Date: Mon, 26 Sep 2005 09:59:50 -0400 (EDT) From: Mike Tancsa <mike@sentex.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: i386/86598: Bug in OpenSSL Padlock Engine (simple patch attached) Message-ID: <200509261359.j8QDxob3092341@verify1.sentex.ca> Resent-Message-ID: <200509261400.j8QE0W5f056395@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 86598 >Category: i386 >Synopsis: Bug in OpenSSL Padlock Engine (simple patch attached) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 26 14:00:32 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Mike Tancsa >Release: FreeBSD 6.0-BETA4 i386 >Organization: Sentex Communications >Environment: System: FreeBSD verify1.sentex.ca 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 12 14:22:56 EDT 2005 mdtancsa@verify1.sentex.ca:/usr/obj/usr/src/sys/verify i386 >Description: There is a bug in the base version of OpenSSL that gets tripped when using the padlock engine. A full discussion and analysis can be found at http://sourceforge.net/mailarchive/message.php?msg_id=11410111 >How-To-Repeat: The bug gets triggered using openvpn with engine padlock. The issue will typically show up when transmitting small packets across an openvpn tunnel. >Fix: Simple patch to correct the issue at http://cvs.openssl.org/chngview?cn=13061 This is in the openssl cvs so the next version will incorporate the bug fix --- eng_padlock.c 2005/04/04 17:05:06 1.12 +++ eng_padlock.c 2005/04/14 07:41:29 1.13 @@ -395,10 +395,10 @@ " jnc 1f\n" " cmp %2,%1\n" " je 1f\n" -" mov %2,%0\n" " popfl\n" " sub $4,%%esp\n" -"1: add $4,%%esp" +"1: add $4,%%esp\n" +" mov %2,%0" :"+m"(padlock_saved_context) : "r"(padlock_saved_context), "r"(cdata) : "cc"); } @@ -521,10 +521,10 @@ jnc skip cmp ecx,padlock_saved_context je skip - mov padlock_saved_context,ecx popfd sub esp,4 skip: add esp,4 + mov padlock_saved_context,ecx } } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509261359.j8QDxob3092341>