khi khởi chạy lại. Ghi chú rằng việc khởi chạy lại " "trình phục vụ SSH (sshd) không nên ảnh hưởng đến kết nối đã có." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Hãy kiểm tra danh sách các dịch vụ đã phát hiện cần khởi chạy lại, và sửa " "chữa nếu cần thiết. Tên mỗi dịch vụ phải trùng với tên văn lệnh sơ khởi " "trong « /etc/init.d », các tên dịch vụ cũng định giới bằng dấu cách. Bỏ " "trống trường này thì không khời chạy dịch vụ nào." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Dịch vụ nào bị lỗi bất thường sau khi nâng cấp thì nên được khởi chạy lại. " "Khuyên bạn khởi động lại máy này để tránh vấn đề liên quan đến SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Lỗi khởi chạy lại một số dịch vụ để nâng cấp OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Những dịch vụ theo đây không khởi chạy lại được để nâng cấp thư viện OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Vì thế bạn cần phải khởi chạy bằng tay, bằng cách chạy câu lệnh « /etc/init." "d/ start »." debian/po/it.po0000644000000000000000000000650511501472257010572 0ustar # openssl po-debconf translation to Italian (it) # Copyright (C) 2006 Software in the Public Interest # This file is distributed under the same license as the openssl package. # Luca Monducci , 2006-2008. # Giuseppe Sacco , 2007 # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8g italian debconf templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-01-19 21:17+0100\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Servizi da riavviare per l'uso delle nuove librerie:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Questo rilascio di OpenSSL corregge alcuni problemi legati alla sicurezza, " "ma i servizi non utilizzeranno queste correzioni finché non verranno " "riavviati. Notare che il riavvio del server SSH (sshd) non ha effetti sulle " "connessioni attive." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Controllare ed eventualmente correggere l'elenco dei servizi che devono " "essere riavviati. Il nome dei servizi, separati da spazi, devono essere gli " "stessi degli script di inizializzazione che si trovano in /etc/init.d. Se " "l'elenco è vuoto non verrà riavviato nessun servizio." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Qualsiasi servizio che si bloccasse in maniera imprevista dopo questo " "aggiornamento dovrà essere riavviato. Si consiglia di riavviare la macchina " "per evitare qualsiasi problema legato a SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Errore nel riavvio di alcuni servizi per l'aggiornamento di OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Non è stato possibile riavviare i seguenti servizi per l'aggiornamento di " "OpenSSL:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "È necessario avviarli manualmente con \"/etc/init.d/ start\"." debian/po/cs.po0000644000000000000000000000707611501472257010567 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-05-12 19:14+0200\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Služby, které se mají restartovat, aby začaly využívat nové knihovny:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Toto vydání OpenSSL opravuje některé bezpečnostní problémy. Tyto opravy se v " "programech projeví až po jejich restartu. Poznamenejme, že restart SSH " "serveru (sshd) by neměl ovlivnit stávající spojení." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Zkontrolujte prosím seznam rozpoznaných služeb, které je třeba restartovat. " "Jestliže se vám zdá, že je seznam chybný, můžete jej upravit. Názvy služeb " "musí být shodné s názvy skriptů v adresáři /etc/init.d a musí být odděleny " "mezerami. Pokud seznam vymažete, nebude restartována žádná služba." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Jestliže po této aktualizaci začnou neočekávaně selhávat některé služby, " "měli byste je taktéž restartovat. Abyste se vyhnuli problémům spojeným se " "SSL, doporučujeme restartovat celý počítač." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Chyba při restartu některých služeb po aktualizaci OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Následující služby se nepodařilo po aktualizaci knihovny OpenSSL restartovat:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Budete je muset spustit ručně příkazem „/etc/init.d/ start“." debian/po/de.po0000644000000000000000000000663711501472257010554 0ustar # German translation of openssl's debconf templates # Copyright (C) 2006-2008 Johannes Starosta # This file is distributed under the same license as the openssl package. # msgid "" msgstr "" "Project-Id-Version: openssl 0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2008-03-24 22:48+0100\n" "Last-Translator: Johannes Starosta \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Welche Dienste sollen erneut gestartet werden, damit sie die neuen " "Bibliotheken verwenden?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "In dieser Version von OpenSSL wurden Sicherheitsprobleme behoben. Dienste " "werden diese Aktualisierungen nicht nutzen, bis sie neugestartet werden. " "Hinweis: Den SSH-Server (sshd) neu zu starten, dürfte keine bestehenden " "Verbindungen beeinträchtigen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Es folgt nun eine Liste der erkannten Dienste, die neu gestartet werden " "sollten. Bitte berichtigen Sie die Liste, falls Sie glauben, dass sie Fehler " "enthält. Die Namen der Dienste müssen den Namen der Skripte in /etc/init.d " "entsprechen und werden durch Leerzeichen getrennt. Es wird kein Dienst neu " "gestartet, falls die Liste leer bleibt." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Falls andere Dienste nach diesem Upgrade ein merkwürdiges Fehlverhalten " "zeigen, könnte es nötig werden, sie ebenfalls neu zu starten. Es wird " "empfohlen, den Rechner neu zu starten, um Probleme mit SSL zu vermeiden." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Die folgenden Dienste konnten beim Upgrade der OpenSSL-Bibliothek nicht neu " "gestartet werden:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Sie werden sie manuell durch Aufruf von »/etc/init.d/ start« starten " "müssen." debian/po/nl.po0000644000000000000000000000730211501472257010563 0ustar # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-14 20:03+0100\n" "Last-Translator: Bart Cornelis \n" "Language-Team: debian-l10n-dutch \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Dutch\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "" "Welke diensten moeten herstart worden (zodat ze de nieuwe bibliotheken " "gebruiken)?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Deze uitgave van OpenSSL dicht een aantal veiligheidslekken. Andere " "achtergronddiensten maken pas gebruik van de nieuwe versie eens ze herstart " "zijn. Herstarten van de SSH-server (sshd) heeft normaal geen gevolgen voor " "bestande verbindingen." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Hierna volgt een lijst van gedetecteerde diensten die herstart moeten " "worden. Verbeter de lijst, als u denkt dat ze incorrect is. De namen moeten " "overeenkomen met de script-namen in /etc/init.d en moeten gescheiden worden " "door spaties. Als de lijst leeg is worden er geen diensten herstart." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Als er andere diensten mysterieus beginnen te falen na deze opwaardering, " "dient u deze te herstarten. Er wordt u ten zeerste aanbevolen uw machine te " "herstarten om SSL-gerelateerde problemen te vermijden." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "Herstarten van sommige diensten na de OpenSSL-opwaardering is mislukt." #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "De volgende diensten konden niet herstart worden na de opwaardering van de " "OpenSSL-bibliotheek:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "U zult deze handmatig moeten herstarten via het commando '/etc/init.d/" " start'." #~ msgid "${services}" #~ msgstr "${services}" debian/po/ml.po0000644000000000000000000001121111501472257010554 0ustar # English translation of openssl. # Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER # This file is distributed under the same license as the openssl package. # Praveen|പ്രവീണ്‍ A|എ , 2007. # # msgid "" msgstr "" "Project-Id-Version: openssl 20070415\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-04-14 07:15+0530\n" "Last-Translator: Praveen|പ്രവീണ്‍ A|എ \n" "Language-Team: Swathanthra|സ്വതന്ത്ര Malayalam|മലയാളം Computing|കമ്പ്യൂട്ടിങ്ങ് \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "പുിതിയ ലൈബ്രറികള്‍ ഉപയോഗിയ്ക്കാന്‍ പുനരാരംഭിയ്ക്കേണ്ട സേവനങ്ങള്‍:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "OpenSSL ന്റെ ഈ പതിപ്പ് ചില സുരക്ഷാ പ്രശ്നങ്ങളെ പരിഹരിയ്ക്കുന്നുണ്ട്. പുനരാരംഭിയ്ക്കുന്നത് വരെ " "സേവനങ്ങള്‍ ഈ പരിഹാരങ്ങള്‍ ഉപയോഗിയ്ക്കുന്നതല്ല. SSH സേവകന്‍ (sshd) പുനരാരംഭിയ്ക്കുന്നത് " "നേരത്തെയുള്ള ബന്ധങ്ങളെ ബാധിയ്ക്കുകയില്ല." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "ദയവായി പുനരാരംഭിയ്ക്കേണ്ടതായി കണ്ടുപിടിയ്ക്കപ്പെട്ട സേവനങ്ങളുടെ പട്ടിക ദയവായി " "പരിശോദിയ്ക്കുകയും ആവശ്യമെങ്കില്‍ തിരുത്തുകയും ചെയ്യുക. സേവന നാമങ്ങള്‍ /etc/init.d യിലെ ആരംഭ " "സ്ക്രിപ്റ്റ് നാമങ്ങളുമായി സമാനമായിരിയ്ക്കുയും സ്പേയ്സുകള്‍ കൊണ്ട് " "വേര്‍തിരിയ്ക്കപ്പെട്ടവയുമായിരിയ്ക്കണം. പട്ടിക ശൂന്യമാണെങ്കില്‍ സേവനങ്ങളൊന്നും പുനരാരംഭിയ്ക്കുന്നതല്ല." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "ഈ പുതുക്കലിന് ശേഷം പിന്നീട് അപ്രതീക്ഷിതമായി മുടങ്ങുന്ന ഏതൊരു സേവനങ്ങളേയും " "പുനരാരംഭിയ്ക്കേണ്ടതുണ്ട്. SSL ലുമായി ബന്ധപ്പെട്ട പ്രശ്നം ഒഴിവാക്കാന്‍ ഈ ഹോസ്റ്റിനെ " "പുനരാരംഭിയ്ക്കാന്‍ ശുപാര്‍ശ ചെയ്തിരിയ്ക്കുന്നു." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/po/tr.po0000644000000000000000000000634312146432460010601 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Atila KOÇ , 2012. # msgid "" msgstr "" "Project-Id-Version: openssl\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2012-02-20 11:55+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Yeni kitaplıkları kullanmaları için yeniden başlatılacak hizmetler:" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections." msgstr "OpenSSL paketinin bu sürümü bazı güvenlik sorunlarını düzeltmiştir. Hizmetler yeniden başlatılmadıkça bu düzeltmeleri kullanamayacaklar. SSH sunucusunun (sshd) yeniden başlatılması kurulu bağlantıları etkilemeyecektir." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty." msgstr "Yeniden başlatılması gerektiği algılanan hizmetleri gözden geçiriniz ve gerekirse düzeltiniz. Hizmetlerin adları boşluklarla ayrılmalı ve /etc/init.d dizinindeki başlatma betikleri ile özdeş olmalıdır. Bu liste boş ise hiçbir hizmetin yeniden başlatılmasına gerek yoktur." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble." msgstr "Bu yükseltmeden sonra beklenmedik bir şekilde duran herhangi bir hizmet yeniden başlatılmalıdır. SSL ile bağlantılı bir sorun yaşamamak için en doğrusu bu sunucunun yeniden başlatılmasıdır." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "OpenSSL yükseltmesi sırasında bazı hizmetler yeniden başlatılamadı" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "The following services could not be restarted for the OpenSSL library upgrade:" msgstr "Aşağıdaki hizmetler OpenSSL kitaplıkları yükseltilirken yeniden başlatılamadı:" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "You will need to start these manually by running '/etc/init.d/ start'." msgstr " '/etc/init.d/ start' komutunu çalıştırarak bu hizmetleri elle başlatmalısınız." debian/po/fr.po0000644000000000000000000000731211501472257010562 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8e-4\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2007-11-11 18:47+0100\n" "Last-Translator: Michel Grentzinger \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "Services to restart to make them use the new libraries:" msgstr "Services à redémarrer afin d'utiliser les nouvelles bibliothèques :" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Cette version d'OpenSSL corrige certaines failles de sécurité. Les services " "n'utiliseront pas ces correctifs tant qu'ils n'auront pas été redémarrés. " "Veuillez noter que le redémarrage du serveur SSH (sshd) n'affectera aucune " "connexion existante." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Veuillez vérifier et corriger si nécessaire la liste des services devant " "être redémarrés. Les noms des services doivent être identiques aux noms des " "scripts présents dans /etc/init.d et doivent être séparés par des espaces. " "Si la liste est vide, aucun service ne sera redémarré." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Si d'autres services ne fonctionnent plus correctement après cette mise à " "jour, ils devront être redémarrés. Il est fortement recommandé de redémarrer " "le système pour éviter les problèmes liés à SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" "Impossible de redémarrer certains services lors de la mise à jour d'OpenSSL" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" "Les services suivants ne peuvent pas être redémarrés lors de la mise à jour " "de la bibliothèque OpenSSL :" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Vous devrez les redémarrer vous-même avec la commande « /etc/init.d/" " start »." #~ msgid "${services}" #~ msgstr "${services}" debian/po/lt.po0000644000000000000000000000745211501472257010577 0ustar # translation of openssl_0.9.8b-2_templates.po to Lithuanian # opensll debconf translation templates. # Copyright (C) 2003 Christoph Martin # This file is distributed under the same license as the openssl package. # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry'# # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans# # Developers do not need to manually edit POT or PO files. # # Gintautas Miliauskas , 2006. msgid "" msgstr "" "Project-Id-Version: openssl_0.9.8b-2_templates\n" "Report-Msgid-Bugs-To: openssl@packages.debian.org\n" "POT-Creation-Date: 2010-12-13 20:31+0100\n" "PO-Revision-Date: 2006-06-19 01:32+0300\n" "Last-Translator: Gintautas Miliauskas \n" "Language-Team: Lithuanian \n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.2\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" "%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "Services to restart to make them use the new libraries:" msgstr "" "Kuriuos servisus norėtumėte paleisti iš naujo, kad jie naudotų naujas " "bibliotekas?" #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "This release of OpenSSL fixes some security issues. Services will not use " "these fixes until they are restarted. Please note that restarting the SSH " "server (sshd) should not affect any existing connections." msgstr "" "Šioje versijoje ištaisytos saugumo skylės. Servisai nenaudos šių pataisymų, " "kol nebus iš naujo paleisti. Pastaba: sshd paleidimas iš naujo neturėtų " "turėti įtakos esamiems prisijungimams." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "Please check the list of detected services that need to be restarted and " "correct it, if needed. The services names must be identical to the " "initialization script names in /etc/init.d and separated by spaces. No " "services will be restarted if the list is empty." msgstr "" "Pateiktas servisų, kuriuos reikėtų paleisti iš naujo, sąrašas. Jei matote " "klaidų, sąrašą pataisykite. Servisų vardai turi būti identiški atitinkamų " "paleidžiamųjų failų /etc/init.d kataloge vardams ir turi būti atskirti " "tarpais. Jei sąrašą paliksite tuščią, nė vienas servisas nebus iš naujo " "paleistas." #. Type: string #. Description #: ../libssl1.0.0.templates:1001 #, fuzzy msgid "" "Any service that later fails unexpectedly after this upgrade should be " "restarted. It is recommended to reboot this host to avoid any SSL-related " "trouble." msgstr "" "Jei kiti servisai po šio atnaujinimo sutriks, gali reikėti ir juos paleisti " "iš naujo. Rekomenduojame perkrauti sistemą, jei norite išvengti problemų, " "susijusių su SSL." #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "Failure restarting some services for OpenSSL upgrade" msgstr "" #. Type: error #. Description #. This paragraph is followed by a (non translatable) paragraph containing #. a list of services that could not be restarted #: ../libssl1.0.0.templates:2001 msgid "" "The following services could not be restarted for the OpenSSL library " "upgrade:" msgstr "" #. Type: error #. Description #: ../libssl1.0.0.templates:2001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" debian/changelog0000644000000000000000000042547213401517363011061 0ustar openssl (1.0.1f-1ubuntu2.27) trusty-security; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-pre1.patch: address a timing side channel in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 -- Marc Deslauriers Tue, 04 Dec 2018 10:36:19 -0500 openssl (1.0.1f-1ubuntu2.26) trusty-security; urgency=medium * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack (previous update was incomplete) - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 -- Marc Deslauriers Wed, 20 Jun 2018 07:57:40 -0400 openssl (1.0.1f-1ubuntu2.25) trusty-security; urgency=medium * SECURITY UPDATE: Cache timing side channel - debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 -- Leonidas S. Barbosa Wed, 18 Apr 2018 14:54:20 -0300 openssl (1.0.1f-1ubuntu2.24) trusty-security; urgency=medium * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition - debian/patches/CVE-2018-0739.patch: limit stack depth in crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c. - CVE-2018-0739 -- Marc Deslauriers Tue, 27 Mar 2018 14:31:59 -0400 openssl (1.0.1f-1ubuntu2.23) trusty-security; urgency=medium * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in crypto/x509v3/v3_addr.c. - CVE-2017-3735 -- Marc Deslauriers Thu, 02 Nov 2017 11:30:53 -0400 openssl (1.0.1f-1ubuntu2.22) trusty-security; urgency=medium * SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message overruns in ssl/s3_srvr.c. - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello extension field length in ssl/t1_lib.c. - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c. - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c, - CVE-2016-2177 * SECURITY UPDATE: ECDSA P-256 timing attack key recovery - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c, crypto/ecdsa/ecs_ossl.c. - CVE-2016-7056 * SECURITY UPDATE: DoS via warning alerts - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h, ssl/ssl_locl.h. - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record type is received in ssl/s3_pkt.c. - CVE-2016-8610 * SECURITY UPDATE: Truncated packet could crash via OOB read - debian/patches/CVE-2017-3731-pre.patch: sanity check EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c, crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c, crypto/evp/evp.h, ssl/t1_enc.c. - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in crypto/evp/e_rc4_hmac_md5.c. - CVE-2017-3731 -- Marc Deslauriers Mon, 30 Jan 2017 11:38:06 -0500 openssl (1.0.1f-1ubuntu2.21) trusty-security; urgency=medium * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883) - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow check in crypto/bn/bn_print.c. -- Marc Deslauriers Fri, 23 Sep 2016 07:57:00 -0400 openssl (1.0.1f-1ubuntu2.20) trusty-security; urgency=medium * SECURITY UPDATE: Constant time flag not preserved in DSA signing - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in crypto/dsa/dsa_ossl.c. - CVE-2016-2178 * SECURITY UPDATE: DTLS buffered message DoS - debian/patches/CVE-2016-2179.patch: fix queue handling in ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c, ssl/ssl_locl.h. - CVE-2016-2179 * SECURITY UPDATE: OOB read in TS_OBJ_print_bio() - debian/patches/CVE-2016-2180.patch: fix text handling in crypto/ts/ts_lib.c. - CVE-2016-2180 * SECURITY UPDATE: DTLS replay protection DoS - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed records in ssl/d1_pkt.c. - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c. - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h. - CVE-2016-2181 * SECURITY UPDATE: OOB write in BN_bn2dec() - debian/patches/CVE-2016-2182.patch: don't overflow buffer in crypto/bn/bn_print.c. - CVE-2016-2182 * SECURITY UPDATE: SWEET32 Mitigation - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH to MEDIUM in ssl/s3_lib.c. - CVE-2016-2183 * SECURITY UPDATE: Malformed SHA512 ticket DoS - debian/patches/CVE-2016-6302.patch: sanity check ticket length in ssl/t1_lib.c. - CVE-2016-6302 * SECURITY UPDATE: OOB write in MDC2_Update() - debian/patches/CVE-2016-6303.patch: avoid overflow in crypto/mdc2/mdc2dgst.c. - CVE-2016-6303 * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous handshake in ssl/t1_lib.c. - CVE-2016-6304 * SECURITY UPDATE: Certificate message OOB reads - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c, ssl/s3_srvr.c. - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly larger in ssl/d1_both.c, ssl/s3_both.c. - CVE-2016-6306 * SECURITY REGRESSION: DTLS regression (LP: #1622500) - debian/patches/CVE-2014-3571-3.patch: make DTLS always act as if read_ahead is set in ssl/s3_pkt.c. * debian/patches/update-expired-smime-test-certs.patch: Update test certificates that have expired and caused build test failures. -- Marc Deslauriers Thu, 22 Sep 2016 13:38:15 -0400 openssl (1.0.1f-1ubuntu2.19) trusty-security; urgency=medium * SECURITY UPDATE: EVP_EncodeUpdate overflow - debian/patches/CVE-2016-2105.patch: properly check lengths in crypto/evp/encode.c, add documentation to doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod. - CVE-2016-2105 * SECURITY UPDATE: EVP_EncryptUpdate overflow - debian/patches/CVE-2016-2106.patch: fix overflow in crypto/evp/evp_enc.c. - CVE-2016-2106 * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check - debian/patches/CVE-2016-2107.patch: check that there are enough padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c. - CVE-2016-2107 * SECURITY UPDATE: Memory corruption in the ASN.1 encoder - debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is marked as negative in crypto/asn1/a_int.c. - debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c, crypto/asn1/tasn_enc.c. - CVE-2016-2108 * SECURITY UPDATE: ASN.1 BIO excessive memory allocation - debian/patches/CVE-2016-2109.patch: properly handle large amounts of data in crypto/asn1/a_d2i_fp.c. - CVE-2016-2109 * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768 to 1024. -- Marc Deslauriers Thu, 28 Apr 2016 11:22:20 -0400 openssl (1.0.1f-1ubuntu2.18) trusty-security; urgency=medium * SECURITY UPDATE: side channel attack on modular exponentiation - debian/patches/CVE-2016-0702.patch: use constant-time calculations in crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c, crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h. - CVE-2016-0702 * SECURITY UPDATE: double-free in DSA code - debian/patches/CVE-2016-0705.patch: fix double-free in crypto/dsa/dsa_ameth.c. - CVE-2016-0705 * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - debian/patches/CVE-2016-0797.patch: prevent overflow in crypto/bn/bn_print.c, crypto/bn/bn.h. - CVE-2016-0797 * SECURITY UPDATE: memory leak in SRP database lookups - debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and introduce new SRP_VBASE_get1_by_user function that handled seed properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c, util/libeay.num, openssl.ld. - CVE-2016-0798 * SECURITY UPDATE: memory issues in BIO_*printf functions - debian/patches/CVE-2016-0799.patch: prevent overflow in crypto/bio/b_print.c. - CVE-2016-0799 * debian/patches/preserve_digests_for_sni.patch: preserve negotiated digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c. (LP: #1550643) -- Marc Deslauriers Mon, 29 Feb 2016 07:56:15 -0500 openssl (1.0.1f-1ubuntu2.17) trusty-security; urgency=medium * debian/patches/alt-cert-chains-*.patch: backport series of upstream commits to add alternate chains support. This will allow the future removal of 1024-bit RSA keys from the ca-certificates package. -- Marc Deslauriers Fri, 05 Feb 2016 16:14:26 -0500 openssl (1.0.1f-1ubuntu2.16) trusty-security; urgency=medium * SECURITY UPDATE: Certificate verify crash with missing PSS parameter - debian/patches/CVE-2015-3194.patch: add PSS parameter check to crypto/rsa/rsa_ameth.c. - CVE-2015-3194 * SECURITY UPDATE: X509_ATTRIBUTE memory leak - debian/patches/CVE-2015-3195.patch: fix leak in crypto/asn1/tasn_dec.c. - CVE-2015-3195 * SECURITY UPDATE: Race condition handling PSK identify hint - debian/patches/CVE-2015-3196.patch: fix PSK handling in ssl/s3_clnt.c, ssl/s3_srvr.c. - CVE-2015-3196 -- Marc Deslauriers Fri, 04 Dec 2015 08:20:52 -0500 openssl (1.0.1f-1ubuntu2.15) trusty-security; urgency=medium * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits - debian/patches/reject_small_dh.patch: reject small dh keys in ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod. * SECURITY UPDATE: denial of service and possible code execution via invalid free in DTLS - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c. - CVE-2014-8176 * SECURITY UPDATE: denial of service via malformed ECParameters - debian/patches/CVE-2015-1788.patch: improve logic in crypto/bn/bn_gf2m.c. - CVE-2015-1788 * SECURITY UPDATE: denial of service via out-of-bounds read in X509_cmp_time - debian/patches/CVE-2015-1789.patch: properly parse time format in crypto/x509/x509_vfy.c. - CVE-2015-1789 * SECURITY UPDATE: denial of service via missing EnvelopedContent - debian/patches/CVE-2015-1790.patch: handle NULL data_body in crypto/pkcs7/pk7_doit.c. - CVE-2015-1790 * SECURITY UPDATE: race condition in NewSessionTicket - debian/patches/CVE-2015-1791.patch: create a new session in ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h, ssl/ssl_sess.c. - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in ssl/ssl_sess.c. - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in ssl/ssl_sess.c. - CVE-2015-1791 * SECURITY UPDATE: CMS verify infinite loop with unknown hash function - debian/patches/CVE-2015-1792.patch: fix infinite loop in crypto/cms/cms_smime.c. - CVE-2015-1792 -- Marc Deslauriers Thu, 11 Jun 2015 07:34:23 -0400 openssl (1.0.1f-1ubuntu2.12) trusty-security; urgency=medium * SECURITY IMPROVEMENT: Disable EXPORT ciphers by default - debian/patches/disable_export_ciphers.patch: remove export ciphers from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c, doc/apps/ciphers.pod. -- Marc Deslauriers Thu, 28 May 2015 08:58:02 -0400 openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible memory corruption via malformed EC private key - debian/patches/CVE-2015-0209.patch: fix use after free in crypto/ec/ec_asn1.c. - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c. - CVE-2015-0209 * SECURITY UPDATE: denial of service via cert verification - debian/patches/CVE-2015-0286.patch: handle boolean types in crypto/asn1/a_type.c. - CVE-2015-0286 * SECURITY UPDATE: ASN.1 structure reuse memory corruption - debian/patches/CVE-2015-0287.patch: free up structures in crypto/asn1/tasn_dec.c. - CVE-2015-0287 * SECURITY UPDATE: denial of service via invalid certificate key - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in crypto/x509/x509_req.c. - CVE-2015-0288 * SECURITY UPDATE: denial of service and possible code execution via PKCS#7 parsing - debian/patches/CVE-2015-0289.patch: handle missing content in crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c. - CVE-2015-0289 * SECURITY UPDATE: denial of service or memory corruption via base64 decoding - debian/patches/CVE-2015-0292.patch: prevent underflow in crypto/evp/encode.c. - CVE-2015-0292 * SECURITY UPDATE: denial of service via assert in SSLv2 servers - debian/patches/CVE-2015-0293.patch: check key lengths in ssl/s2_lib.c, ssl/s2_srvr.c. - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in ssl/s2_srvr.c. - CVE-2015-0293 -- Marc Deslauriers Thu, 19 Mar 2015 10:04:30 -0400 openssl (1.0.1f-1ubuntu2.8) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via unexpected handshake when no-ssl3 build option is used (not the default) - debian/patches/CVE-2014-3569.patch: keep the old method for now in ssl/s23_srvr.c. - CVE-2014-3569 * SECURITY UPDATE: bignum squaring may produce incorrect results - debian/patches/CVE-2014-3570.patch: fix bignum logic in crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to crypto/bn/bntest.c. - CVE-2014-3570 * SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c, ssl/s3_pkt.c. - debian/patches/CVE-2014-3571-2.patch: make code more obvious in ssl/d1_pkt.c. - CVE-2014-3571 * SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client] - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in ssl/s3_clnt.c. - CVE-2014-3572 * SECURITY UPDATE: certificate fingerprints can be modified - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c, crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h, crypto/x509/x_all.c. - CVE-2014-8275 * SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client] - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c, ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod, doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod. - CVE-2015-0204 * SECURITY UPDATE: DH client certificates accepted without verification - debian/patches/CVE-2015-0205.patch: prevent use of DH client certificates without sending certificate verify message in ssl/s3_srvr.c. - CVE-2015-0205 * SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record - debian/patches/CVE-2015-0206.patch: properly handle failures in ssl/d1_pkt.c. - CVE-2015-0206 -- Marc Deslauriers Fri, 09 Jan 2015 09:57:48 -0500 openssl (1.0.1f-1ubuntu2.7) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via DTLS SRTP memory leak - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c, ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl, util/ssleay.num. - CVE-2014-3513 * SECURITY UPDATE: denial of service via session ticket integrity check memory leak - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c. - CVE-2014-3567 * SECURITY UPDATE: fix the no-ssl3 build option - debian/patches/CVE-2014-3568.patch: fix conditional code in ssl/s23_clnt.c, ssl/s23_srvr.c. - CVE-2014-3568 * SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a protocol downgrade attack to SSLv3 that exposes the POODLE attack. - debian/patches/tls_fallback_scsv_support.patch: added support for TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec, ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c, ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h, doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod. -- Marc Deslauriers Wed, 15 Oct 2014 12:56:03 -0400 openssl (1.0.1f-1ubuntu2.5) trusty-security; urgency=medium * SECURITY UPDATE: double free when processing DTLS packets - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c. - CVE-2014-3505 * SECURITY UPDATE: DTLS memory exhaustion - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size checks in ssl/d1_both.c. - CVE-2014-3506 * SECURITY UPDATE: DTLS memory leak from zero-length fragments - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes in ssl/d1_both.c. - CVE-2014-3507 * SECURITY UPDATE: information leak in pretty printing functions - debian/patches/CVE-2014-3508.patch: fix OID handling in crypto/asn1/a_object.c, crypto/objects/obj_dat.c. - CVE-2014-3508 * SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c. - CVE-2014-3509 * SECURITY UPDATE: DTLS anonymous EC(DH) denial of service - debian/patches/CVE-2014-3510.patch: check for server certs in ssl/d1_clnt.c, ssl/s3_clnt.c. - CVE-2014-3510 * SECURITY UPDATE: TLS protocol downgrade attack - debian/patches/CVE-2014-3511.patch: properly handle fragments in ssl/s23_srvr.c. - CVE-2014-3511 * SECURITY UPDATE: SRP buffer overrun - debian/patches/CVE-2014-3512.patch: check parameters in crypto/srp/srp_lib.c. - CVE-2014-3512 * SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h. - CVE-2014-5139 -- Marc Deslauriers Thu, 07 Aug 2014 08:03:21 -0400 openssl (1.0.1f-1ubuntu2.4) trusty-security; urgency=medium * SECURITY UPDATE: regression with certain renegotiations (LP: #1332643) - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. -- Marc Deslauriers Fri, 20 Jun 2014 13:55:11 -0400 openssl (1.0.1f-1ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297) - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using tls_session_secret_cb for session resumption in ssl/s3_clnt.c. -- Marc Deslauriers Thu, 12 Jun 2014 08:29:16 -0400 openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via ECDH null session cert - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL before dereferencing it in ssl/s3_clnt.c. - CVE-2014-3470 -- Marc Deslauriers Mon, 02 Jun 2014 13:57:34 -0400 openssl (1.0.1f-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via use after free - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before releasing buffers in ssl/s3_pkt.c. - CVE-2010-5298 * SECURITY UPDATE: denial of service via null pointer dereference - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new one in ssl/s3_pkt.c. - CVE-2014-0198 -- Marc Deslauriers Fri, 02 May 2014 15:23:01 -0400 openssl (1.0.1f-1ubuntu2) trusty; urgency=medium * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation - debian/patches/CVE-2014-0076.patch: add and use constant time swap in crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c, util/libeay.num. - CVE-2014-0076 * SECURITY UPDATE: memory disclosure in TLS heartbeat extension - debian/patches/CVE-2014-0160.patch: use correct lengths in ssl/d1_both.c, ssl/t1_lib.c. - CVE-2014-0160 -- Marc Deslauriers Mon, 07 Apr 2014 15:37:53 -0400 openssl (1.0.1f-1ubuntu1) trusty; urgency=low * Merge with Debian, remaining changes. - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * Dropped changes: - debian/patches/arm64-support: included in debian-targets.patch - debian/patches/no_default_rdrand.patch: upstream - debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely disabled in debian/rules -- Marc Deslauriers Wed, 08 Jan 2014 15:57:24 -0500 openssl (1.0.1f-1) unstable; urgency=high * New upstream version - Fix for TLS record tampering bug CVE-2013-4353 - Drop the snapshot patch * update watch file to check for upstream signature and add upstream pgp key. * Drop conflicts against openssh since we now on a released version again. -- Kurt Roeckx Mon, 06 Jan 2014 18:50:54 +0100 openssl (1.0.1e-6) unstable; urgency=medium * Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<< 1:6.4p1-1.1). This is to prevent people running into #732940. This Breaks can be removed again when we stop using a git snapshot. -- Kurt Roeckx Mon, 23 Dec 2013 15:19:17 +0100 openssl (1.0.1e-5) unstable; urgency=low * Change default digest to SHA256 instead of SHA1. (Closes: #694738) * Drop support for multiple certificates in 1 file. It never worked properly in the first place, and the only one shipping in ca-certificates has been split. * Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors * Remove make-targets.patch. It prevented the test dir from being cleaned. * Update to a git snapshot of the OpenSSL_1_0_1-stable branch. - Fixes CVE-2013-6449 (Closes: #732754) - Fixes CVE-2013-6450 - Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch dtls_version.patch get_certificate.patch, since they where all already commited upstream. - adjust fix-pod-errors.patch for the reordering of items in the documentation they've done trying to fix those pod errors. - disable rdrand engine by default (Closes: #732710) * disable zlib support. Fixes CVE-2012-4929 (Closes: #728055) * Add arm64 support (Closes: #732348) * Properly use the default number of bits in req when none are given -- Kurt Roeckx Sun, 22 Dec 2013 19:25:35 +0100 openssl (1.0.1e-4ubuntu4) trusty; urgency=low * debian/patches/no_default_rdrand.patch: Don't use rdrand engine as default unless explicitly requested. -- Marc Deslauriers Thu, 19 Dec 2013 15:39:22 -0500 openssl (1.0.1e-4ubuntu3) trusty; urgency=medium * Update debian configuration. -- Matthias Klose Thu, 05 Dec 2013 14:34:48 +0100 openssl (1.0.1e-4ubuntu2) trusty; urgency=low * Re-enable full TLSv1.2 support (LP: #1257877) - debian/patches/tls12_workarounds.patch: disable patch to re-enable full TLSv1.2 support. Most problematic sites have been fixed now, and we really want proper TLSv1.2 support in an LTS. -- Marc Deslauriers Wed, 04 Dec 2013 12:33:44 -0500 openssl (1.0.1e-4ubuntu1) trusty; urgency=low * Merge with Debian; remaining changes same as in 1.0.1e-3ubuntu1. -- Matthias Klose Wed, 04 Dec 2013 11:28:00 +0100 openssl (1.0.1e-4) unstable; urgency=low [ Peter Michael Green ] * Fix pod errors (Closes: #723954) * Fix clean target [ Kurt Roeckx ] * Add mipsn32 and mips64 targets. Patch from Eleanor Chen (Closes: #720654) * Add support for nocheck in DEB_BUILD_OPTIONS * Update Norwegian translation (Closes: #653574) * Update description of the packages. Patch by Justin B Rye (Closes: #719262) * change to debhelper compat level 9: - change dh_strip call so only the files from libssl1.0.0 get debug symbols. - change dh_makeshlibs call so the engines don't get added to the shlibs * Update Standards-Version from 3.8.0 to 3.9.5. No changes required. -- Kurt Roeckx Fri, 01 Nov 2013 17:11:53 +0100 openssl (1.0.1e-3ubuntu1) saucy; urgency=low * Merge with Debian, remaining changes. - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/patches/arm64-support: Add basic arm64 support (no assembler) - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2 in test suite since we disable it in the client. * Disable compression to avoid CRIME systemwide (CVE-2012-4929). * Dropped changes: - debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian. -- Matthias Klose Mon, 15 Jul 2013 14:07:52 +0200 openssl (1.0.1e-3) unstable; urgency=low * Move to /usr/include/$(DEB_HOST_MULTIARCH), and mark libssl-dev Multi-Arch: same. Patch by Colin Watson (Closes: #689093) * Add Polish translation (Closes: #658162) * Add Turkish translation (Closes: #660971) * Enable assembler for the arm targets, and remove armeb. Patch by Riku Voipio (Closes: #676533) * Add support for x32 (Closes: #698406) * enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447) -- Kurt Roeckx Mon, 20 May 2013 16:56:06 +0200 openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low * SECURITY UPDATE: Disable compression to avoid CRIME systemwide (LP: #1187195) - CVE-2012-4929 - debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of zlib to compress SSL/TLS unless the environment variable OPENSSL_DEFAULT_ZLIB is set in the environment during library initialization. - Introduced to assist with programs not yet updated to provide their own controls on compression, such as Postfix - http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch -- Seth Arnold Mon, 03 Jun 2013 18:14:05 -0700 openssl (1.0.1e-2ubuntu1) saucy; urgency=low * Resynchronise with Debian unstable. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* - debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly code. - debian/patches/arm64-support: Add basic arm64 support (no assembler) - debian/rules: Enable optimized 64bit elliptic curve code contributed by Google. * debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2 in test suite since we disable it in the client. * Dropped changes: - debian/patches/CVE-2013-0169.patch: upstream. - debian/patches/fix_key_decoding_deadlock.patch: upstream. - debian/patches/CVE-2013-0166.patch: upstream. -- Marc Deslauriers Tue, 21 May 2013 16:31:47 -0400 openssl (1.0.1e-2) unstable; urgency=high * Bump shlibs. It's needed for the udeb. * Make cpuid work on cpu's that don't set ecx (Closes: #699692) * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353) * Fix problem with DTLS version check (Closes: #701826) * Fix segfault in SSL_get_certificate (Closes: #703031) -- Kurt Roeckx Mon, 18 Mar 2013 20:37:11 +0100 openssl (1.0.1e-1) unstable; urgency=high * New upstream version (Closes: #699889) - Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166 - Drop renegiotate_tls.patch, applied upstream - Export new CRYPTO_memcmp symbol, update symbol file * Add ssltest_no_sslv2.patch so that "make test" works. -- Kurt Roeckx Mon, 11 Feb 2013 19:39:44 +0100 openssl (1.0.1c-5) unstable; urgency=low * Re-enable assembler versions on sparc. They shouldn't have been disabled for sparc v9. (Closes: #649841) -- Kurt Roeckx Sun, 09 Sep 2012 08:43:40 +0200 openssl (1.0.1c-4ubuntu8) raring; urgency=low * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra commit from upstream to fix regression. - CVE-2013-0169 -- Marc Deslauriers Tue, 19 Mar 2013 14:33:14 -0400 openssl (1.0.1c-4ubuntu7) raring; urgency=low * Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522) -- Dmitrijs Ledkovs Thu, 07 Mar 2013 15:36:16 +0000 openssl (1.0.1c-4ubuntu6) raring; urgency=low * debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock when decoding public keys. (LP: #1066032) -- Marc Deslauriers Wed, 06 Mar 2013 08:11:19 -0500 openssl (1.0.1c-4ubuntu5) raring; urgency=low * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873, LP: #1133333) - debian/patches/CVE-2013-0169.patch: disabled for now until fix is available from upstream. -- Marc Deslauriers Thu, 28 Feb 2013 11:01:29 -0500 openssl (1.0.1c-4ubuntu4) raring; urgency=low * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via AES-NI and crafted CBC data - Fix included in CVE-2013-0169 patch - CVE-2012-2686 -- Marc Deslauriers Tue, 19 Feb 2013 13:25:24 -0500 openssl (1.0.1c-4ubuntu3) raring; urgency=low * Add basic arm64 support (no assembler) (LP: #1102107) -- Wookey Sun, 20 Jan 2013 17:30:15 +0000 openssl (1.0.1c-4ubuntu2) raring; urgency=low * Enable arm assembly code. (LP: #1083498) (Closes: #676533) -- Dmitrijs Ledkovs Wed, 28 Nov 2012 00:08:45 +0000 openssl (1.0.1c-4ubuntu1) raring; urgency=low * Resynchronise with Debian (LP: #1077228). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - debian/patches/tls12_workarounds.patch: Workaround large client hello issues when TLS 1.1 and lower is in use - debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-* * Dropped changes: - Drop openssl-doc in favour of the libssl-doc package introduced by Debian. Add Conflicts/Replaces until the next LTS release. + Drop the Conflicts/Replaces because 12.04 LTS was 'the next LTS release' -- Tyler Hicks Fri, 09 Nov 2012 14:49:13 -0800 openssl (1.0.1c-4) unstable; urgency=low * Fix the configure rules for alpha (Closes: #672710) * Switch the postinst to sh again, there never was a reason to switch it to bash (Closes: #676398) * Fix pic.patch to not use #ifdef in x86cpuid.s, only .S files are preprocessed. We generate the file again for pic anyway. (Closes: #677468) * Drop Breaks against openssh as it was only for upgrades between versions that were only in testing/unstable. (Closes: #668600) -- Kurt Roeckx Tue, 17 Jul 2012 11:49:19 +0200 openssl (1.0.1c-3ubuntu2) quantal; urgency=low [ Tyler Hicks ] * debian/patches/tls12_workarounds.patch: Readd the change to check TLS1_get_client_version rather than TLS1_get_version to fix incorrect client hello cipher list truncation when TLS 1.1 and lower is in use. (LP: #1051892) [ Micah Gersten ] * Mark Debian Vcs-* as XS-Debian-Vcs-* - update debian/control -- Tyler Hicks Thu, 04 Oct 2012 10:34:57 -0700 openssl (1.0.1c-3ubuntu1) quantal; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - debian/patches/tls12_workarounds.patch: workaround large client hello issue: Compile with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 and with -DOPENSSL_NO_TLS1_2_CLIENT. * Dropped upstreamed patches: - debian/patches/CVE-2012-2110.patch - debian/patches/CVE-2012-2110b.patch - debian/patches/CVE-2012-2333.patch - debian/patches/CVE-2012-0884-extra.patch - most of debian/patches/tls12_workarounds.patch -- Marc Deslauriers Fri, 29 Jun 2012 13:01:30 -0400 openssl (1.0.1c-3) unstable; urgency=low * Disable padlock engine again, causes problems for hosts not supporting it. -- Kurt Roeckx Wed, 06 Jun 2012 18:29:37 +0200 openssl (1.0.1c-2) unstable; urgency=high * Fix renegiotation when using TLS > 1.0. This breaks tor. Patch from upstream. (Closes: #675990) * Enable the padlock engine by default. * Change default bits from 1024 to 2048 (Closes: #487152) -- Kurt Roeckx Wed, 06 Jun 2012 00:55:42 +0200 openssl (1.0.1c-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-2333 (Closes: #672452) -- Kurt Roeckx Fri, 11 May 2012 18:44:51 +0200 openssl (1.0.1b-1) unstable; urgency=high * New upstream version - Remaps SSL_OP_NO_TLSv1_1, so applications linked to 1.0.0 can talk to servers supporting TLS 1.1 but not TLS 1.2 - Drop rc4_hmac_md5.patch, applied upstream -- Kurt Roeckx Thu, 26 Apr 2012 23:34:34 +0200 openssl (1.0.1a-3) unstable; urgency=low * Use patch from upstream for the rc4_hmac_md5 issue. -- Kurt Roeckx Thu, 19 Apr 2012 23:16:30 +0200 openssl (1.0.1a-2) unstable; urgency=low * Fix rc4_hmac_md5 on non-i386/amd64 arches. -- Kurt Roeckx Thu, 19 Apr 2012 21:54:42 +0200 openssl (1.0.1a-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-2110 - Fix crash in rc4_hmac_md5 (Closes: #666405) - Fixes some issues with talking to other servers when TLS 1.1 and 1.2 is supported - Drop patches no_ssl2.patch vpaes.patch tls1.2_client_algorithms.patch, applied upstream. -- Kurt Roeckx Thu, 19 Apr 2012 19:54:12 +0200 openssl (1.0.1-4ubuntu6) quantal; urgency=low * SECURITY UPDATE: denial of service attack in DTLS, TLS v1.1 and TLS v1.2 implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * debian/patches/CVE-2012-0884-extra.patch: initialize tkeylen properly when encrypting CMS messages. -- Steve Beattie Thu, 24 May 2012 16:05:04 -0700 openssl (1.0.1-4ubuntu5) precise-proposed; urgency=low * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean() -- Jamie Strandboge Tue, 24 Apr 2012 08:29:32 -0500 openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low * Check TLS1_get_client_version rather than TLS1_get_version for client hello cipher list truncation, in a further attempt to get things working again for everyone (LP: #986147). -- Colin Watson Tue, 24 Apr 2012 14:05:50 +0100 openssl (1.0.1-4ubuntu3) precise-proposed; urgency=low * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 -- Jamie Strandboge Thu, 19 Apr 2012 10:31:06 -0500 openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low * Backport more upstream patches to work around TLS 1.2 failures (LP #965371): - Do not use record version number > TLS 1.0 in initial client hello: some (but not all) hanging servers will now work. - Truncate the number of ciphers sent in the client hello to 50. Most broken servers should now work. - Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections. * Don't re-enable TLS 1.2 client support by default yet, since more of the sites listed in the above bug and its duplicates still fail if I do that versus leaving it disabled. -- Colin Watson Wed, 18 Apr 2012 15:03:56 +0100 openssl (1.0.1-4ubuntu1) precise; urgency=low * Resynchronise with Debian (LP: #968753). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. - Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. -- Colin Watson Tue, 10 Apr 2012 20:50:52 +0100 openssl (1.0.1-4) unstable; urgency=low * Use official patch for the vpaes problem, also covering amd64. -- Kurt Roeckx Sat, 31 Mar 2012 20:54:13 +0200 openssl (1.0.1-3) unstable; urgency=high * Fix crash in vpaes (Closes: #665836) * use client version when deciding whether to send supported signature algorithms extension -- Kurt Roeckx Sat, 31 Mar 2012 18:35:59 +0200 openssl (1.0.1-2ubuntu4) precise; urgency=low * Pass cross-compiling options to 'make install' as well, since apparently it likes to rebuild fips_premain_dso. -- Colin Watson Sat, 31 Mar 2012 00:48:38 +0100 openssl (1.0.1-2ubuntu3) precise; urgency=low * Temporarily work around TLS 1.2 failures as suggested by upstream (LP #965371): - Use client version when deciding whether to send supported signature algorithms extension. - Experimental workaround to large client hello issue: if OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only. - Compile with -DOPENSSL_NO_TLS1_2_CLIENT. This fixes most of the reported problems, but does not fix the case of servers that reject version numbers they don't support rather than trying to negotiate a lower version (e.g. www.mediafire.com). -- Colin Watson Fri, 30 Mar 2012 17:11:45 +0100 openssl (1.0.1-2ubuntu2) precise; urgency=low * Remove compat symlinks from /usr/lib to /lib, as they cause some serious issued with symbol generation, and are not needed. * Bump version passed to dh_makeshlibs to 1.0.1 for new symbols. -- Adam Conrad Fri, 23 Mar 2012 21:39:39 -0600 openssl (1.0.1-2ubuntu1) precise; urgency=low * Resynchronise with Debian (LP: #958430). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. * Drop aesni.patch, applied upstream. * Drop Bsymbolic-functions.patch, now handled using dpkg-buildflags. -- Colin Watson Thu, 22 Mar 2012 17:54:09 +0000 openssl (1.0.1-2) unstable; urgency=low * Properly quote the new cflags in Configure -- Kurt Roeckx Mon, 19 Mar 2012 19:56:05 +0100 openssl (1.0.1-1) unstable; urgency=low * New upstream version - Remove kfreebsd-pipe.patch, fixed upstream - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for the new functions. - AES-NI support (Closes: #644743) * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup hidden on amd64, no need to access it PIC anymore. * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977) * Enable hardening using dpkg-buildflags (Closes: #653495) * s_client and s_server were forcing SSLv3 only connection when SSLv2 was disabled instead of the SSLv2 with upgrade method. (Closes: #664454) * Add Breaks on openssh < 1:5.9p1-4, it has a too strict version check. -- Kurt Roeckx Mon, 19 Mar 2012 18:23:32 +0100 openssl (1.0.0h-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-0884 - Fixes CVE-2012-1165 - Properly fix CVE-2011-4619 - pkg-config.patch applied upstream, remove it. * Enable assembler for all i386 arches. The assembler does proper detection of CPU support, including cpuid support. This should fix a problem with AES 192 and 256 with the padlock engine because of the difference in NO_ASM between the between the i686 optimized library and the engine. -- Kurt Roeckx Tue, 13 Mar 2012 21:08:17 +0100 openssl (1.0.0g-1ubuntu1) precise; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. -- Marc Deslauriers Sat, 11 Feb 2012 13:27:31 -0500 openssl (1.0.0g-1) unstable; urgency=high * New upstream version - Fixes CVE-2012-0050 -- Kurt Roeckx Wed, 18 Jan 2012 20:46:13 +0100 openssl (1.0.0f-1) unstable; urgency=high * New upstream version - Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027, CVE-2011-4577 -- Kurt Roeckx Thu, 12 Jan 2012 19:02:43 +0100 openssl (1.0.0e-3ubuntu1) precise; urgency=low * Resynchronise with Debian. Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification on libssl1.0.0 upgrade on servers. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i586 (on i386) + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. - Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. -- Marc Deslauriers Thu, 12 Jan 2012 11:30:17 +0100 openssl (1.0.0e-3) unstable; urgency=low * Don't build v8 and v9 variants of sparc anymore, they're older than the default. (Closes: #649841) * Don't build i486 optimized version, that's the default anyway, and it uses assembler that doesn't always work on i486. -- Kurt Roeckx Mon, 28 Nov 2011 22:17:26 +0100 openssl (1.0.0e-2.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them as revoked. -- Raphael Geissert Sun, 06 Nov 2011 01:39:30 -0600 openssl (1.0.0e-2ubuntu4) oneiric; urgency=low * The previous change moved the notification to major upgrades only, but in fact, we do want the sysadmin to be notified when security updates are installed, without having services automatically restarted. (LP: #244250) -- Marc Deslauriers Tue, 04 Oct 2011 09:31:22 -0400 openssl (1.0.0e-2ubuntu3) oneiric; urgency=low * Only issue a restart required notification on important upgrades, and not other actions such as reconfiguration or initial installation. (LP: #244250) -- Anders Kaseorg Tue, 04 Oct 2011 13:33:35 +0100 openssl (1.0.0e-2ubuntu2) oneiric; urgency=low * Unapply patch c_rehash-multi and comment it out in the series as it breaks parsing of certificates with CRLF line endings and other cases (see Debian #642314 for discussion), it also changes the semantics of c_rehash directories by requiring applications to parse hash link targets as files containing potentially *multiple* certificates rather than exactly one. LP: #855454. -- Loïc Minier Tue, 27 Sep 2011 18:13:07 +0200 openssl (1.0.0e-2ubuntu1) oneiric; urgency=low * Resynchronise with Debian, fixes CVE-2011-1945, CVE-2011-3207 and CVE-2011-3210 (LP: #850608). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification bubble on libssl1.0.0 upgrade. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. * debian/libssl1.0.0.postinst: only display restart notification on servers (LP: #244250) -- Steve Beattie Wed, 14 Sep 2011 22:06:03 -0700 openssl (1.0.0e-2) unstable; urgency=low * Add a missing $(DEB_HOST_MULTIARCH) -- Kurt Roeckx Sat, 10 Sep 2011 17:02:29 +0200 openssl (1.0.0e-1) unstable; urgency=low * New upstream version - Fix bug where CRLs with nextUpdate in the past are sometimes accepted by initialising X509_STORE_CTX properly. (CVE-2011-3207) - Fix SSL memory handling for (EC)DH ciphersuites, in particular for multi-threaded use of ECDH. (CVE-2011-3210) - Add protection against ECDSA timing attacks (CVE-2011-1945) * Block DigiNotar certifiates. Patch from Raphael Geissert * Generate hashes for all certs in a file (Closes: #628780, #594524) Patch from Klaus Ethgen * Add multiarch support (Closs: #638137) Patch from Steve Langasek / Ubuntu * Symbols from the gost engine were removed because it didn't have a linker file. Thanks to Roman I Khimov (Closes: #631503) * Add support for s390x. Patch from Aurelien Jarno (Closes: #641100) * Add build-arch and build-indep targets to the rules file. -- Kurt Roeckx Sat, 10 Sep 2011 12:03:13 +0200 openssl (1.0.0d-3) unstable; urgency=low * Make it build on sparc64. Patch from Aurelien Jarno. (Closes: #626060) * Apply patches from Scott Schaefer to fix various pod and spelling errors. (Closes: #622820, #605561) * Add missing symbols for the engines (Closes: #623038) * More spelling fixes from Scott Schaefer (Closes: #395424) * Patch from Scott Schaefer to better document pkcs12 password options (Closes: #462489) * Document dgst -hmac option. Patch by Thorsten Glaser (Closes: #529586) -- Kurt Roeckx Mon, 13 Jun 2011 12:39:54 +0200 openssl (1.0.0d-2ubuntu2) oneiric; urgency=low * Build for multiarch. LP: #826601. -- Steve Langasek Mon, 15 Aug 2011 01:58:35 -0700 openssl (1.0.0d-2ubuntu1) oneiric; urgency=low * Resynchronise with Debian (LP: #675566). Remaining changes: - debian/libssl1.0.0.postinst: + Display a system restart required notification bubble on libssl1.0.0 upgrade. + Use a different priority for libssl1.0.0/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - debian/patches/aesni.patch: Backport Intel AES-NI support, now from http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the 0.9.8 variant. - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/rules: + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. + Replace duplicate files in the doc directory with symlinks. * Update architectures affected by Bsymbolic-functions.patch. * Drop debian/patches/no-sslv2.patch; Debian now adds the 'no-ssl2' configure option, which compiles out SSLv2 support entirely, so this is no longer needed. * Drop openssl-doc in favour of the libssl-doc package introduced by Debian. Add Conflicts/Replaces until the next LTS release. -- Colin Watson Sun, 01 May 2011 23:51:53 +0100 openssl (1.0.0d-2) unstable; urgency=high * Make c_rehash also generate the old subject hash. Gnutls applications seem to require it. (Closes: #611102) -- Kurt Roeckx Wed, 13 Apr 2011 22:36:49 +0200 openssl (1.0.0d-1) unstable; urgency=low * New upstream version - Fixes CVE-2011-0014 * Make libssl-doc Replaces/Breaks with old libssl-dev packages (Closes: #607609) * Only export the symbols we should, instead of all. * Add symbol file. * Upload to unstable -- Kurt Roeckx Sat, 02 Apr 2011 13:19:19 +0000 openssl (1.0.0c-2) experimental; urgency=low * Set $ in front of {sparcv9_asm} so that the sparc v9 variant builds. * Always define _GNU_SOURCE, not only for Linux. * Drop SSL2 support (Closes: #589706) -- Kurt Roeckx Sun, 19 Dec 2010 16:24:16 +0100 openssl (1.0.0c-1) experimental; urgency=low * New upstream version (Closes: #578376) - New soname: Rename library packages - Drop patch perl-path.diff, not needed anymore - Drop patches CVE-2010-2939.patch, CVE-2010-3864.patch and CVE-2010-4180.patch: applied upstream. - Update Configure for the new fields for the assembler options per arch. alpha now makes use of assembler. * Move man3 manpages and demos to libssl-doc (Closes: #470594) * Drop .pod files from openssl package (Closes: #518167) * Don't use RC4_CHAR on amd64 and drop rc4-amd64.patch * Stop using BF_PTR2 on (kfreebd-)amd64. * Drop debian-arm from the list of arches. * Update arm arches to use BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR instead of BN_LLONG DES_RISC1 * ia64: Drop RC4_CHAR, add DES_UNROLL DES_INT * powerpc: Use RC4_CHAR RC4_CHUNK DES_RISC1 instead of DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX * s390: Use RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL instead of BN_LLONG -- Kurt Roeckx Sun, 12 Dec 2010 15:37:21 +0100 openssl (0.9.8o-5ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: (LP: #718205) - d/libssl0.9.8.postinst: + Display a system restart required notification bubble on libssl0.9.8 upgrade. + Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - d/{libssl0.9.8-udeb.dirs, control, rules}: Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - d/{libcrypto0.9.8-udeb.dirs, libssl0.9.8.dirs, libssl0.9.8.files, rules}: Move runtime libraries to /lib, for the benefit of wpasupplicant. - d/{control, openssl-doc.docs, openssl.docs, openssl.dirs}: + Ship documentation in openssl-doc, suggested by the package. (Closes: #470594) - d/p/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - d/p/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - d/p/perlpath-quilt.patch: Don't change perl #! paths under .pc. - d/p/no-sslv2.patch: Disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Closes: #589706) - d/rules: + Disable SSLv2 during compile. (Closes: #589706) + Don't run 'make test' when cross-building. + Use host compiler when cross-building. Patch from Neil Williams. (Closes: #465248) + Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). + Fix Makefile to properly clean up libs/ dirs in clean target. (Closes: #611667) + Replace duplicate files in the doc directory with symlinks. * This upload fixed CVE: (LP: #718208) - CVE-2011-0014 -- Artur Rona Sun, 13 Feb 2011 16:10:24 +0100 openssl (0.9.8o-5) unstable; urgency=low * Fix OCSP stapling parse error (CVE-2011-0014) -- Kurt Roeckx Thu, 10 Feb 2011 20:43:43 +0100 openssl (0.9.8o-4ubuntu2) natty; urgency=low [ Peter Pearse ] * Fix Makefile to properly clean up libs/ dirs in clean target -- Steve Langasek Mon, 31 Jan 2011 10:47:30 -0800 openssl (0.9.8o-4ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: (LP: #693902) - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian). - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant. - Ship documentation in openssl-doc, suggested by the package. (Closes: #470594) - Use host compiler when cross-building. Patch from Neil Williams. (Closes: #465248). - Don't run 'make test' when cross-building. - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Closes: #589706) -- Artur Rona Thu, 23 Dec 2010 20:20:03 +0100 openssl (0.9.8o-4) unstable; urgency=low * Fix CVE-2010-4180 (Closes: #529221) -- Kurt Roeckx Mon, 06 Dec 2010 20:33:21 +0100 openssl (0.9.8o-3ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #677756). Remaining changes: - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions (refreshed) - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Don't build for processors no longer supported: i486, i586 (on i386), v8 (on sparc). - Create libssl0.9.8-udeb, for the benefit of wget-udeb (no wget-udeb package in Debian) - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant - Ship documentation in openssl-doc, suggested by the package. (Debian bug 470594) - Use host compiler when cross-building (patch from Neil Williams in Debian bug 465248). - Don't run 'make test' when cross-building. - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (refreshed) - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. - debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Debian bug 589706) * Dropped patches, now upstream: - debian/patches/CVE-2010-2939.patch (Debian patch is identically named) -- Steve Beattie Thu, 18 Nov 2010 12:54:37 -0800 openssl (0.9.8o-3) unstable; urgency=high * Fix TLS extension parsing race condition (CVE-2010-3864) (Closes: #603709) * Re-add the engines. They were missing since 0.9.8m-1. Patch by Joerg Schneider. (Closes: #603693) * Not all architectures were build using -g (Closes: #570702) * Add powerpcspe support (Closes: #579805) * Add armhf support (Closes: #596881) * Update translations: - Brazilian Portuguese (Closes: #592154) - Danish (Closes: #599459) - Vietnamese (Closes: #601536) - Arabic (Closes: #596166) * Generate the proper stamp file so that everything doesn't get build twice. -- Kurt Roeckx Tue, 16 Nov 2010 19:20:55 +0100 openssl (0.9.8o-2) unstable; urgency=high * Fix CVE-2010-2939: Double free using ECDH. (Closes: #594415) -- Kurt Roeckx Thu, 26 Aug 2010 18:25:29 +0200 openssl (0.9.8o-1ubuntu4.1) maverick-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via crafted private key with an invalid prime. - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing it in ssl/s3_clnt.c. - CVE-2010-2939 -- Marc Deslauriers Wed, 06 Oct 2010 16:46:36 -0400 openssl (0.9.8o-1ubuntu4) maverick; urgency=low * Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault on engine initialisation (LP: #590639). -- Colin Watson Fri, 24 Sep 2010 12:20:49 +0100 openssl (0.9.8o-1ubuntu3) maverick; urgency=low * debian/patches/no-sslv2.patch: disable SSLv2 to match NSS and GnuTLS. The protocol is unsafe and extremely deprecated. (Debian bug 589706) -- Kees Cook Tue, 20 Jul 2010 08:24:13 -0700 openssl (0.9.8o-1ubuntu2) maverick; urgency=low * Don't build anymore for processors not supported anymore in maverick: - i486, i586 (on i386). - v8 (on sparc). -- Matthias Klose Mon, 19 Jul 2010 16:44:10 +0200 openssl (0.9.8o-1ubuntu1) maverick; urgency=low * Merge from debian unstable, remaining changes (LP: #581167): - debian/patches/Bsymbolic-functions.patch: Link using -Bsymbolic-functions - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant - Use host compiler when cross-building (patch from Neil Williams in Debian #465248). - Don't run 'make test' when cross-building. - Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). - debian/patches/aesni.patch: Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under .pc. * Dropped patches, now upstream: - debian/patches/CVE-2009-3245.patch - debian/patches/CVE-2010-0740.patch - debian/patches/dtls-compatibility.patch - debian/patches/CVE-2009-4355.patch * Dropped "Add support for lpia". * Dropped "Disable SSLv2 during compile" as this had never actually disabled SSLv2. * Don't disable CVE-2009-3555.patch for Maverick. -- Marc Deslauriers Mon, 14 Jun 2010 09:08:29 -0400 openssl (0.9.8o-1) unstable; urgency=low * New upstream version - Add SHA2 algorithms to SSL_library_init(). - aes-x86_64.pl is now PIC, update pic.patch. * Add sparc64 support (Closes: #560240) -- Kurt Roeckx Sun, 18 Apr 2010 01:42:44 +0200 openssl (0.9.8n-1) unstable; urgency=high * New upstream version. - Fixes CVE-2010-0740. - Drop cfb.patch, applied upstream. -- Kurt Roeckx Thu, 25 Mar 2010 20:30:52 +0100 openssl (0.9.8m-2) unstable; urgency=low * Revert CFB block length change preventing reading older files. (Closes: #571810, #571940) -- Kurt Roeckx Sun, 28 Feb 2010 22:08:49 +0100 openssl (0.9.8m-1) unstable; urgency=low * New upstream version - Implements RFC5746, reenables renegotiation but requires the extension. - Fixes CVE-2009-3245 - Drop patches CVE-2009-4355.patch, CVE-2009-1378.patch, CVE-2009-1377.patch, CVE-2009-1379.patch, CVE-2009-3555.patch, CVE-2009-2409.patch, CVE-2009-1387.patch, tls_ext_v3.patch, no_check_self_signed.patch: applied upstream - pk7_mime_free.patch removed, code rewritten - ca.diff partially applied upstream - engines-path.patch adjusted, upstream made some minor changes to the build system. - some flags changed values, bump shlibs. * Switch to 3.0 (quilt) source package. * Make sure the package is properly cleaned. * Add ${misc:Depends} to the Depends on all packages. * Fix spelling of extension in the changelog file. -- Kurt Roeckx Sat, 27 Feb 2010 12:24:03 +0000 openssl (0.9.8k-8) unstable; urgency=high * Clean up zlib state so that it will be reinitialized on next use and not cause a memory leak. (CVE-2009-4355, CVE-2008-1678) -- Kurt Roeckx Wed, 13 Jan 2010 21:26:49 +0100 openssl (0.9.8k-7ubuntu8) lucid; urgency=low * SECURITY UPDATE: denial of service and possible arbitrary code execution via unchecked return values - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c, engines/e_ubsec.c. - CVE-2009-3245 * SECURITY UPDATE: denial of service via "record of death" - debian/patches/CVE-2010-0740.patch: only send back minor version number in ssl/s3_pkt.c. - CVE-2010-0740 -- Marc Deslauriers Tue, 30 Mar 2010 08:57:51 -0400 openssl (0.9.8k-7ubuntu7) lucid; urgency=low * debian/patches/dtls-compatibility.patch: backport dtls compatibility code from 0.9.8m to fix interopability. (LP: #516318) -- Marc Deslauriers Fri, 26 Mar 2010 08:31:09 -0400 openssl (0.9.8k-7ubuntu6) lucid; urgency=low * Backport Intel AES-NI support from http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). * Don't change perl #! paths under .pc. -- Colin Watson Mon, 01 Feb 2010 15:40:27 -0800 openssl (0.9.8k-7ubuntu5) lucid; urgency=low * SECURITY UPDATE: memory leak possible during state clean-up. - Add CVE-2009-4355.patch, upstream fixes thanks to Debian. -- Kees Cook Fri, 22 Jan 2010 09:50:01 -0800 openssl (0.9.8k-7ubuntu4) lucid; urgency=low * Use host compiler when cross-building (patch from Neil Williams in Debian #465248). * Don't run 'make test' when cross-building. * Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). -- Colin Watson Tue, 05 Jan 2010 16:09:38 +0000 openssl (0.9.8k-7ubuntu3) lucid; urgency=low * debian/patches/disable-sslv2.patch: remove and apply inline to fix FTBFS when patch won't revert during the build process. -- Marc Deslauriers Mon, 07 Dec 2009 21:00:47 -0500 openssl (0.9.8k-7ubuntu2) lucid; urgency=low * debian/patches/{disable-sslv2,Bsymbolic-functions}.patch: apply Makefile sections inline as once the package is configured during the build process, the patches wouldn't revert anymore, causing a FTBFS on anything other than amd64. -- Marc Deslauriers Mon, 07 Dec 2009 19:52:15 -0500 openssl (0.9.8k-7ubuntu1) lucid; urgency=low * Merge from debian unstable, remaining changes (LP: #493392): - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. - Move runtime libraries to /lib, for the benefit of wpasupplicant * Strip the patches out of the source into quilt patches * Disable CVE-2009-3555.patch -- Nicolas Valcárcel Scerpella (Canonical) Sun, 06 Dec 2009 20:16:24 -0500 openssl (0.9.8k-7) unstable; urgency=low * Bump the shlibs to require 0.9.8k-1. The following symbols to added between g and k: AES_wrap_key, AES_unwrap_key, ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn, SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex, BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init, int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions, CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info, CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init, ENGINE_set_load_ssl_client_cert_function, ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex, RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0, X509at_get0_data_by_OBJ, X509_get1_ocsp -- Kurt Roeckx Sat, 28 Nov 2009 14:34:26 +0100 openssl (0.9.8k-6) unstable; urgency=low * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829) -- Kurt Roeckx Thu, 12 Nov 2009 18:10:31 +0000 openssl (0.9.8k-5) unstable; urgency=low * Don't check self signed certificate signatures in X509_verify_cert() (Closes: #541735) -- Kurt Roeckx Fri, 11 Sep 2009 15:42:32 +0200 openssl (0.9.8k-4) unstable; urgency=low * Split all the patches into a separate files * Stop undefinging HZ, the issue on alpha should be fixed. * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899) -- Kurt Roeckx Tue, 11 Aug 2009 21:19:18 +0200 openssl (0.9.8k-3) unstable; urgency=low * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336) * Add workaround for kfreebsd that can't see the different between two pipes. Patch from Petr Salinger. -- Kurt Roeckx Sat, 13 Jun 2009 18:15:46 +0200 openssl (0.9.8k-2) unstable; urgency=low * Move libssl0.9.8-dbg to the debug section. * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336) * Split the line to generate md5-x86_64.s in the Makefile. This will hopefully fix the build issue on kfreebsd that now outputs the file to stdout instead of the file. * Fix denial of service via an out-of-sequence DTLS handshake message (CVE-2009-1387) (Closes: #532037) -- Kurt Roeckx Mon, 08 Jun 2009 19:05:56 +0200 openssl (0.9.8k-1) unstable; urgency=low * New upstream release - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386) * Make aes-x86_64.pl use PIC. * Fix security issues (Closes: #530400) - "DTLS record buffer limitation bug." (CVE-2009-1377) - "DTLS fragment handling" (CVE-2009-1378) - "DTLS use after free" (CVE-2009-1379) * Fixed Configure for hurd: use -mtune=i486 instead of -m486 Patch by Marc Dequènes (Duck) (Closes: #530459) * Add support for avr32 (Closes: #528648) -- Kurt Roeckx Sat, 16 May 2009 17:33:55 +0200 openssl (0.9.8g-16ubuntu3) karmic; urgency=low * SECURITY UPDATE: certificate spoofing via hash collisions from MD2 design flaws. - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest. - crypto/x509/x509_vfy.c: skip signature check for self signed certificates - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 - CVE-2009-2409 -- Marc Deslauriers Tue, 08 Sep 2009 14:59:05 -0400 openssl (0.9.8g-16ubuntu2) karmic; urgency=low * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by Marc Deslauriers) * SECURITY UPDATE: denial of service via memory consumption from large number of future epoch DTLS records. - crypto/pqueue.*: add new pqueue_size counter function. - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100. - http://cvs.openssl.org/chngview?cn=18187 - CVE-2009-1377 * SECURITY UPDATE: denial of service via memory consumption from duplicate or invalid sequence numbers in DTLS records. - ssl/d1_both.c: discard message if it's a duplicate or too far in the future. - http://marc.info/?l=openssl-dev&m=124263491424212&w=2 - CVE-2009-1378 * SECURITY UPDATE: denial of service or other impact via use-after-free in dtls1_retrieve_buffered_fragment. - ssl/d1_both.c: use temp frag_len instead of freed frag. - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest - CVE-2009-1379 * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet that occurs before ClientHello. - ssl/s3_pkt.c: abort if s->session is NULL. - ssl/{ssl.h,ssl_err.c}: add new error codes. - http://cvs.openssl.org/chngview?cn=17369 - CVE-2009-1386 * SECURITY UPDATE: denial of service via an out-of-sequence DTLS handshake message. - ssl/d1_both.c: don't buffer fragments with no data. - http://cvs.openssl.org/chngview?cn=17958 - CVE-2009-1387 -- Jamie Strandboge Fri, 10 Jul 2009 14:44:47 -0500 openssl (0.9.8g-16ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Jamie Strandboge Thu, 14 May 2009 14:11:05 -0500 openssl (0.9.8g-16) unstable; urgency=high * Properly validate the length of an encoded BMPString and UniversalString (CVE-2009-0590) (Closes: #522002) -- Kurt Roeckx Wed, 01 Apr 2009 22:04:53 +0200 openssl (0.9.8g-15ubuntu3) jaunty; urgency=low * SECURITY UPDATE: crash via invalid memory access when printing BMPString or UniversalString with invalid length - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h: return error if invalid length - CVE-2009-0590 - http://www.openssl.org/news/secadv_20090325.txt - patch from upstream CVS: crypto/asn1/asn1.h:1.128.2.11->1.128.2.12 crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5 crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11 -- Jamie Strandboge Fri, 27 Mar 2009 08:23:35 -0500 openssl (0.9.8g-15ubuntu2) jaunty; urgency=low * Move runtime libraries to /lib, for the benefit of wpasupplicant (LP: #44194). Leave symlinks behind in /usr/lib (except on the Hurd) since we used to set an rpath there. -- Colin Watson Fri, 06 Mar 2009 12:48:52 +0000 openssl (0.9.8g-15ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: LP: #314984 - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Bhavani Shankar Thu, 08 Jan 2009 12:38:06 +0530 openssl (0.9.8g-15) unstable; urgency=low * Internal calls to didn't properly check for errors which resulted in malformed DSA and ECDSA signatures being treated as a good signature rather than as an error. (CVE-2008-5077) * ipv6_from_asc() could write 1 byte longer than the buffer in case the ipv6 address didn't have "::" part. (Closes: #506111) -- Kurt Roeckx Mon, 05 Jan 2009 21:14:31 +0100 openssl (0.9.8g-14ubuntu2) jaunty; urgency=low * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c, ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and ssl/ssltest.c to properly check the return code of EVP_VerifyFinal() - patch based on upstream patch for #2008-016 - CVE-2008-5077 -- Jamie Strandboge Tue, 06 Jan 2009 00:44:19 -0600 openssl (0.9.8g-14ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - Link using -Bsymbolic-functions - Add support for lpia - Disable SSLv2 during compile - Ship documentation in openssl-doc, suggested by the package. - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Replace duplicate files in the doc directory with symlinks. -- Scott James Remnant Tue, 11 Nov 2008 17:24:44 +0000 openssl (0.9.8g-14) unstable; urgency=low * Don't give the warning about security updates when upgrading from etch since it doesn't have any known security problems. * Automaticly use engines that succesfully initialised. Patch from the 0.9.8h upstream version. (Closes: #502177) -- Kurt Roeckx Fri, 31 Oct 2008 22:45:14 +0100 openssl (0.9.8g-13) unstable; urgency=low * Fix a problem with tlsext preventing firefox 3 from connection. Patch from upstream CVS and part of 0.9.8h. (Closes: #492758) -- Kurt Roeckx Sun, 03 Aug 2008 19:47:10 +0200 openssl (0.9.8g-12) unstable; urgency=low * add the changelog of the 10.1 NMU to make bugtracking happy -- Christoph Martin Tue, 22 Jul 2008 14:58:26 +0200 openssl (0.9.8g-11) unstable; urgency=low [ Christoph Martin ] * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967, #482465, #484324, #488595) * add Vcs-Svn header (closes: #481654) * fix debian-kfreebsd-i386 build flags (closes: #482275) * add stunnel4 to restart list (closes: #482111) * include fixes from 10.1 NMU by Security team - Fix double free in TLS server name extension which leads to a remote denial of service (CVE-2008-0891; Closes: #483379). - Fix denial of service if the 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash (CVE-2008-1672; Closes: #483379). This only works if openssl is compiled with enable-tlsext which is done in Debian. * fix some lintian warnings * update to newest standards version -- Christoph Martin Thu, 17 Jul 2008 09:53:01 +0200 openssl (0.9.8g-10.1ubuntu2) intrepid; urgency=low * debian/rules: - disable SSLv2 during compile * debian/README.debian - add note about disabled SSLv2 in Ubuntu -- Ante Karamatic Thu, 24 Jul 2008 12:47:09 +0200 openssl (0.9.8g-10.1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - display a system restart required notification bubble on libssl0.9.8 upgrade. - ship documentation in new openssl-doc package. - configure: add support for lpia. - replace duplicate files in the doc directory with symlinks. - link using -bsymbolic-functions. - update maintainer as per spec. -- Luke Yelavich Tue, 10 Jun 2008 11:50:07 +1000 openssl (0.9.8g-10.1) unstable; urgency=high * Non-maintainer upload by the Security team. * Fix denial of service if the 'Server Key exchange message' is omitted from a TLS handshake which could lead to a client crash (CVE-2008-1672; Closes: #483379). This only works if openssl is compiled with enable-tlsext which is done in Debian. * Fix double free in TLS server name extension which leads to a remote denial of service (CVE-2008-0891; Closes: #483379). -- Nico Golde Tue, 27 May 2008 11:13:44 +0200 openssl (0.9.8g-10ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Ship documentation in new openssl-doc package. - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. - Update maintainer as per spec. -- Luke Yelavich Mon, 12 May 2008 22:49:33 +1000 openssl (0.9.8g-10) unstable; urgency=low * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK) to fix a build failure on alpha. -- Kurt Roeckx Thu, 08 May 2008 17:56:13 +0000 openssl (0.9.8g-9) unstable; urgency=high [ Christoph Martin ] * Include updated debconf translations (closes: #473477, #461597, #461880, #462011, #465517, #475439) [ Kurt Roeckx ] * ssleay_rand_add() really needs to call MD_Update() for buf. -- Kurt Roeckx Wed, 07 May 2008 20:32:12 +0200 openssl (0.9.8g-8ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. - Display a system restart required notification bubble on libssl0.9.8 upgrade. - Ship documentation in new openssl-doc package. - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. - Update maintainer as per spec. -- Luke Yelavich Mon, 12 May 2008 10:09:20 +1000 openssl (0.9.8g-8) unstable; urgency=high * Don't add extensions to ssl v3 connections. It breaks with some other software. (Closes: #471681) -- Kurt Roeckx Sun, 23 Mar 2008 17:50:04 +0000 openssl (0.9.8g-7) unstable; urgency=low * Upload to unstable. -- Kurt Roeckx Wed, 13 Feb 2008 22:22:29 +0000 openssl (0.9.8g-6) experimental; urgency=low * Bump shlibs. -- Kurt Roeckx Sat, 09 Feb 2008 15:42:22 +0100 openssl (0.9.8g-5) experimental; urgency=low * Enable tlsext. This changes the ABI, but should hopefully not cause any problems. (Closes: #462596) -- Kurt Roeckx Sat, 09 Feb 2008 13:32:49 +0100 openssl (0.9.8g-4ubuntu3) hardy; urgency=low * Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. (LP: #91814) * Display a system restart required notification bubble on libssl0.9.8 upgrade. -- Luke Yelavich Tue, 22 Apr 2008 10:50:53 +1000 openssl (0.9.8g-4ubuntu2) hardy; urgency=low * Ship documentation in new openssl-doc package, since it is very large and not terribly useful for the casual desktop user. -- Martin Pitt Tue, 11 Mar 2008 22:52:28 +0100 openssl (0.9.8g-4ubuntu1) hardy; urgency=low * Merge from unstable; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions. -- Matthias Klose Tue, 29 Jan 2008 14:32:12 +0100 openssl (0.9.8g-4) unstable; urgency=low * Fix aes ige test speed not to overwrite it's buffer and cause segfauls. Thanks to Tim Hudson (Closes: #459619) * Mark some strings in the templates as non translatable. Patch from Christian Perrier (Closes: #450418) * Update Dutch debconf translation (Closes: #451290) * Update French debconf translation (Closes: #451375) * Update Catalan debconf translation (Closes: #452694) * Update Basque debconf translation (Closes: #457285) * Update Finnish debconf translation (Closes: #458261) -- Kurt Roeckx Wed, 16 Jan 2008 21:49:43 +0100 openssl (0.9.8g-3ubuntu1) hardy; urgency=low * Merge with Debian; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. -- Matthias Klose Wed, 05 Dec 2007 00:13:39 +0100 openssl (0.9.8g-3) unstable; urgency=low * aes-586.pl: push %ebx on the stack before we put some things on the stack and call a function, giving AES_decrypt() wrong values to work with. (Closes: #449200) -- Kurt Roeckx Sun, 04 Nov 2007 21:49:00 +0100 openssl (0.9.8g-2) unstable; urgency=low * Avoid text relocations on i386 caused by the assembler versions: - x86unix.pl: Create a function_begin_B_static to create a static/local assembler function. - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt so that it doesn't get exported and doesn't have any (text) relocations. - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key via the PLT to avoid a relocation. - x86unix.pl: Call the init function via the PLT, avoiding a relocation in case of a PIC object. - cbc.pl: Call functions via the PLT. - desboth.pl: Call DES_encrypt2 via the PLT. * CA.sh should use the v3_ca extension when called with -newca (Closes: #428051) * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583) * Convert the failure message when services fail restart to a debconf message. * To restart a service, just restart, instead of stop and start. Hopefully fixes #444946 * Also remove igetest from the test dir in the clean target. (Closes: #424362) -- Kurt Roeckx Sat, 03 Nov 2007 13:25:45 +0100 openssl (0.9.8g-1) unstable; urgency=low * New upstream release - Fixes version number not to say it's a development version. -- Kurt Roeckx Sat, 20 Oct 2007 12:47:10 +0200 openssl (0.9.8f-1) unstable; urgency=low * New upstream release - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737) - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686) - New function SSL_set_SSL_CTX: bump shlibs. * Remove build dependency on gcc > 4.2 * Remove the openssl preinst, it looks like a workaround for a change in 0.9.2b where config files got moved. (Closes: #445095) * Update debconf translations: - Vietnamese (Closes: #426988) - Danish (Closes: #426774) - Slovak (Closes: #440723) - Finnish (Closes: #444258) -- Kurt Roeckx Sat, 13 Oct 2007 00:47:22 +0200 openssl (0.9.8e-9) unstable; urgency=high * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). (Closes: #444435) * Add postgresql-8.2 to the list of services to check. -- Kurt Roeckx Fri, 28 Sep 2007 19:47:33 +0200 openssl (0.9.8e-8) unstable; urgency=low * Fix another case of the "if this code is reached, the program will abort" (Closes: #429740) * Temporary force to build with gcc >= 4.2 -- Kurt Roeckx Sun, 02 Sep 2007 18:12:11 +0200 openssl (0.9.8e-7) unstable; urgency=low * Fix problems with gcc-4.2 (Closes: #429740) * Stop using -Bsymbolic to create the shared library. * Make x86_64cpuid.pl use PIC. -- Kurt Roeckx Sun, 02 Sep 2007 16:15:18 +0200 openssl (0.9.8e-6) unstable; urgency=high * Add fix for CVE-2007-3108 (Closes: #438142) -- Kurt Roeckx Wed, 15 Aug 2007 19:49:54 +0200 openssl (0.9.8e-5ubuntu3) gutsy; urgency=low * Replace duplicate files in the doc directory with symlinks. -- Matthias Klose Thu, 04 Oct 2007 16:27:53 +0000 openssl (0.9.8e-5ubuntu2) gutsy; urgency=low [ Jamie Strandboge ] * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in buffer overflow * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to Stephan Hermann * References: CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Fixes LP: #146269 * Modify Maintainer value to match the DebianMaintainerField specification. [ Kees Cook ] * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. * References CVE-2007-3108 -- Kees Cook Fri, 28 Sep 2007 13:02:19 -0700 openssl (0.9.8e-5ubuntu1) gutsy; urgency=low * Configure: Add support for lpia. * Explicitely build using gcc-4.1 (PR other/31359). -- Matthias Klose Tue, 31 Jul 2007 12:47:38 +0000 openssl (0.9.8e-5) unstable; urgency=low [ Christian Perrier ] * Debconf templates proofread and slightly rewritten by the debian-l10n-english team as part of the Smith Review Project. Closes: #418584 * Debconf templates translations: - Arabic. Closes: #418669 - Russian. Closes: #418670 - Galician. Closes: #418671 - Swedish. Closes: #418679 - Korean. Closes: #418755 - Czech. Closes: #418768 - Basque. Closes: #418784 - German. Closes: #418785 - Traditional Chinese. Closes: #419915 - Brazilian Portuguese. Closes: #419959 - French. Closes: #420429 - Italian. Closes: #420461 - Japanese. Closes: #420482 - Catalan. Closes: #420833 - Dutch. Closes: #420925 - Malayalam. Closes: #420986 - Portuguese. Closes: #421032 - Romanian. Closes: #421708 [ Kurt Roeckx ] * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608) * Updated Spanish debconf template. (Closes: #421336) * Do the header changes, changing those defines into real functions, and bump the shlibs to match. * Update Japanese debconf translation. (Closes: #422270) -- Kurt Roeckx Tue, 15 May 2007 17:21:08 +0000 openssl (0.9.8e-4) unstable; urgency=low * openssl should depend on libssl0.9.8 0.9.8e-1 since it uses some of the defines that changed to functions. Other things build against libssl or libcrypto shouldn't have this problem since they use the old headers. (Closes: #414283) -- Kurt Roeckx Sat, 10 Mar 2007 17:11:46 +0000 openssl (0.9.8e-3) unstable; urgency=low * Add nagios-nrpe-server to the list of services to be checked (Closes: #391188) * EVP_CIPHER_CTX_key_length() should return the set key length in the EVP_CIPHER_CTX structure which may not be the same as the underlying cipher key length for variable length ciphers. From upstream CVS. (Closes: #412979) -- Kurt Roeckx Sun, 4 Mar 2007 23:22:51 +0000 openssl (0.9.8e-2) unstable; urgency=low * Undo include changes that change defines into real functions, but keep the new functions in the library. -- Kurt Roeckx Sun, 25 Feb 2007 19:19:19 +0000 openssl (0.9.8e-1) unstable; urgency=low * New upstream release - Inludes security fixes for CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 (Closes: #408902) - s_client now properly works with SMTP. Also added support for IMAP. (closes: #221689) - Load padlock modules (Closes: #345656, #368476) * Add clamav-freshclam and clamav-daemon to the list of service that need to be restarted. (Closes: #391191) * Add armel support. Thanks to Guillem Jover for the patch. (Closes: #407196) * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157) * Add Norwegian translations. Thanks to Bjørn Steensrud (Closes: #412326) -- Kurt Roeckx Sun, 25 Feb 2007 18:06:28 +0000 openssl (0.9.8c-4) unstable; urgency=low * Add German debconf translation. Thanks to Johannes Starosta (Closes: #388108) * Make c_rehash look for both .pem and .crt files. Also make it support files in DER format. Patch by "Yauheni Kaliuta" (Closes: #387089) * Use & instead of && to check a flag in the X509 policy checking. Patch from upstream cvs. (Closes: #397151) * Also restart slapd for security updates (Closes: #400221) * Add Romanian debconf translation. Thanks to stan ioan-eugen (Closes: #393507) -- Kurt Roeckx Thu, 30 Nov 2006 20:57:46 +0000 openssl (0.9.8c-3) unstable; urgency=low * Fix patch for CVE-2006-2940, it left ctx unintiliased. -- Kurt Roeckx Mon, 2 Oct 2006 18:05:00 +0200 openssl (0.9.8c-2) unstable; urgency=high * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343). Urgency set to high. -- Kurt Roeckx Wed, 27 Sep 2006 21:24:55 +0000 openssl (0.9.8c-1) unstable; urgency=low * New upstream release - block padding bug with compression now fixed upstream, using their patch. - Includes the RSA Signature Forgery (CVE-2006-4339) patch. - New functions AES_bi_ige_encrypt and AES_ige_encrypt: bumping shlibs to require 0.9.8c-1. * Change the postinst script to check that ntp is installed instead of ntp-refclock and ntp-simple. The binary is now in the ntp package. * Move the modified rand/md_rand.c file to the right place, really fixing #363516. * Add partimage-server conserver-server and tor to the list of service to check for restart. Add workaround for openssh-server so it finds the init script. (Closes: #386365, #386400, #386513) * Add manpage for c_rehash. Thanks to James Westby (Closes: #215618) * Add Lithuanian debconf translation. Thanks to Gintautas Miliauskas (Closes: #374364) * Add m32r support. Thanks to Kazuhiro Inaoka (Closes: #378689) -- Kurt Roeckx Sun, 17 Sep 2006 14:47:59 +0000 openssl (0.9.8b-3) unstable; urgency=high * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided by upstream. * Restart services using a smaller version that 0.9.8b-3, so they get the fixed version. * Change the postinst to check for postfix instead of postfix-tls. -- Kurt Roeckx Tue, 5 Sep 2006 18:26:10 +0000 openssl (0.9.8b-2) unstable; urgency=low * Don't call gcc with -mcpu on i386, we already use -march, so no need for -mtune either. * Always make all directories when building something: - The engines directory didn't get build for the static directory, so where missing in libcrypo.a - The apps directory didn't always get build, so we didn't have an openssl and a small part of the regression tests failed. * Make the package fail to build if the regression tests fail. -- Kurt Roeckx Mon, 15 May 2006 16:00:58 +0000 openssl (0.9.8b-1) unstable; urgency=low * New upstream release - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs. - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE instead of FALSE. - CA.pl/CA.sh creates crlnumber now. (Closes: #347612) * Run debconf-updatepo, which really already was in the 0.9.8a-8 version as it was uploaded. * Add Galician debconf translation. Patch from Jacobo Tarrio (Closes: #361266) * libssl0.9.8.postinst makes uses of bashisms (local variables) so use #!/bin/bash * libssl0.9.8.postinst: Call set -e after sourcing the debconf script. * libssl0.9.8.postinst: Change list of service that may need to be restarted: - Replace ssh by openssh-server - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1 - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql * libssl0.9.8.postinst: The check to see if something was installed wasn't working. * libssl0.9.8.postinst: Add workaround to find the name of the init script for proftpd and dovecot. * libssl0.9.8.postinst: Use invoke-rc.d when it's available. * Change Standards-Version to 3.7.0: - Make use of invoke-rc.d * Add comment to README.Debian that rc5, mdc2 and idea have been disabled (since 0.9.6b-3) (Closes: #362754) * Don't add uninitialised data to the random number generator. This stop valgrind from giving error messages in unrelated code. (Closes: #363516) * Put the FAQ in the openssl docs. * Add russian debconf translations from Yuriy Talakan (Closes #367216) -- Kurt Roeckx Thu, 4 May 2006 20:40:03 +0200 openssl (0.9.8a-8) unstable; urgency=low * Call pod2man with the proper section. Section changed from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files already had the ssl in, the section didn't. The references to other manpage is still wrong. * Don't install the LICENSE file, it's already in the copyright file. * Don't set an rpath on openssl to point to /usr/lib. * Add support for kfreebsd-amd64. (Closes: #355277) * Add udeb to the shlibs. Patch from Frans Pop (Closes: #356908) -- Kurt Roeckx Sat, 11 Feb 2006 14:14:37 +0100 openssl (0.9.8a-7) unstable; urgency=high * Add italian debconf templates. Thanks to Luca Monducci. (Closes: #350249) * Change the debconf question to use version 0.9.8-3 instead of 0.9.8-1, since that's the last version with a security fix. * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state (Closes: #352047). RC bug affecting testing, so urgency high. -- Kurt Roeckx Sat, 9 Feb 2006 19:07:56 +0100 openssl (0.9.8a-6) unstable; urgency=low * Remove empty postinst/preinst/prerm scripts. There is no need to have empty ones, debhelper will add them when needed. * Remove the static pic libraries. Nobody should be linking it's shared libraries static to libssl or libcrypto. This was added for opensc who now links to it shared. * Do not assume that in case the sequence number is 0 and the packet has an odd number of bytes that the other side has the block padding bug, but try to check that it actually has the bug. The wrong detection of this bug resulted in an "decryption failed or bad record mac" error in case both sides were using zlib compression. (Closes: #338006) -- Kurt Roeckx Mon, 21 Jan 2006 16:25:41 +0100 openssl (0.9.8a-5) unstable; urgency=low * Stop ssh from crashing randomly on sparc (Closes: #335912) Patch from upstream cvs. -- Kurt Roeckx Tue, 13 Dec 2005 21:37:42 +0100 openssl (0.9.8a-4) unstable; urgency=low * Call dh_makeshlibs with the proper version instead of putting it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1 added symbol versioning, so it should have bumped the shlibs. (Closes: #338284) * The openssl package had a duplicate dependency on libssl0.9.8, only require the version as required by the shlibs. * Make libssl-dev depend on zlib1g-dev, since it's now required for static linking. (Closes: #338313) * Generate .pc files that make use of Libs.private, so things only link to the libraries they should when linking shared. * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486) * Make powerpc and ppc64 use the assembler version for bn. ppc64 had the location in the string wrong, powerpc had it missing. * Add includes for stddef to get size_t in md2.h, md4.h, md5.h, ripemd.h and sha.h. (Closes: #333101) * Run make test for each of the versions we build, make it not fail the build process if an error is found. * Add build dependency on bc for the regression tests. -- Kurt Roeckx Wed, 13 Nov 2005 16:01:05 +0100 openssl (0.9.8a-3) unstable; urgency=high * Link to libz instead of dynamicly loading it. It gets loaded at the moment the library is initialised, so there is no point in not linking to it. It's now failing in some cases since it's not opened by it's soname, but by the symlink to it. This should hopefully solve most of the bugs people have reported since the move to libssl0.9.8. (Closes: #334180, #336140, #335271) * Urgency set to high because it fixes a grave bug affecting testing. -- Kurt Roeckx Tue, 1 Nov 2005 14:56:40 +0100 openssl (0.9.8a-2) unstable; urgency=low * Add Build-Dependency on m4, since sparc needs it to generate it's assembler files. (Closes: #334542) * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken and causes a segfault. (Closes: #334501, #334502) -- Kurt Roeckx Tue, 18 Oct 2005 19:05:53 +0200 openssl (0.9.8a-1) unstable; urgency=low Christoph Martin: * fix asm entries for some architectures, fixing #332758 properly. * add noexecstack option to i386 subarch * include symbol versioning in Configure (closes: #330867) * include debian-armeb arch (closes: #333579) * include new upstream patches; includes some minor fixes * fix dh_shlibdeps line, removing the redundant dependency on libssl0.9.8 (closes: #332755) * add swedish debconf template (closes: #330554) Kurt Roeckx: * Also add noexecstack option for amd64, since it now has an executable stack with the assembler fixes for amd64. -- Christoph Martin Mon, 17 Oct 2005 17:01:06 +0200 openssl (0.9.8-3) unstable; urgency=low * Apply security fix for CAN-2005-2969. (Closes: #333500) * Change priority of -dbg package to extra. -- Kurt Roeckx Wed, 12 Oct 2005 22:38:58 +0200 openssl (0.9.8-2) unstable; urgency=low * Don't use arch specific assembler. Should fix build failure on ia64, sparc and amd64. (Closes: #332758) * Add myself to the uploaders. -- Kurt Roeckx Mon, 10 Oct 2005 19:22:36 +0200 openssl (0.9.8-1) unstable; urgency=low * New upstream release (closes: #311826) -- Christoph Martin Thu, 29 Sep 2005 14:20:04 +0200 openssl (0.9.7g-3) unstable; urgency=low * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386 (closes: #327692) * include -dbg version. That implies compiling with -g and without -fomit-frame-pointer (closes: #293823, #153811) -- Christoph Martin Fri, 23 Sep 2005 13:51:57 +0200 openssl (0.9.7g-2) unstable; urgency=low * really include nl translation * remove special ia64 code from rc4 code to make the abi compatible to older 0.9.7 versions (closes: #310489, #309274) * fix compile flag for debian-ppc64 (closes: #318750) * small fix in libssl0.9.7.postinst (closes: #239956) * fix pk7_mime.c to prevent garbled messages because of to early memory free (closes: #310184) * include vietnamese debconf translation (closes: #316689) * make optimized i386 libraries have non executable stack (closes: #321721) * remove leftover files from ssleay * move from dh_installmanpages to dh_installman * change Maintainer to pkg-openssl-devel@lists.alioth.debian.org -- Christoph Martin Wed, 7 Sep 2005 15:32:54 +0200 openssl (0.9.7g-1) unstable; urgency=low * New upstream release * Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, they must be explicitely allowed in run-time. See docs/HOWTO/proxy_certificates.txt for further information. * Prompt for pass phrases when appropriate for PKCS12 input format. * Back-port of selected performance improvements from development branch, as well as improved support for PowerPC platforms. * Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs. * Perform some character comparisons of different types in X509_NAME_cmp: this is needed for some certificates that reencode DNs into UTF8Strings (in violation of RFC3280) and can't or wont issue name rollover certificates. * corrected watchfile * added upstream source url (closes: #292904) * fix typo in CA.pl.1 (closes: #290271) * change debian-powerpc64 to debian-ppc64 and adapt the configure options to be the same like upstream (closes: #289841) * include -signcert option in CA.pl usage * compile with zlib-dynamic to use system zlib (closes: #289872) -- Christoph Martin Mon, 9 May 2005 23:32:03 +0200 openssl (0.9.7e-3) unstable; urgency=high * really fix der_chop. The fix from -1 was not really included (closes: #281212) * still fixes security problem CAN-2004-0975 etc. - tempfile raise condition in der_chop - Avoid a race condition when CRLs are checked in a multi threaded environment. -- Christoph Martin Thu, 16 Dec 2004 18:41:29 +0100 openssl (0.9.7e-2) unstable; urgency=high * fix perl path in der_chop and c_rehash (closes: #281212) * still fixes security problem CAN-2004-0975 etc. - tempfile raise condition in der_chop - Avoid a race condition when CRLs are checked in a multi threaded environment. -- Christoph Martin Sun, 14 Nov 2004 20:16:21 +0100 openssl (0.9.7e-1) unstable; urgency=high * SECURITY UPDATE: fix insecure temporary file handling * apps/der_chop: - replaced $$-style creation of temporary files with File::Temp::tempfile() - removed unused temporary file name in do_certificate() * References: CAN-2004-0975 (closes: #278260) * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357) * New upstream release with security fixes - Avoid a race condition when CRLs are checked in a multi threaded environment. - Various fixes to s3_pkt.c so alerts are sent properly. - Reduce the chances of duplicate issuer name and serial numbers (in violation of RFC3280) using the OpenSSL certificate creation utilities. * depends openssl on perl-base instead of perl (closes: #280225) * support powerpc64 in Configure (closes: #275224) * include cs translation (closes: #273517) * include nl translation (closes: #272479) * Fix default dir of c_rehash (closes: #253126) -- Christoph Martin Fri, 12 Nov 2004 14:11:15 +0100 openssl (0.9.7d-5) unstable; urgency=low * Make S/MIME encrypt work again (backport from CVS) (closes: #241407, #241386) -- Christoph Martin Mon, 26 Jul 2004 17:22:42 +0200 openssl (0.9.7d-4) unstable; urgency=low * add Catalan translation (closes: #248749) * add Spanish translation (closes: #254561) * include NMU fixes: see below * decrease optimisation level for debian-arm to work around gcc bug (closes: #253848) (thanks to Steve Langasek and Thom May) * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank) * Add watchfile -- Christoph Martin Wed, 14 Jul 2004 14:31:02 +0200 openssl (0.9.7d-3) unstable; urgency=low * rename -pic.a libraries to _pic.a (closes: #250016) -- Christoph Martin Mon, 24 May 2004 17:02:29 +0200 openssl (0.9.7d-2) unstable; urgency=low * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev (closes: #246928, #243999) * add racoon to restart list (closes: #242652) * add Brazilian, Japanese and Danish translations (closes: #242087, #241830, #241705) -- Christoph Martin Tue, 11 May 2004 10:13:49 +0200 openssl (0.9.7d-1) unstable; urgency=high * new upstream * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt) (closes: #238661) * includes support for debian-amd64 (closes: #235551, #232310) * fix typo in pem.pod (closes: #219873) * fix typo in libssl0.9.7.templates (closes: #224690) * openssl suggests ca-certificates (closes: #217180) * change debconf template to gettext format (closes: #219013) * include french debconf template (closes: #219014) -- Christoph Martin Thu, 18 Mar 2004 16:18:43 +0100 openssl (0.9.7c-5) unstable; urgency=low * include openssl.pc into libssl-dev (closes: #212545) -- Christoph Martin Thu, 16 Oct 2003 16:31:32 +0200 openssl (0.9.7c-4) unstable; urgency=low * change question to restart services to debconf (closes: #214840) * stop using dh_undocumented (closes: #214831) -- Christoph Martin Fri, 10 Oct 2003 15:40:48 +0200 openssl (0.9.7c-3) unstable; urgency=low * fix POSIX conformance for head in libssl0.9.7.postinst (closes: #214700) -- Christoph Martin Wed, 8 Oct 2003 14:02:38 +0200 openssl (0.9.7c-2) unstable; urgency=low * add filerc macro to libssl0.9.7.postinst (closes: #213906) * restart spamassassins spamd on upgrade (closes: #214106) * restart more services on upgrade * fix EVP_BytesToKey manpage (closes: #213715) -- Christoph Martin Tue, 7 Oct 2003 15:01:32 +0200 openssl (0.9.7c-1) unstable; urgency=high * upstream security fix (closes: #213451) - Fix various bugs revealed by running the NISCC test suite: Stop out of bounds reads in the ASN1 code when presented with invalid tags (CAN-2003-0543 and CAN-2003-0544). Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). If verify callback ignores invalid public key errors don't try to check certificate signature with the NULL public key. - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate if the server requested one: as stated in TLS 1.0 and SSL 3.0 specifications. * more minor upstream bugfixes * fix formatting in c_issuer (closes: #190026) * fix Debian-FreeBSD support (closes: #200381) * restart some services in postinst to make them use the new libraries * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594) -- Christoph Martin Wed, 1 Oct 2003 08:54:27 +0200 openssl (0.9.7b-2) unstable; urgency=high * fix permission of /etc/ssl/private to 700 again * change section of libssl-dev to libdevel -- Christoph Martin Wed, 23 Apr 2003 11:13:24 +0200 openssl (0.9.7b-1) unstable; urgency=high * upstream security fix - Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat a protocol version number mismatch like a decryption error in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131) (closes: #189087) - Turn on RSA blinding by default in the default implementation to avoid a timing attack. Applications that don't want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. (CAN-2003-0147) - Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed -- if it is not unpredictable, there is no point in blinding anyway). Make RSA blinding thread-safe by remembering the creator's thread ID in rsa->blinding and having all other threads use local one-time blinding factors (this requires more computation than sharing rsa->blinding, but avoids excessive locking; and if an RSA object is not shared between threads, blinding will still be very fast). for more details see the CHANGES file -- Christoph Martin Wed, 16 Apr 2003 10:32:57 +0200 openssl (0.9.7a-1) unstable; urgency=high * upstream Security fix - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) for more details see the CHANGES file -- Christoph Martin Fri, 21 Feb 2003 22:39:40 +0100 openssl (0.9.7-4) unstable; urgency=low * use DH_COMPAT=3 to build * move i686 to i686/cmov to fix problems on Via C3. For that to work we have to depend on the newest libc6 on i386 (closes: #177891) * fix bug in ui_util.c (closes: #177615) * fix typo in md5.h (closes: #178112) -- Christoph Martin Fri, 24 Jan 2003 10:22:56 +0100 openssl (0.9.7-3) unstable; urgency=low * enable build of ultrasparc code on non ultrasparc machines (closes: #177024) -- Christoph Martin Fri, 17 Jan 2003 08:22:13 +0100 openssl (0.9.7-2) unstable; urgency=low * include changes between 0.9.6g-9 and -10 * fix problem in build-process on i386 with libc6 version number -- Christoph Martin Mon, 13 Jan 2003 14:26:56 +0100 openssl (0.9.7-1) unstable; urgency=low * new upstream * includes engine support * a lot of bugfixes and enhancements, see the CHANGES file * include AES encryption * makes preview of certificate configurable (closes: #176059) * fix x509 manpage (closes: #168070) * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360) -- Christoph Martin Sat, 11 Jan 2003 09:12:16 +0100 openssl (0.9.6g-10) unstable; urgency=low * fix problem in build-process on i386 with libc6 version number (closes: #167096) -- Christoph Martin Mon, 4 Nov 2002 12:27:21 +0100 openssl (0.9.6g-9) unstable; urgency=low * fix typo in i386 libc6 depend (sigh) (closes: #163848) -- Christoph Martin Tue, 8 Oct 2002 23:29:20 +0200 openssl (0.9.6g-8) unstable; urgency=low * fix libc6 depends. Only needed for i386 (closes: #163701) * remove SHLIB section for bsds from Configure (closes: #163585) -- Christoph Martin Tue, 8 Oct 2002 10:57:35 +0200 openssl (0.9.6g-7) unstable; urgency=low * enable i686 optimisation and depend on fixed glibc (closes: #163500) * remove transition package ssleay * include optimisation vor sparcv8 (closes: #139996) * improve optimisation vor sparcv9 -- Christoph Martin Sun, 6 Oct 2002 14:07:12 +0200 openssl (0.9.6g-6) unstable; urgency=low * temporarily disable i686 optimisation (See bug in glibc #161788) -- Christoph Martin Sat, 21 Sep 2002 18:56:49 +0200 openssl (0.9.6g-5) unstable; urgency=low * i486 can use i586 assembler * include set -xe in the for loops in the rules files to make it abort on error (closes: #161768) -- Christoph Martin Sat, 21 Sep 2002 16:23:11 +0200 openssl (0.9.6g-4) unstable; urgency=low * fix optimization for alpha and sparc * add optimization for i486 -- Christoph Martin Fri, 20 Sep 2002 22:36:19 +0200 openssl (0.9.6g-3) unstable; urgency=low * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783) -- Christoph Martin Thu, 19 Sep 2002 18:33:04 +0200 openssl (0.9.6g-2) unstable; urgency=low * fix manpage names (closes: #156717, #156718, #156719, #156721) -- Christoph Martin Thu, 15 Aug 2002 11:26:37 +0200 openssl (0.9.6g-1) unstable; urgency=low * new upstream version * Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). (closes: #155985, #156495) * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. * include support for new sh* architectures (closes: #155117) -- Christoph Martin Wed, 14 Aug 2002 13:59:22 +0200 openssl (0.9.6e-1) unstable; urgency=high * fixes remote exploits (see DSA-136-1) -- Christoph Martin Tue, 30 Jul 2002 18:32:28 +0200 openssl (0.9.6d-1) unstable; urgency=low * new upstream (minor) version * includes Configure lines for debian-*bsd-* (closes: #130413) * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes: #144586) * fix typos in package description (closes: #141469) * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297) -- Christoph Martin Mon, 3 Jun 2002 19:42:10 +0200 openssl (0.9.6c-2) unstable; urgency=low * moved from non-US to main -- Christoph Martin Tue, 19 Mar 2002 14:48:39 +0100 openssl (0.9.6c-1) unstable; urgency=low * new upstream version with a lot of bugfixes * remove directory /usr/include/openssl from openssl package (closes: bug #121226) * remove selfdepends from libssl0.9.6 * link openssl binary shared again -- Christoph Martin Sat, 5 Jan 2002 19:04:31 +0100 openssl (0.9.6b-4) unstable; urgency=low * build with -D_REENTRANT for threads support on all architectures (closes: #112329, #119239) -- Christoph Martin Sat, 24 Nov 2001 12:17:51 +0100 openssl (0.9.6b-3) unstable; urgency=low * disable idea, mdc2 and rc5 because they are not free (closes: #65368) * ready to be moved from nonus to main -- Christoph Martin Wed, 21 Nov 2001 17:51:41 +0100 openssl (0.9.6b-2) unstable; urgency=high * fix definition of crypt in des.h (closes: #107533) * fix descriptions (closes: #109503) -- Christoph Martin Mon, 17 Sep 2001 15:38:27 +0200 openssl (0.9.6b-1) unstable; urgency=medium * new upstream fixes some security issues (closes: #105835, #100146) * added support for s390 (closes: #105681) * added support for sh (closes: #100003) * change priority of libssl096 to standard as ssh depends on it (closes: #105440) * don't optimize for i486 to support i386. (closes: #104127, #82194) -- Christoph Martin Fri, 20 Jul 2001 15:52:42 +0200 openssl (0.9.6a-3) unstable; urgency=medium * add perl-base to builddeps * include static libraries in libssl-dev (closes: #93688) -- Christoph Martin Mon, 14 May 2001 20:16:06 +0200 openssl (0.9.6a-2) unstable; urgency=medium * change Architecture of ssleay from any to all (closes: #92913) * depend libssl-dev on the exact same version of libssl0.9.6 (closes: #88939) * remove lib{crypto,ssl}.a from openssl (closes: #93666) * rebuild with newer gcc to fix atexit problem (closes: #94036) -- Christoph Martin Wed, 2 May 2001 12:28:39 +0200 openssl (0.9.6a-1) unstable; urgency=medium * new upstream, fixes some security bugs (closes: #90584) * fix typo in s_server manpage (closes: #89756) -- Christoph Martin Tue, 10 Apr 2001 12:13:11 +0200 openssl (0.9.6-2) unstable; urgency=low * policy: reorganisation of package names: libssl096 -> libssl0.9.6, libssl096-dev -> libssl-dev (closes: #83426) * libssl0.9.6 drops replaces libssl09 (Closes: #83425) * install upstream CHANGES files (Closes: #83430) * added support for hppa and ia64 (Closes: #88790) * move man3 manpages to libssl-dev (Closes: #87546) * fix formating problem in rand_add(1) (Closes: #87547) * remove manpage duplicates (Closes: #87545, #74986) * make package descriptions clearer (Closes: #83518, #83444) * increase default emailAddress_max from 40 to 60 (Closes: #67238) * removed RSAREF warning (Closes: #84122) -- Christoph Martin Thu, 8 Mar 2001 14:24:00 +0100 openssl (0.9.6-1) unstable; urgency=low * New upstream version (Thanks to Enrique Zanardi ) (closes: #72388) * Add support for debian-hurd (closes: #76032) -- Christoph Martin Mon, 13 Nov 2000 22:30:46 +0100 openssl (0.9.5a-5) unstable; urgency=low * move manpages in standard directories with section ssl (closes: #72152, #69809) -- Christoph Martin Thu, 5 Oct 2000 19:56:20 +0200 openssl (0.9.5a-4) unstable; urgency=low * include edg_rand_bytes patch from and for apache-ssl -- Christoph Martin Sat, 23 Sep 2000 16:48:06 +0200 openssl (0.9.5a-3) unstable; urgency=low * fix call to dh_makeshlibs to create correct shlibs file and make dependend programs link correctly (closes: Bug#61658) * include a note in README.debian concerning the location of the subcommand manpages (closes: Bug#69809) -- Christoph Martin Sat, 16 Sep 2000 19:10:50 +0200 openssl (0.9.5a-2) unstable; urgency=low * try to fix the sharedlib problem. change soname of library (closes: Bug#4622, #66102, #66538, #66123) -- Christoph Martin Wed, 12 Jul 2000 03:26:30 +0200 openssl (0.9.5a-1) unstable; urgency=low * new upstream version (major changes see file NEWS) (closes: Bug#63976, #65239, #65358) * new library package libssl095a because of probably changed library interface (closes: Bug#46222) * added architecture mips and mipsel (closes: Bug#62437, #60366) * provide shlibs.local file in build to help build if libraries are not yet installed (closes: Bug#63984) -- Christoph Martin Sun, 11 Jun 2000 15:17:35 +0200 openssl (0.9.4-5) frozen unstable; urgency=medium * cleanup of move of doc directories to /usr/share/doc (closes: Bug#56430) * lintian issues (closes: Bug#49358) * move demos from openssl to libssl09-dev (closes: Bug#59201) * move to debhelpers -- Christoph Martin Sat, 11 Mar 2000 10:38:04 +0100 openssl (0.9.4-4) unstable; urgency=medium * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766) * Fixed Configure for 'debian-m68k' (closes: Bug#53636) -- Christoph Martin Sat, 15 Jan 2000 13:16:18 +0100 openssl (0.9.4-3) unstable; urgency=low * define symbol SSLeay_add_ssl_algorithms for backward compatibility (closes: Bug#46882) * remove manpages from /usr/doc/openssl (closes: Bug#46791) -- Christoph Martin Thu, 14 Oct 1999 16:51:08 +0200 openssl (0.9.4-2) unstable; urgency=low * include some more docu in pod format (Bug #43933) * removed -mv8 from sparc flags (Bug #44769) -- Christoph Martin Tue, 14 Sep 1999 22:04:06 +0200 openssl (0.9.4-1) unstable; urgency=low * new upstream version (Closes: #42926) -- Christoph Martin Sat, 28 Aug 1999 17:04:23 +0200 openssl (0.9.3a-1) unstable; urgency=low * new upstream version (Bug #38345, #38627) * sparc is big-endian (Bug #39973) -- Christoph Martin Wed, 7 Jul 1999 16:03:37 +0200 openssl (0.9.2b-3) unstable; urgency=low * correct move conffiles to /etc/ssl (Bug #38570) -- Christoph Martin Mon, 31 May 1999 21:08:07 +0200 openssl (0.9.2b-2) unstable; urgency=low * added convenience package ssleay to help upgrade to openssl (Bug #37185, #37623, #36326) * added some missing dependencies from libssl09 (Bug #36681, #35867, #36326) * move lib*.so to libssl09-dev (Bug #36761) * corrected version numbers of library files * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710) -- Christoph Martin Sun, 23 May 1999 14:57:48 +0200 openssl (0.9.2b-1) unstable; urgency=medium * First openssl version -- Christoph Martin Wed, 31 Mar 1999 15:54:26 +0200 ssleay (0.9.0b-2) unstable; urgency=low * Include message about the (not)usage of RSAREF (#24409) * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406) * Change definitions for sparc (#26487) * Added missing dependency (#28591) * Make debian/libtool executable (#29708) * /etc/ssl/lib/ssleay.cnf is now a confile (#32624) -- Christoph Martin Sun, 21 Mar 1999 19:41:04 +0100 ssleay (0.9.0b-1) unstable; urgency=low * new upstream version (Bug #21227, #25971) * build shared libraries with -fPIC (Bug #20027) * support sparc architecture (Bug #28467) -- Christoph Martin Tue, 13 Oct 1998 10:20:13 +0200 ssleay (0.8.1-7) frozen unstable; urgency=high * security fix patch to 0.8.1b (bug #24022) -- Christoph Martin Mon, 6 Jul 1998 15:42:15 +0200 ssleay (0.8.1-6) frozen unstable; urgency=low * second try to fix bug #15235 (copyright was still missing) -- Christoph Martin Mon, 22 Jun 1998 08:56:27 +0200 ssleay (0.8.1-5) frozen unstable; urgency=high * changed /dev/random to /dev/urandom (Bug #23169, #17817) * copyright contains now the full licence (Bug #15235) * fixed bug #19410 (md5sums-lists-nonexisting-file) * added demos to /usr/doc (Bug #17372) * fixed type in package description (Bug #18969) * fixed bug in adding documentation (Bug #21463) * added patch for support of debian-powerpc (Bug #21579) -- Christoph Martin Thu, 18 Jun 1998 23:09:13 +0200 ssleay (0.8.1-4) unstable; urgency=low * purged dependency from libc5 -- Christoph Martin Tue, 11 Nov 1997 15:31:50 +0100 ssleay (0.8.1-3) unstable; urgency=low * changed packagename libssl to libssl08 to get better dependancies -- Christoph Martin Fri, 7 Nov 1997 14:23:17 +0100 ssleay (0.8.1-2) unstable; urgency=low * linked shared libraries against libc6 * use /dev/random for randomseed -- Christoph Martin Wed, 5 Nov 1997 11:21:40 +0100 ssleay (0.8.1-1) unstable; urgency=low * new upstream version -- Christoph Martin Thu, 16 Oct 1997 16:15:43 +0200 ssleay (0.6.6-2) unstable; urgency=low * cleanup in diffs * removed INSTALL from docs (bug #13205) * split libssl and libssl-dev (but #13735) -- Christoph Martin Wed, 15 Oct 1997 17:38:38 +0200 ssleay (0.6.6-1) unstable; urgency=low * New upstream version * added shared libraries for libcrypto and libssl -- Christoph Martin Thu, 26 Jun 1997 19:26:14 +0200 ssleay (0.6.4-2) unstable; urgency=low * changed doc filenames from .doc to .txt to be able to read them over with webbrowser -- Christoph Martin Tue, 25 Feb 1997 14:02:53 +0100 ssleay (0.6.4-1) unstable; urgency=low * Initial Release. -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100 debian/libssl1.0.0.symbols0000644000000000000000000000033312104524230012435 0ustar libcrypto.so.1.0.0 libssl1.0.0 #MINVER# *@OPENSSL_1.0.0 1.0.0 *@OPENSSL_1.0.1 1.0.1 *@OPENSSL_1.0.1d 1.0.1d libssl.so.1.0.0 libssl1.0.0 #MINVER# *@OPENSSL_1.0.0 1.0.0 *@OPENSSL_1.0.1 1.0.1 *@OPENSSL_1.0.1d 1.0.1d