Date: Thu, 10 Mar 2016 10:18:19 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48363 - in head/share: security/advisories security/patches/SA-16:12 security/patches/SA-16:13 xml Message-ID: <201603101018.u2AAIJlG004135@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Mar 10 10:18:18 2016 New Revision: 48363 URL: https://svnweb.freebsd.org/changeset/doc/48363 Log: Add SA-16:12 and SA-16:13. Added: head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:13.bind.asc (contents, props changed) head/share/security/patches/SA-16:12/ head/share/security/patches/SA-16:12/openssl-10.1.patch.xz (contents, props changed) head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc (contents, props changed) head/share/security/patches/SA-16:12/openssl-10.2.patch (contents, props changed) head/share/security/patches/SA-16:12/openssl-10.2.patch.asc (contents, props changed) head/share/security/patches/SA-16:12/openssl-9.3-fix.patch (contents, props changed) head/share/security/patches/SA-16:12/openssl-9.3-fix.patch.asc (contents, props changed) head/share/security/patches/SA-16:12/openssl-9.3.patch.xz (contents, props changed) head/share/security/patches/SA-16:12/openssl-9.3.patch.xz.asc (contents, props changed) head/share/security/patches/SA-16:13/ head/share/security/patches/SA-16:13/bind.patch (contents, props changed) head/share/security/patches/SA-16:13/bind.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml Added: head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:12.openssl.asc Thu Mar 10 10:18:18 2016 (r48363) @@ -0,0 +1,238 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:12.openssl Security Advisory + The FreeBSD Project + +Topic: Multiple OpenSSL vulnerabilities + +Category: contrib +Module: openssl +Announced: 2016-03-10 +Credits: OpenSSL Project +Affects: All supported versions of FreeBSD. +Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3) + 2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13) + 2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30) + 2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE) + 2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38) +CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705 + CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +A cross-protocol attack was discovered that could lead to decryption of TLS +sessions by using a server supporting SSLv2 and EXPORT cipher suites as a +Bleichenbacher RSA padding oracle. Note that traffic between clients and +non-vulnerable servers can be decrypted provided another server supporting +SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP +or POP3) shares the RSA keys of the non-vulnerable server. This vulnerability +is known as DROWN. [CVE-2016-0800] + +A double free bug was discovered when OpenSSL parses malformed DSA private +keys and could lead to a DoS attack or memory corruption for applications that +receive DSA private keys from untrusted sources. This scenario is considered +rare. [CVE-2016-0705] + +The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory +management semantics; the returned pointer was sometimes newly allocated, and +sometimes owned by the callee. The calling code has no way of distinguishing +these two cases. [CVE-2016-0798] + +In the BN_hex2bn function, the number of hex digits is calculated using an int +value |i|. Later |bn_expand| is called with a value of |i * 4|. For large +values of |i| this can result in |bn_expand| not allocating any memory because +|i * 4| is negative. This can leave the internal BIGNUM data field as NULL +leading to a subsequent NULL pointer dereference. For very large values of +|i|, the calculation |i * 4| could be a positive value smaller than |i|. In +this case memory is allocated to the internal BIGNUM data field, but it is +insufficiently sized leading to heap corruption. A similar issue exists in +BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is +ever called by user applications with very large untrusted hex/dec data. This +is anticipated to be a rare occurrence. [CVE-2016-0797] + +The internal |fmtstr| function used in processing a "%s" formatted string in +the BIO_*printf functions could overflow while calculating the length of +a string and cause an out-of-bounds read when printing very long strings. +[CVE-2016-0799] + +A side-channel attack was found which makes use of cache-bank conflicts on the +Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA +keys. [CVE-2016-0702] + +s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers. +If clear-key bytes are present for these ciphers, they displace encrypted-key +bytes. [CVE-2016-0703] + +s2_srvr.c overwrites the wrong bytes in the master key when applying +Bleichenbacher protection for export cipher suites. [CVE-2016-0704] + +III. Impact + +Servers that have SSLv2 protocol enabled are vulnerable to the "DROWN" attack +which allows a remote attacker to fast attack many recorded TLS connections +made to the server, even when the client did not make any SSLv2 connections +themselves. + +An attacker who can supply malformed DSA private keys to OpenSSL applications +may be able to cause memory corruption which would lead to a Denial of +Service condition. [CVE-2016-0705] + +An attacker connecting with an invalid username can cause memory leak, which +could eventually lead to a Denial of Service condition. [CVE-2016-0798] + +An attacker who can inject malformed data into an application may be able +to cause memory corruption which would lead to a Denial of Service +condition. [CVE-2016-0797, CVE-2016-0799] + +A local attacker who has control of code in a thread running on the same +hyper-threaded core as the victim thread which is performing decryptions +could recover RSA keys. [CVE-2016-0702] + +An eavesdropper who can intercept SSLv2 handshake can conduct an efficient +divide-and-conquer key recovery attack and use the server as an oracle to +determine the SSLv2 master-key, using only 16 connections to the server +and negligible computation. [CVE-2016-0703] + +An attacker can use the Bleichenbacher oracle, which enables more efficient +variant of the DROWN attack. [CVE-2016-0704] + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Restart all deamons using the library, or reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all deamons using the library, or reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3.patch.xz.asc +# gpg --verify openssl-9.3.patch.xz.asc + +Note that the initial patch version contains a serious regression that +would lead to crash. The following patch must be applied to address it. + +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-9.3-fix.patch.asc +# gpg --verify openssl-9.3-fix.patch.asc + +[FreeBSD 10.1] +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.1.patch.xz.asc +# gpg --verify openssl-10.1.patch.xz.asc + +[FreeBSD 10.2] +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch +# fetch https://security.FreeBSD.org/patches/SA-16:12/openssl-10.2.patch.asc +# gpg --verify openssl-10.2.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all deamons using the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r296598 +releng/9.3/ r296611 +stable/10/ r296371 +releng/10.1/ r296341 +releng/10.2/ r296341 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.openssl.org/news/secadv/20160301.txt>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.11 (FreeBSD) + +iQIcBAEBCgAGBQJW4UchAAoJEO1n7NZdz2rnNC8P/2YSnc2DaOH37BZXKBKCt2iv +rzTlQ6Cdr2n3r0k6Ayp1MonEfndWl9d86us6Z5ssfMrNsmJGWZv3Yj1Y8H12HE8+ +ZhHCJ44ZYbyaDSe/vigG1S+xYILKP6uOxJYPWH5lXD9Yr20dHIJ8s3e9Jsai8aY2 +aXMSVz67t84QJUoxAf5yEDsmY2drA5myppkRCRB1Xcb3qVebgwwQ4XkB+rJjjNjg +rG0DFbTxLnStr/geEDC+WdeAzLH6D035gFRkHL6uIOfOX8UcYNnf4pVXUgymWJzI +E/su+Cij/ckhV6UuOyNvKgN8uEs5XCny/10LKHqpPDhcYY6L8Dg47rI+2acOdFUi +5+79rx7+gUs71zC4D6hFCldUqOVpNYDRBYhX+MNqYkLn5XYEffbckv5zSkg53+aE +Rf1G90VcC+yHRFu2hgCTOGXsayOAJhvCRTnuqLncKpznFSRD+1a3XUm2zS79gfpN +f/uYIYmPbE1/uCU4StAlemdiH5vhYoWsP8tkBJsL8s6jMbV1REqukPJUPdDSaJmj +rHLvige7yr1QTWYBQ1ghRXJml+3xDSst/RZzqn+QelsDoUwa1wJa6kc5Ki74eXmi +XyuklOME8cbfUc8TPLqv4Lqbvr0nGK71jT0M7zG+eQTJsUls5EFBPhWL/6+SU29I +Lb+5Q4Wn9Qlmxfj0Nm3U +=f6Cw +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:13.bind.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:13.bind.asc Thu Mar 10 10:18:18 2016 (r48363) @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:13.bind Security Advisory + The FreeBSD Project + +Topic: Multiple BIND vulnerabilities + +Category: contrib +Module: bind +Announced: 2016-03-10 +Credits: ISC +Affects: FreeBSD 9.x +Corrected: 2016-03-10 07:47:55 UTC (stable/9, 9.3-STABLE) + 2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38) +CVE Name: CVE-2016-1285, CVE-2016-1286 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +II. Problem Description + +Testing by ISC has uncovered a defect in control channel input handling +which can cause named to exit due to an assertion failure in sexpr.c +or alist.c when a malformed packet is sent to named's control channel +(the interface which allows named to be controlled using the "rndc" +server control utility). [CVE-2016-1285] + +An error when parsing signature records for DNAME records having specific +properties can lead to named exiting due to an assertion failure in +resolver.c or db.c. [CVE-2016-1286] + +III. Impact + +A remote attacker can deliberately trigger the failed assertion if the +DNS server accepts remote rndc commands regardless if authentication +is configured. Note that this is not enabled by default. [CVE-2016-1285] + +A remote attacker who can cause a server to make a query deliberately +chosen to generate a response containing a signature record which +would trigger a failed assertion and cause named to stop. Disabling +DNSsec does not provide protection against this vulnerability. +[CVE-2016-1286] + +IV. Workaround + +No workaround is available, but hosts not running named(8) are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The named service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The named service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch +# fetch https://security.FreeBSD.org/patches/SA-16:13/bind.patch.asc +# gpg --verify bind.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the named(8) daemon, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r296608 +releng/9.3/ r296611 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://kb.isc.org/article/AA-01352>; + +<URL:https://kb.isc.org/article/AA-01353>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc>; +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.11 (FreeBSD) + +iQIcBAEBCgAGBQJW4UdUAAoJEO1n7NZdz2rnmRwQAIXDSu/gX5A+CFv6+9/2ak+H +3JOMO8p7KSKWhc1Hh7uqTUEy04lmpUylzK6Kj3h5PDNVaObxCcqsCAdy9xLYv8Q6 +scBLeaDRPnwVQ1Mb/pkx1pdKSG7oKjY00PY0/hTKOVJUC1tJIoiAX8ExFqt53UKc +LHjzrFrHh/0lBebYj8jmqW8Pxhi8nluuwWhtrwFgiG/XR15k69TRjPHnLOfXVwqs +ORJb/8pVHYsNkGP3JB1xWMVs1nKLjzc7+Gm43OmLCa6QeLgQWqYmguoUl0FEHpoI +nPqlukYT3V9BfMR+fwoNXXUjgjiK66onvS/O3yhyCPCrRgnw0ZVVSF2jbPUhT638 +p1QwN9snoTzxY0CpCjcjpZvf9Zhfyzc8UFnl2hm0rmAuCiOPBTeJ16AG3a8S40vF +/xoq4P6gNxUTQrPpGmG3Z/tfUQsxIpzib9D6ncDD5feuRyLB9y/MQSK1wxZjXDjk +2Bmaqk5foXNJfNEViNfJ4yy2qqED114ZpPIcDbSyIX9HeiKBo9BTEZ7Q9nEUHurN +GcnvimUuhk+hYJDEsELDSGDSLT6aMaD/hXVTMQeQwxQKh7QDFfzJsUlA44tqB56V +sn6VfIiA++K/JAFrAExD2FhtaIlOsUx24dUYkhcfNuVVBm3lgGCECeKGFxdNu2SM +kRc1+1ihyNRolL47E3s/ +=OncW +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz ============================================================================== Binary file. No diff available. Added: head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:12/openssl-10.1.patch.xz.asc Thu Mar 10 10:18:18 2016 (r48363) @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.1.11 (FreeBSD) + +iQIcBAABCgAGBQJW4Uc7AAoJEO1n7NZdz2rnFUkQAOUocmwrJu8r9mDZ0qrpdz9k +qR3UyO3MY6HAdo+j1Sa5t7QaKKM/Ddp+zAMgoNCkb7vzr0wn5HcXcmEzQ4TrCBW9 +igFZSyqR6KRWjgJ5HbzkynIJ14983/vAkrVh6t1lU2Z9sBn3g0+I+GW7WLumCxt9 +eXk+eqrHeWK/RfUNdTeQxBU4ZLgre85xiRJXEBJdoqnpfcvfQ7TtCL9O6tFPg1TX +ZoMPx8g2+SsNXyBkULWuntim4w+zF+eNo9XxRAIvmLzZki5fXIvb10lH6VZQJMKL +RP36m++1a6zI47xRBH7JoVdHcINAfCPdKmHNtcX34lEsCnF2N1bpUkcWlL9H1G0Q +qEXp6wuVttiB5TNC+tNCqui68F3QnZEzvgCBRDDBA9Qi8KZa6+B4jHAhGE0lVBBR +wYvYYlKgh0T/Tm0b2OWqlgV948A4uYa3jXUf3sLlH8VsUhLioL8L3Ou0dUqGWn9L +w1QZwey+6q7aGu5DTxfkD32fTJOkQET4Mjri9+aQSbGv25//4T9JRx3NYW+tX8KG +1rdLcI+f9SiBNtudI0nbSfKis6GKfTtgW+nNEXMc6WffRrQvx1/CDKmpAbjM/Tjc +jm+n4JS5UosWQKHmz9AahsKJSnJbiFH2PrRwADrdtcruxwj9apHm6RajPqOWHqsb +DF+5gvdzOebBGCd0C13t +=6ui0 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-16:12/openssl-10.2.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-16:12/openssl-10.2.patch Thu Mar 10 10:18:18 2016 (r48363) @@ -0,0 +1,2963 @@ +--- crypto/openssl/apps/s_server.c.orig ++++ crypto/openssl/apps/s_server.c +@@ -416,6 +416,8 @@ + static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) + { + srpsrvparm *p = (srpsrvparm *) arg; ++ int ret = SSL3_AL_FATAL; ++ + if (p->login == NULL && p->user == NULL) { + p->login = SSL_get_srp_username(s); + BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); +@@ -424,21 +426,25 @@ + + if (p->user == NULL) { + BIO_printf(bio_err, "User %s doesn't exist\n", p->login); +- return SSL3_AL_FATAL; ++ goto err; + } ++ + if (SSL_set_srp_server_param + (s, p->user->N, p->user->g, p->user->s, p->user->v, + p->user->info) < 0) { + *ad = SSL_AD_INTERNAL_ERROR; +- return SSL3_AL_FATAL; ++ goto err; + } + BIO_printf(bio_err, + "SRP parameters set: username = \"%s\" info=\"%s\" \n", + p->login, p->user->info); +- /* need to check whether there are memory leaks */ ++ ret = SSL_ERROR_NONE; ++ ++err: ++ SRP_user_pwd_free(p->user); + p->user = NULL; + p->login = NULL; +- return SSL_ERROR_NONE; ++ return ret; + } + + #endif +@@ -2244,9 +2250,10 @@ + #ifndef OPENSSL_NO_SRP + while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during write\n"); ++ SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = +- SRP_VBASE_get_by_user(srp_callback_parm.vb, +- srp_callback_parm.login); ++ SRP_VBASE_get1_by_user(srp_callback_parm.vb, ++ srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); +@@ -2300,9 +2307,10 @@ + #ifndef OPENSSL_NO_SRP + while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP renego during read\n"); ++ SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = +- SRP_VBASE_get_by_user(srp_callback_parm.vb, +- srp_callback_parm.login); ++ SRP_VBASE_get1_by_user(srp_callback_parm.vb, ++ srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); +@@ -2387,9 +2395,10 @@ + while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP during accept %s\n", + srp_callback_parm.login); ++ SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = +- SRP_VBASE_get_by_user(srp_callback_parm.vb, +- srp_callback_parm.login); ++ SRP_VBASE_get1_by_user(srp_callback_parm.vb, ++ srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); +@@ -2616,9 +2625,10 @@ + && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { + BIO_printf(bio_s_out, "LOOKUP during accept %s\n", + srp_callback_parm.login); ++ SRP_user_pwd_free(srp_callback_parm.user); + srp_callback_parm.user = +- SRP_VBASE_get_by_user(srp_callback_parm.vb, +- srp_callback_parm.login); ++ SRP_VBASE_get1_by_user(srp_callback_parm.vb, ++ srp_callback_parm.login); + if (srp_callback_parm.user) + BIO_printf(bio_s_out, "LOOKUP done %s\n", + srp_callback_parm.user->info); +@@ -2654,6 +2664,22 @@ + goto err; + } else { + BIO_printf(bio_s_out, "read R BLOCK\n"); ++#ifndef OPENSSL_NO_SRP ++ if (BIO_should_io_special(io) ++ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { ++ BIO_printf(bio_s_out, "LOOKUP renego during read\n"); ++ SRP_user_pwd_free(srp_callback_parm.user); ++ srp_callback_parm.user = ++ SRP_VBASE_get1_by_user(srp_callback_parm.vb, ++ srp_callback_parm.login); ++ if (srp_callback_parm.user) ++ BIO_printf(bio_s_out, "LOOKUP done %s\n", ++ srp_callback_parm.user->info); ++ else ++ BIO_printf(bio_s_out, "LOOKUP not successful\n"); ++ continue; ++ } ++#endif + #if defined(OPENSSL_SYS_NETWARE) + delay(1000); + #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) +--- crypto/openssl/crypto/bio/b_print.c.orig ++++ crypto/openssl/crypto/bio/b_print.c +@@ -125,16 +125,16 @@ + # define LLONG long + #endif + +-static void fmtstr(char **, char **, size_t *, size_t *, +- const char *, int, int, int); +-static void fmtint(char **, char **, size_t *, size_t *, +- LLONG, int, int, int, int); +-static void fmtfp(char **, char **, size_t *, size_t *, +- LDOUBLE, int, int, int); +-static void doapr_outch(char **, char **, size_t *, size_t *, int); +-static void _dopr(char **sbuffer, char **buffer, +- size_t *maxlen, size_t *retlen, int *truncated, +- const char *format, va_list args); ++static int fmtstr(char **, char **, size_t *, size_t *, ++ const char *, int, int, int); ++static int fmtint(char **, char **, size_t *, size_t *, ++ LLONG, int, int, int, int); ++static int fmtfp(char **, char **, size_t *, size_t *, ++ LDOUBLE, int, int, int); ++static int doapr_outch(char **, char **, size_t *, size_t *, int); ++static int _dopr(char **sbuffer, char **buffer, ++ size_t *maxlen, size_t *retlen, int *truncated, ++ const char *format, va_list args); + + /* format read states */ + #define DP_S_DEFAULT 0 +@@ -165,7 +165,7 @@ + #define char_to_int(p) (p - '0') + #define OSSL_MAX(p,q) ((p >= q) ? p : q) + +-static void ++static int + _dopr(char **sbuffer, + char **buffer, + size_t *maxlen, +@@ -196,7 +196,8 @@ + if (ch == '%') + state = DP_S_FLAGS; + else +- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); ++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) ++ return 0; + ch = *format++; + break; + case DP_S_FLAGS: +@@ -302,8 +303,9 @@ + value = va_arg(args, int); + break; + } +- fmtint(sbuffer, buffer, &currlen, maxlen, +- value, 10, min, max, flags); ++ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, ++ max, flags)) ++ return 0; + break; + case 'X': + flags |= DP_F_UP; +@@ -326,9 +328,10 @@ + value = (LLONG) va_arg(args, unsigned int); + break; + } +- fmtint(sbuffer, buffer, &currlen, maxlen, value, +- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), +- min, max, flags); ++ if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, ++ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), ++ min, max, flags)) ++ return 0; + break; + case 'f': + if (cflags == DP_C_LDOUBLE) +@@ -335,8 +338,9 @@ + fvalue = va_arg(args, LDOUBLE); + else + fvalue = va_arg(args, double); +- fmtfp(sbuffer, buffer, &currlen, maxlen, +- fvalue, min, max, flags); ++ if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, ++ flags)) ++ return 0; + break; + case 'E': + flags |= DP_F_UP; +@@ -355,8 +359,9 @@ + fvalue = va_arg(args, double); + break; + case 'c': +- doapr_outch(sbuffer, buffer, &currlen, maxlen, +- va_arg(args, int)); ++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ++ va_arg(args, int))) ++ return 0; + break; + case 's': + strvalue = va_arg(args, char *); +@@ -366,13 +371,15 @@ + else + max = *maxlen; + } +- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, +- flags, min, max); ++ if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, ++ flags, min, max)) ++ return 0; + break; + case 'p': + value = (long)va_arg(args, void *); +- fmtint(sbuffer, buffer, &currlen, maxlen, +- value, 16, min, max, flags | DP_F_NUM); ++ if (!fmtint(sbuffer, buffer, &currlen, maxlen, ++ value, 16, min, max, flags | DP_F_NUM)) ++ return 0; + break; + case 'n': /* XXX */ + if (cflags == DP_C_SHORT) { +@@ -394,7 +401,8 @@ + } + break; + case '%': +- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); ++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) ++ return 0; + break; + case 'w': + /* not supported yet, treat as next char */ +@@ -418,46 +426,56 @@ + *truncated = (currlen > *maxlen - 1); + if (*truncated) + currlen = *maxlen - 1; +- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); ++ if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) ++ return 0; + *retlen = currlen - 1; +- return; ++ return 1; + } + +-static void ++static int + fmtstr(char **sbuffer, + char **buffer, + size_t *currlen, + size_t *maxlen, const char *value, int flags, int min, int max) + { +- int padlen, strln; ++ int padlen; ++ size_t strln; + int cnt = 0; + + if (value == 0) + value = "<NULL>"; +- for (strln = 0; value[strln]; ++strln) ; ++ ++ strln = strlen(value); ++ if (strln > INT_MAX) ++ strln = INT_MAX; ++ + padlen = min - strln; +- if (padlen < 0) ++ if (min < 0 || padlen < 0) + padlen = 0; + if (flags & DP_F_MINUS) + padlen = -padlen; + + while ((padlen > 0) && (cnt < max)) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + --padlen; + ++cnt; + } + while (*value && (cnt < max)) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) ++ return 0; + ++cnt; + } + while ((padlen < 0) && (cnt < max)) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + ++padlen; + ++cnt; + } ++ return 1; + } + +-static void ++static int + fmtint(char **sbuffer, + char **buffer, + size_t *currlen, +@@ -517,17 +535,20 @@ + + /* spaces */ + while (spadlen > 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + --spadlen; + } + + /* sign */ + if (signvalue) +- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) ++ return 0; + + /* prefix */ + while (*prefix) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) ++ return 0; + prefix++; + } + +@@ -534,20 +555,24 @@ + /* zeros */ + if (zpadlen > 0) { + while (zpadlen > 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) ++ return 0; + --zpadlen; + } + } + /* digits */ +- while (place > 0) +- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); ++ while (place > 0) { ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) ++ return 0; ++ } + + /* left justified spaces */ + while (spadlen < 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + ++spadlen; + } +- return; ++ return 1; + } + + static LDOUBLE abs_val(LDOUBLE value) +@@ -578,7 +603,7 @@ + return intpart; + } + +-static void ++static int + fmtfp(char **sbuffer, + char **buffer, + size_t *currlen, +@@ -657,24 +682,29 @@ + + if ((flags & DP_F_ZERO) && (padlen > 0)) { + if (signvalue) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) ++ return 0; + --padlen; + signvalue = 0; + } + while (padlen > 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) ++ return 0; + --padlen; + } + } + while (padlen > 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + --padlen; + } +- if (signvalue) +- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); ++ if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) ++ return 0; + +- while (iplace > 0) +- doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); ++ while (iplace > 0) { ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) ++ return 0; ++ } + + /* + * Decimal point. This should probably use locale to find the correct +@@ -681,23 +711,32 @@ + * char to print out. + */ + if (max > 0 || (flags & DP_F_NUM)) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) ++ return 0; + +- while (fplace > 0) +- doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); ++ while (fplace > 0) { ++ if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ++ fconvert[--fplace])) ++ return 0; ++ } + } + while (zpadlen > 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) ++ return 0; + --zpadlen; + } + + while (padlen < 0) { +- doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); ++ if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) ++ return 0; + ++padlen; + } ++ return 1; + } + +-static void ++#define BUFFER_INC 1024 ++ ++static int + doapr_outch(char **sbuffer, + char **buffer, size_t *currlen, size_t *maxlen, int c) + { +@@ -708,13 +747,14 @@ + assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { +- *maxlen += 1024; ++ if (*maxlen > INT_MAX - BUFFER_INC) ++ return 0; ++ ++ *maxlen += BUFFER_INC; + if (*buffer == NULL) { + *buffer = OPENSSL_malloc(*maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; +- } ++ if (*buffer == NULL) ++ return 0; + if (*currlen > 0) { + assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); +@@ -721,11 +761,11 @@ + } + *sbuffer = NULL; + } else { +- *buffer = OPENSSL_realloc(*buffer, *maxlen); +- if (!*buffer) { +- /* Panic! Can't really do anything sensible. Just return */ +- return; +- } ++ char *tmpbuf; ++ tmpbuf = OPENSSL_realloc(*buffer, *maxlen); ++ if (tmpbuf == NULL) ++ return 0; ++ *buffer = tmpbuf; + } + } + +@@ -736,7 +776,7 @@ + (*buffer)[(*currlen)++] = (char)c; + } + +- return; ++ return 1; + } + + /***************************************************************************/ +@@ -768,7 +808,11 @@ + + dynbuf = NULL; + CRYPTO_push_info("doapr()"); +- _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); ++ if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, ++ args)) { ++ OPENSSL_free(dynbuf); ++ return -1; ++ } + if (dynbuf) { + ret = BIO_write(bio, dynbuf, (int)retlen); + OPENSSL_free(dynbuf); +@@ -803,7 +847,8 @@ + size_t retlen; + int truncated; + +- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); ++ if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) ++ return -1; + + if (truncated) + /* +--- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl.orig ++++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl +@@ -66,7 +66,8 @@ + .align 16 + .Lmul_enter: + mov ${num}d,${num}d +- mov `($win64?56:8)`(%rsp),%r10d # load 7th argument ++ movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument ++ lea .Linc(%rip),%r10 + push %rbx + push %rbp + push %r12 +@@ -73,53 +74,105 @@ + push %r13 + push %r14 + push %r15 +-___ +-$code.=<<___ if ($win64); +- lea -0x28(%rsp),%rsp +- movaps %xmm6,(%rsp) +- movaps %xmm7,0x10(%rsp) ++ + .Lmul_alloca: +-___ +-$code.=<<___; + mov %rsp,%rax + lea 2($num),%r11 + neg %r11 +- lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)) ++ lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8) + and \$-1024,%rsp # minimize TLB usage + + mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp + .Lmul_body: +- mov $bp,%r12 # reassign $bp ++ lea 128($bp),%r12 # reassign $bp (+size optimization) + ___ + $bp="%r12"; + $STRIDE=2**5*8; # 5 is "window size" + $N=$STRIDE/4; # should match cache line size + $code.=<<___; +- mov %r10,%r11 +- shr \$`log($N/8)/log(2)`,%r10 +- and \$`$N/8-1`,%r11 +- not %r10 +- lea .Lmagic_masks(%rip),%rax +- and \$`2**5/($N/8)-1`,%r10 # 5 is "window size" +- lea 96($bp,%r11,8),$bp # pointer within 1st cache line +- movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which +- movq 8(%rax,%r10,8),%xmm5 # cache line contains element +- movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument +- movq 24(%rax,%r10,8),%xmm7 ++ movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 ++ movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 ++ lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) ++ and \$-16,%r10 + +- movq `0*$STRIDE/4-96`($bp),%xmm0 +- movq `1*$STRIDE/4-96`($bp),%xmm1 +- pand %xmm4,%xmm0 +- movq `2*$STRIDE/4-96`($bp),%xmm2 +- pand %xmm5,%xmm1 +- movq `3*$STRIDE/4-96`($bp),%xmm3 +- pand %xmm6,%xmm2 ++ pshufd \$0,%xmm5,%xmm5 # broadcast index *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603101018.u2AAIJlG004135>