~ubuntu-branches/ubuntu/lucid/openssl/lucid-security
» Revision
60
: debian/patches/CVE-2014-3570.patch
« back to all changes in this revision
Viewing changes to debian/patches/CVE-2014-3570.patch
- browse files at revision 60
- compare with another revision
- compare with revision 49
- download diff
- download tarball
- view history from revision 60
- Committer: Package Import Robot
- Author(s): Marc Deslauriers
- Date: 2015-01-09 11:16:50 UTC
- Revision ID: package-import@ubuntu.com-20150109111650-y2372iikqlq6prj3
Tags: 0.9.8k-7ubuntu8.23
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
added
removed
debian/patches/CVE-2014-3570.patch
1
From 4b4c0a19211bf73d81de52de697a1a9dc60aed82 Mon Sep 17 00:00:00 2001
2
From: Andy Polyakov <appro@openssl.org>
3
Date: Mon, 5 Jan 2015 14:52:56 +0100
4
Subject: [PATCH] Fix for CVE-2014-3570.
5
6
Reviewed-by: Emilia Kasper <emilia@openssl.org>
7
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
8
---
9
crypto/bn/asm/mips3.s | 514 ++++++++++++++++++++++----------------------
10
crypto/bn/asm/x86_64-gcc.c | 34 ++-
11
crypto/bn/bn_asm.c | 16 +-
12
crypto/bn/bntest.c | 102 ++++++---
13
4 files changed, 360 insertions(+), 306 deletions(-)
14
15
Index: openssl-0.9.8k/crypto/bn/asm/mips3.s
16
===================================================================
17
--- openssl-0.9.8k.orig/crypto/bn/asm/mips3.s 2015-01-09 11:13:58.810255208 -0500
18
+++ openssl-0.9.8k/crypto/bn/asm/mips3.s 2015-01-09 11:13:58.806255173 -0500
19
@@ -1584,17 +1584,17 @@
20
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
21
mflo t_1
22
mfhi t_2
23
- slt c_2,t_2,zero
24
- dsll t_2,1
25
- slt a2,t_1,zero
26
- daddu t_2,a2
27
- dsll t_1,1
28
daddu c_3,t_1
29
sltu AT,c_3,t_1
30
- daddu t_2,AT
31
+ daddu c_3,t_1
32
+ daddu AT,t_2
33
+ sltu t_1,c_3,t_1
34
+ daddu c_1,AT
35
+ daddu t_2,t_1
36
+ sltu c_2,c_1,AT
37
daddu c_1,t_2
38
- sltu AT,c_1,t_2
39
- daddu c_2,AT
40
+ sltu t_2,c_1,t_2
41
+ daddu c_2,t_2
42
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
43
mflo t_1
44
mfhi t_2
45
@@ -1609,63 +1609,63 @@
46
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
47
mflo t_1
48
mfhi t_2
49
- slt c_3,t_2,zero
50
- dsll t_2,1
51
- slt a2,t_1,zero
52
- daddu t_2,a2
53
- dsll t_1,1
54
daddu c_1,t_1
55
sltu AT,c_1,t_1
56
- daddu t_2,AT
57
+ daddu c_1,t_1
58
+ daddu AT,t_2
59
+ sltu t_1,c_1,t_1
60
+ daddu c_2,AT
61
+ daddu t_2,t_1
62
+ sltu c_3,c_2,AT
63
daddu c_2,t_2
64
- sltu AT,c_2,t_2
65
- daddu c_3,AT
66
+ sltu t_2,c_2,t_2
67
+ daddu c_3,t_2
68
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
69
mflo t_1
70
mfhi t_2
71
- slt AT,t_2,zero
72
- daddu c_3,AT
73
- dsll t_2,1
74
- slt a2,t_1,zero
75
- daddu t_2,a2
76
- dsll t_1,1
77
daddu c_1,t_1
78
sltu AT,c_1,t_1
79
- daddu t_2,AT
80
+ daddu c_1,t_1
81
+ daddu AT,t_2
82
+ sltu t_1,c_1,t_1
83
+ daddu c_2,AT
84
+ daddu t_2,t_1
85
+ sltu AT,c_2,AT
86
daddu c_2,t_2
87
- sltu AT,c_2,t_2
88
daddu c_3,AT
89
+ sltu t_2,c_2,t_2
90
+ daddu c_3,t_2
91
sd c_1,24(a0)
92
93
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
94
mflo t_1
95
mfhi t_2
96
- slt c_1,t_2,zero
97
- dsll t_2,1
98
- slt a2,t_1,zero
99
- daddu t_2,a2
100
- dsll t_1,1
101
daddu c_2,t_1
102
sltu AT,c_2,t_1
103
- daddu t_2,AT
104
+ daddu c_2,t_1
105
+ daddu AT,t_2
106
+ sltu t_1,c_2,t_1
107
+ daddu c_3,AT
108
+ daddu t_2,t_1
109
+ sltu c_1,c_3,AT
110
daddu c_3,t_2
111
- sltu AT,c_3,t_2
112
- daddu c_1,AT
113
+ sltu t_2,c_3,t_2
114
+ daddu c_1,t_2
115
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
116
mflo t_1
117
mfhi t_2
118
- slt AT,t_2,zero
119
- daddu c_1,AT
120
- dsll t_2,1
121
- slt a2,t_1,zero
122
- daddu t_2,a2
123
- dsll t_1,1
124
daddu c_2,t_1
125
sltu AT,c_2,t_1
126
- daddu t_2,AT
127
+ daddu c_2,t_1
128
+ daddu AT,t_2
129
+ sltu t_1,c_2,t_1
130
+ daddu c_3,AT
131
+ daddu t_2,t_1
132
+ sltu AT,c_3,AT
133
daddu c_3,t_2
134
- sltu AT,c_3,t_2
135
daddu c_1,AT
136
+ sltu t_2,c_3,t_2
137
+ daddu c_1,t_2
138
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
139
mflo t_1
140
mfhi t_2
141
@@ -1680,93 +1680,93 @@
142
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
143
mflo t_1
144
mfhi t_2
145
- slt c_2,t_2,zero
146
- dsll t_2,1
147
- slt a2,t_1,zero
148
- daddu t_2,a2
149
- dsll t_1,1
150
daddu c_3,t_1
151
sltu AT,c_3,t_1
152
- daddu t_2,AT
153
+ daddu c_3,t_1
154
+ daddu AT,t_2
155
+ sltu t_1,c_3,t_1
156
+ daddu c_1,AT
157
+ daddu t_2,t_1
158
+ sltu c_2,c_1,AT
159
daddu c_1,t_2
160
- sltu AT,c_1,t_2
161
- daddu c_2,AT
162
+ sltu t_2,c_1,t_2
163
+ daddu c_2,t_2
164
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
165
mflo t_1
166
mfhi t_2
167
- slt AT,t_2,zero
168
- daddu c_2,AT
169
- dsll t_2,1
170
- slt a2,t_1,zero
171
- daddu t_2,a2
172
- dsll t_1,1
173
daddu c_3,t_1
174
sltu AT,c_3,t_1
175
- daddu t_2,AT
176
+ daddu c_3,t_1
177
+ daddu AT,t_2
178
+ sltu t_1,c_3,t_1
179
+ daddu c_1,AT
180
+ daddu t_2,t_1
181
+ sltu AT,c_1,AT
182
daddu c_1,t_2
183
- sltu AT,c_1,t_2
184
daddu c_2,AT
185
+ sltu t_2,c_1,t_2
186
+ daddu c_2,t_2
187
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
188
mflo t_1
189
mfhi t_2
190
- slt AT,t_2,zero
191
- daddu c_2,AT
192
- dsll t_2,1
193
- slt a2,t_1,zero
194
- daddu t_2,a2
195
- dsll t_1,1
196
daddu c_3,t_1
197
sltu AT,c_3,t_1
198
- daddu t_2,AT
199
+ daddu c_3,t_1
200
+ daddu AT,t_2
201
+ sltu t_1,c_3,t_1
202
+ daddu c_1,AT
203
+ daddu t_2,t_1
204
+ sltu AT,c_1,AT
205
daddu c_1,t_2
206
- sltu AT,c_1,t_2
207
daddu c_2,AT
208
+ sltu t_2,c_1,t_2
209
+ daddu c_2,t_2
210
sd c_3,40(a0)
211
212
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
213
mflo t_1
214
mfhi t_2
215
- slt c_3,t_2,zero
216
- dsll t_2,1
217
- slt a2,t_1,zero
218
- daddu t_2,a2
219
- dsll t_1,1
220
daddu c_1,t_1
221
sltu AT,c_1,t_1
222
- daddu t_2,AT
223
+ daddu c_1,t_1
224
+ daddu AT,t_2
225
+ sltu t_1,c_1,t_1
226
+ daddu c_2,AT
227
+ daddu t_2,t_1
228
+ sltu c_3,c_2,AT
229
daddu c_2,t_2
230
- sltu AT,c_2,t_2
231
- daddu c_3,AT
232
+ sltu t_2,c_2,t_2
233
+ daddu c_3,t_2
234
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
235
mflo t_1
236
mfhi t_2
237
- slt AT,t_2,zero
238
- daddu c_3,AT
239
- dsll t_2,1
240
- slt a2,t_1,zero
241
- daddu t_2,a2
242
- dsll t_1,1
243
daddu c_1,t_1
244
sltu AT,c_1,t_1
245
- daddu t_2,AT
246
+ daddu c_1,t_1
247
+ daddu AT,t_2
248
+ sltu t_1,c_1,t_1
249
+ daddu c_2,AT
250
+ daddu t_2,t_1
251
+ sltu AT,c_2,AT
252
daddu c_2,t_2
253
- sltu AT,c_2,t_2
254
daddu c_3,AT
255
+ sltu t_2,c_2,t_2
256
+ daddu c_3,t_2
257
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
258
mflo t_1
259
mfhi t_2
260
- slt AT,t_2,zero
261
- daddu c_3,AT
262
- dsll t_2,1
263
- slt a2,t_1,zero
264
- daddu t_2,a2
265
- dsll t_1,1
266
daddu c_1,t_1
267
sltu AT,c_1,t_1
268
- daddu t_2,AT
269
+ daddu c_1,t_1
270
+ daddu AT,t_2
271
+ sltu t_1,c_1,t_1
272
+ daddu c_2,AT
273
+ daddu t_2,t_1
274
+ sltu AT,c_2,AT
275
daddu c_2,t_2
276
- sltu AT,c_2,t_2
277
daddu c_3,AT
278
+ sltu t_2,c_2,t_2
279
+ daddu c_3,t_2
280
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
281
mflo t_1
282
mfhi t_2
283
@@ -1781,108 +1781,108 @@
284
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
285
mflo t_1
286
mfhi t_2
287
- slt c_1,t_2,zero
288
- dsll t_2,1
289
- slt a2,t_1,zero
290
- daddu t_2,a2
291
- dsll t_1,1
292
daddu c_2,t_1
293
sltu AT,c_2,t_1
294
- daddu t_2,AT
295
+ daddu c_2,t_1
296
+ daddu AT,t_2
297
+ sltu t_1,c_2,t_1
298
+ daddu c_3,AT
299
+ daddu t_2,t_1
300
+ sltu c_1,c_3,AT
301
daddu c_3,t_2
302
- sltu AT,c_3,t_2
303
- daddu c_1,AT
304
+ sltu t_2,c_3,t_2
305
+ daddu c_1,t_2
306
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
307
mflo t_1
308
mfhi t_2
309
- slt AT,t_2,zero
310
- daddu c_1,AT
311
- dsll t_2,1
312
- slt a2,t_1,zero
313
- daddu t_2,a2
314
- dsll t_1,1
315
daddu c_2,t_1
316
sltu AT,c_2,t_1
317
- daddu t_2,AT
318
+ daddu c_2,t_1
319
+ daddu AT,t_2
320
+ sltu t_1,c_2,t_1
321
+ daddu c_3,AT
322
+ daddu t_2,t_1
323
+ sltu AT,c_3,AT
324
daddu c_3,t_2
325
- sltu AT,c_3,t_2
326
daddu c_1,AT
327
+ sltu t_2,c_3,t_2
328
+ daddu c_1,t_2
329
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
330
mflo t_1
331
mfhi t_2
332
- slt AT,t_2,zero
333
- daddu c_1,AT
334
- dsll t_2,1
335
- slt a2,t_1,zero
336
- daddu t_2,a2
337
- dsll t_1,1
338
daddu c_2,t_1
339
sltu AT,c_2,t_1
340
- daddu t_2,AT
341
+ daddu c_2,t_1
342
+ daddu AT,t_2
343
+ sltu t_1,c_2,t_1
344
+ daddu c_3,AT
345
+ daddu t_2,t_1
346
+ sltu AT,c_3,AT
347
daddu c_3,t_2
348
- sltu AT,c_3,t_2
349
daddu c_1,AT
350
+ sltu t_2,c_3,t_2
351
+ daddu c_1,t_2
352
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
353
mflo t_1
354
mfhi t_2
355
- slt AT,t_2,zero
356
- daddu c_1,AT
357
- dsll t_2,1
358
- slt a2,t_1,zero
359
- daddu t_2,a2
360
- dsll t_1,1
361
daddu c_2,t_1
362
sltu AT,c_2,t_1
363
- daddu t_2,AT
364
+ daddu c_2,t_1
365
+ daddu AT,t_2
366
+ sltu t_1,c_2,t_1
367
+ daddu c_3,AT
368
+ daddu t_2,t_1
369
+ sltu AT,c_3,AT
370
daddu c_3,t_2
371
- sltu AT,c_3,t_2
372
daddu c_1,AT
373
+ sltu t_2,c_3,t_2
374
+ daddu c_1,t_2
375
sd c_2,56(a0)
376
377
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
378
mflo t_1
379
mfhi t_2
380
- slt c_2,t_2,zero
381
- dsll t_2,1
382
- slt a2,t_1,zero
383
- daddu t_2,a2
384
- dsll t_1,1
385
daddu c_3,t_1
386
sltu AT,c_3,t_1
387
- daddu t_2,AT
388
+ daddu c_3,t_1
389
+ daddu AT,t_2
390
+ sltu t_1,c_3,t_1
391
+ daddu c_1,AT
392
+ daddu t_2,t_1
393
+ sltu c_2,c_1,AT
394
daddu c_1,t_2
395
- sltu AT,c_1,t_2
396
- daddu c_2,AT
397
+ sltu t_2,c_1,t_2
398
+ daddu c_2,t_2
399
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
400
mflo t_1
401
mfhi t_2
402
- slt AT,t_2,zero
403
- daddu c_2,AT
404
- dsll t_2,1
405
- slt a2,t_1,zero
406
- daddu t_2,a2
407
- dsll t_1,1
408
daddu c_3,t_1
409
sltu AT,c_3,t_1
410
- daddu t_2,AT
411
+ daddu c_3,t_1
412
+ daddu AT,t_2
413
+ sltu t_1,c_3,t_1
414
+ daddu c_1,AT
415
+ daddu t_2,t_1
416
+ sltu AT,c_1,AT
417
daddu c_1,t_2
418
- sltu AT,c_1,t_2
419
daddu c_2,AT
420
+ sltu t_2,c_1,t_2
421
+ daddu c_2,t_2
422
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
423
mflo t_1
424
mfhi t_2
425
- slt AT,t_2,zero
426
- daddu c_2,AT
427
- dsll t_2,1
428
- slt a2,t_1,zero
429
- daddu t_2,a2
430
- dsll t_1,1
431
daddu c_3,t_1
432
sltu AT,c_3,t_1
433
- daddu t_2,AT
434
+ daddu c_3,t_1
435
+ daddu AT,t_2
436
+ sltu t_1,c_3,t_1
437
+ daddu c_1,AT
438
+ daddu t_2,t_1
439
+ sltu AT,c_1,AT
440
daddu c_1,t_2
441
- sltu AT,c_1,t_2
442
daddu c_2,AT
443
+ sltu t_2,c_1,t_2
444
+ daddu c_2,t_2
445
dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
446
mflo t_1
447
mfhi t_2
448
@@ -1897,78 +1897,78 @@
449
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
450
mflo t_1
451
mfhi t_2
452
- slt c_3,t_2,zero
453
- dsll t_2,1
454
- slt a2,t_1,zero
455
- daddu t_2,a2
456
- dsll t_1,1
457
daddu c_1,t_1
458
sltu AT,c_1,t_1
459
- daddu t_2,AT
460
+ daddu c_1,t_1
461
+ daddu AT,t_2
462
+ sltu t_1,c_1,t_1
463
+ daddu c_2,AT
464
+ daddu t_2,t_1
465
+ sltu c_3,c_2,AT
466
daddu c_2,t_2
467
- sltu AT,c_2,t_2
468
- daddu c_3,AT
469
+ sltu t_2,c_2,t_2
470
+ daddu c_3,t_2
471
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
472
mflo t_1
473
mfhi t_2
474
- slt AT,t_2,zero
475
- daddu c_3,AT
476
- dsll t_2,1
477
- slt a2,t_1,zero
478
- daddu t_2,a2
479
- dsll t_1,1
480
daddu c_1,t_1
481
sltu AT,c_1,t_1
482
- daddu t_2,AT
483
+ daddu c_1,t_1
484
+ daddu AT,t_2
485
+ sltu t_1,c_1,t_1
486
+ daddu c_2,AT
487
+ daddu t_2,t_1
488
+ sltu AT,c_2,AT
489
daddu c_2,t_2
490
- sltu AT,c_2,t_2
491
daddu c_3,AT
492
+ sltu t_2,c_2,t_2
493
+ daddu c_3,t_2
494
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
495
mflo t_1
496
mfhi t_2
497
- slt AT,t_2,zero
498
- daddu c_3,AT
499
- dsll t_2,1
500
- slt a2,t_1,zero
501
- daddu t_2,a2
502
- dsll t_1,1
503
daddu c_1,t_1
504
sltu AT,c_1,t_1
505
- daddu t_2,AT
506
+ daddu c_1,t_1
507
+ daddu AT,t_2
508
+ sltu t_1,c_1,t_1
509
+ daddu c_2,AT
510
+ daddu t_2,t_1
511
+ sltu AT,c_2,AT
512
daddu c_2,t_2
513
- sltu AT,c_2,t_2
514
daddu c_3,AT
515
+ sltu t_2,c_2,t_2
516
+ daddu c_3,t_2
517
sd c_1,72(a0)
518
519
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
520
mflo t_1
521
mfhi t_2
522
- slt c_1,t_2,zero
523
- dsll t_2,1
524
- slt a2,t_1,zero
525
- daddu t_2,a2
526
- dsll t_1,1
527
daddu c_2,t_1
528
sltu AT,c_2,t_1
529
- daddu t_2,AT
530
+ daddu c_2,t_1
531
+ daddu AT,t_2
532
+ sltu t_1,c_2,t_1
533
+ daddu c_3,AT
534
+ daddu t_2,t_1
535
+ sltu c_1,c_3,AT
536
daddu c_3,t_2
537
- sltu AT,c_3,t_2
538
- daddu c_1,AT
539
+ sltu t_2,c_3,t_2
540
+ daddu c_1,t_2
541
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
542
mflo t_1
543
mfhi t_2
544
- slt AT,t_2,zero
545
- daddu c_1,AT
546
- dsll t_2,1
547
- slt a2,t_1,zero
548
- daddu t_2,a2
549
- dsll t_1,1
550
daddu c_2,t_1
551
sltu AT,c_2,t_1
552
- daddu t_2,AT
553
+ daddu c_2,t_1
554
+ daddu AT,t_2
555
+ sltu t_1,c_2,t_1
556
+ daddu c_3,AT
557
+ daddu t_2,t_1
558
+ sltu AT,c_3,AT
559
daddu c_3,t_2
560
- sltu AT,c_3,t_2
561
daddu c_1,AT
562
+ sltu t_2,c_3,t_2
563
+ daddu c_1,t_2
564
dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
565
mflo t_1
566
mfhi t_2
567
@@ -1983,48 +1983,48 @@
568
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
569
mflo t_1
570
mfhi t_2
571
- slt c_2,t_2,zero
572
- dsll t_2,1
573
- slt a2,t_1,zero
574
- daddu t_2,a2
575
- dsll t_1,1
576
daddu c_3,t_1
577
sltu AT,c_3,t_1
578
- daddu t_2,AT
579
+ daddu c_3,t_1
580
+ daddu AT,t_2
581
+ sltu t_1,c_3,t_1
582
+ daddu c_1,AT
583
+ daddu t_2,t_1
584
+ sltu c_2,c_1,AT
585
daddu c_1,t_2
586
- sltu AT,c_1,t_2
587
- daddu c_2,AT
588
+ sltu t_2,c_1,t_2
589
+ daddu c_2,t_2
590
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
591
mflo t_1
592
mfhi t_2
593
- slt AT,t_2,zero
594
- daddu c_2,AT
595
- dsll t_2,1
596
- slt a2,t_1,zero
597
- daddu t_2,a2
598
- dsll t_1,1
599
daddu c_3,t_1
600
sltu AT,c_3,t_1
601
- daddu t_2,AT
602
+ daddu c_3,t_1
603
+ daddu AT,t_2
604
+ sltu t_1,c_3,t_1
605
+ daddu c_1,AT
606
+ daddu t_2,t_1
607
+ sltu AT,c_1,AT
608
daddu c_1,t_2
609
- sltu AT,c_1,t_2
610
daddu c_2,AT
611
+ sltu t_2,c_1,t_2
612
+ daddu c_2,t_2
613
sd c_3,88(a0)
614
615
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
616
mflo t_1
617
mfhi t_2
618
- slt c_3,t_2,zero
619
- dsll t_2,1
620
- slt a2,t_1,zero
621
- daddu t_2,a2
622
- dsll t_1,1
623
daddu c_1,t_1
624
sltu AT,c_1,t_1
625
- daddu t_2,AT
626
+ daddu c_1,t_1
627
+ daddu AT,t_2
628
+ sltu t_1,c_1,t_1
629
+ daddu c_2,AT
630
+ daddu t_2,t_1
631
+ sltu c_3,c_2,AT
632
daddu c_2,t_2
633
- sltu AT,c_2,t_2
634
- daddu c_3,AT
635
+ sltu t_2,c_2,t_2
636
+ daddu c_3,t_2
637
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
638
mflo t_1
639
mfhi t_2
640
@@ -2039,17 +2039,17 @@
641
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
642
mflo t_1
643
mfhi t_2
644
- slt c_1,t_2,zero
645
- dsll t_2,1
646
- slt a2,t_1,zero
647
- daddu t_2,a2
648
- dsll t_1,1
649
daddu c_2,t_1
650
sltu AT,c_2,t_1
651
- daddu t_2,AT
652
+ daddu c_2,t_1
653
+ daddu AT,t_2
654
+ sltu t_1,c_2,t_1
655
+ daddu c_3,AT
656
+ daddu t_2,t_1
657
+ sltu c_1,c_3,AT
658
daddu c_3,t_2
659
- sltu AT,c_3,t_2
660
- daddu c_1,AT
661
+ sltu t_2,c_3,t_2
662
+ daddu c_1,t_2
663
sd c_2,104(a0)
664
665
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
666
@@ -2070,9 +2070,9 @@
667
.set reorder
668
ld a_0,0(a1)
669
ld a_1,8(a1)
670
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
671
ld a_2,16(a1)
672
ld a_3,24(a1)
673
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
674
mflo c_1
675
mfhi c_2
676
sd c_1,0(a0)
677
@@ -2093,17 +2093,17 @@
678
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
679
mflo t_1
680
mfhi t_2
681
- slt c_2,t_2,zero
682
- dsll t_2,1
683
- slt a2,t_1,zero
684
- daddu t_2,a2
685
- dsll t_1,1
686
daddu c_3,t_1
687
sltu AT,c_3,t_1
688
- daddu t_2,AT
689
+ daddu c_3,t_1
690
+ daddu AT,t_2
691
+ sltu t_1,c_3,t_1
692
+ daddu c_1,AT
693
+ daddu t_2,t_1
694
+ sltu c_2,c_1,AT
695
daddu c_1,t_2
696
- sltu AT,c_1,t_2
697
- daddu c_2,AT
698
+ sltu t_2,c_1,t_2
699
+ daddu c_2,t_2
700
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
701
mflo t_1
702
mfhi t_2
703
@@ -2118,48 +2118,48 @@
704
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
705
mflo t_1
706
mfhi t_2
707
- slt c_3,t_2,zero
708
- dsll t_2,1
709
- slt a2,t_1,zero
710
- daddu t_2,a2
711
- dsll t_1,1
712
daddu c_1,t_1
713
sltu AT,c_1,t_1
714
- daddu t_2,AT
715
+ daddu c_1,t_1
716
+ daddu AT,t_2
717
+ sltu t_1,c_1,t_1
718
+ daddu c_2,AT
719
+ daddu t_2,t_1
720
+ sltu c_3,c_2,AT
721
daddu c_2,t_2
722
- sltu AT,c_2,t_2
723
- daddu c_3,AT
724
+ sltu t_2,c_2,t_2
725
+ daddu c_3,t_2
726
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
727
mflo t_1
728
mfhi t_2
729
- slt AT,t_2,zero
730
- daddu c_3,AT
731
- dsll t_2,1
732
- slt a2,t_1,zero
733
- daddu t_2,a2
734
- dsll t_1,1
735
daddu c_1,t_1
736
sltu AT,c_1,t_1
737
- daddu t_2,AT
738
+ daddu c_1,t_1
739
+ daddu AT,t_2
740
+ sltu t_1,c_1,t_1
741
+ daddu c_2,AT
742
+ daddu t_2,t_1
743
+ sltu AT,c_2,AT
744
daddu c_2,t_2
745
- sltu AT,c_2,t_2
746
daddu c_3,AT
747
+ sltu t_2,c_2,t_2
748
+ daddu c_3,t_2
749
sd c_1,24(a0)
750
751
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
752
mflo t_1
753
mfhi t_2
754
- slt c_1,t_2,zero
755
- dsll t_2,1
756
- slt a2,t_1,zero
757
- daddu t_2,a2
758
- dsll t_1,1
759
daddu c_2,t_1
760
sltu AT,c_2,t_1
761
- daddu t_2,AT
762
+ daddu c_2,t_1
763
+ daddu AT,t_2
764
+ sltu t_1,c_2,t_1
765
+ daddu c_3,AT
766
+ daddu t_2,t_1
767
+ sltu c_1,c_3,AT
768
daddu c_3,t_2
769
- sltu AT,c_3,t_2
770
- daddu c_1,AT
771
+ sltu t_2,c_3,t_2
772
+ daddu c_1,t_2
773
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
774
mflo t_1
775
mfhi t_2
776
@@ -2174,17 +2174,17 @@
777
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
778
mflo t_1
779
mfhi t_2
780
- slt c_2,t_2,zero
781
- dsll t_2,1
782
- slt a2,t_1,zero
783
- daddu t_2,a2
784
- dsll t_1,1
785
daddu c_3,t_1
786
sltu AT,c_3,t_1
787
- daddu t_2,AT
788
+ daddu c_3,t_1
789
+ daddu AT,t_2
790
+ sltu t_1,c_3,t_1
791
+ daddu c_1,AT
792
+ daddu t_2,t_1
793
+ sltu c_2,c_1,AT
794
daddu c_1,t_2
795
- sltu AT,c_1,t_2
796
- daddu c_2,AT
797
+ sltu t_2,c_1,t_2
798
+ daddu c_2,t_2
799
sd c_3,40(a0)
800
801
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
802
Index: openssl-0.9.8k/crypto/bn/asm/x86_64-gcc.c
803
===================================================================
804
--- openssl-0.9.8k.orig/crypto/bn/asm/x86_64-gcc.c 2015-01-09 11:13:58.810255208 -0500
805
+++ openssl-0.9.8k/crypto/bn/asm/x86_64-gcc.c 2015-01-09 11:13:58.806255173 -0500
806
@@ -264,6 +264,10 @@
807
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
808
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
809
810
+/*
811
+ * Keep in mind that carrying into high part of multiplication result
812
+ * can not overflow, because it cannot be all-ones.
813
+ */
814
#if 0
815
/* original macros are kept for reference purposes */
816
#define mul_add_c(a,b,c0,c1,c2) { \
817
@@ -278,10 +282,10 @@
818
BN_ULONG ta=(a),tb=(b),t0; \
819
t1 = BN_UMULT_HIGH(ta,tb); \
820
t0 = ta * tb; \
821
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
822
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
823
- c0 += t1; t2 += (c0<t1)?1:0; \
824
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
825
c1 += t2; c2 += (c1<t2)?1:0; \
826
+ c0 += t0; t1 += (c0<t0)?1:0; \
827
+ c1 += t1; c2 += (c1<t1)?1:0; \
828
}
829
#else
830
#define mul_add_c(a,b,c0,c1,c2) do { \
831
@@ -319,22 +323,14 @@
832
: "=a"(t1),"=d"(t2) \
833
: "a"(a),"m"(b) \
834
: "cc"); \
835
- asm ("addq %0,%0; adcq %2,%1" \
836
- : "+d"(t2),"+r"(c2) \
837
- : "g"(0) \
838
- : "cc"); \
839
- asm ("addq %0,%0; adcq %2,%1" \
840
- : "+a"(t1),"+d"(t2) \
841
- : "g"(0) \
842
- : "cc"); \
843
- asm ("addq %2,%0; adcq %3,%1" \
844
- : "+r"(c0),"+d"(t2) \
845
- : "a"(t1),"g"(0) \
846
- : "cc"); \
847
- asm ("addq %2,%0; adcq %3,%1" \
848
- : "+r"(c1),"+r"(c2) \
849
- : "d"(t2),"g"(0) \
850
- : "cc"); \
851
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
852
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
853
+ : "r"(t1),"r"(t2),"g"(0) \
854
+ : "cc"); \
855
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
856
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
857
+ : "r"(t1),"r"(t2),"g"(0) \
858
+ : "cc"); \
859
} while (0)
860
#endif
861
862
Index: openssl-0.9.8k/crypto/bn/bn_asm.c
863
===================================================================
864
--- openssl-0.9.8k.orig/crypto/bn/bn_asm.c 2015-01-09 11:13:58.810255208 -0500
865
+++ openssl-0.9.8k/crypto/bn/bn_asm.c 2015-01-09 11:13:58.806255173 -0500
866
@@ -431,6 +431,10 @@
867
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
868
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
869
870
+/*
871
+ * Keep in mind that carrying into high part of multiplication result
872
+ * can not overflow, because it cannot be all-ones.
873
+ */
874
#ifdef BN_LLONG
875
#define mul_add_c(a,b,c0,c1,c2) \
876
t=(BN_ULLONG)a*b; \
877
@@ -471,10 +475,10 @@
878
#define mul_add_c2(a,b,c0,c1,c2) { \
879
BN_ULONG ta=(a),tb=(b),t0; \
880
BN_UMULT_LOHI(t0,t1,ta,tb); \
881
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
882
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
883
- c0 += t1; t2 += (c0<t1)?1:0; \
884
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
885
c1 += t2; c2 += (c1<t2)?1:0; \
886
+ c0 += t0; t1 += (c0<t0)?1:0; \
887
+ c1 += t1; c2 += (c1<t1)?1:0; \
888
}
889
890
#define sqr_add_c(a,i,c0,c1,c2) { \
891
@@ -501,10 +505,10 @@
892
BN_ULONG ta=(a),tb=(b),t0; \
893
t1 = BN_UMULT_HIGH(ta,tb); \
894
t0 = ta * tb; \
895
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
896
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
897
- c0 += t1; t2 += (c0<t1)?1:0; \
898
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
899
c1 += t2; c2 += (c1<t2)?1:0; \
900
+ c0 += t0; t1 += (c0<t0)?1:0; \
901
+ c1 += t1; c2 += (c1<t1)?1:0; \
902
}
903
904
#define sqr_add_c(a,i,c0,c1,c2) { \
905
Index: openssl-0.9.8k/crypto/bn/bntest.c
906
===================================================================
907
--- openssl-0.9.8k.orig/crypto/bn/bntest.c 2015-01-09 11:13:58.810255208 -0500
908
+++ openssl-0.9.8k/crypto/bn/bntest.c 2015-01-09 11:13:58.806255173 -0500
909
@@ -676,44 +676,98 @@
910
911
int test_sqr(BIO *bp, BN_CTX *ctx)
912
{
913
- BIGNUM a,c,d,e;
914
- int i;
915
+ BIGNUM *a,*c,*d,*e;
916
+ int i, ret = 0;
917
918
- BN_init(&a);
919
- BN_init(&c);
920
- BN_init(&d);
921
- BN_init(&e);
922
+ a = BN_new();
923
+ c = BN_new();
924
+ d = BN_new();
925
+ e = BN_new();
926
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
927
+ {
928
+ goto err;
929
+ }
930
931
for (i=0; i<num0; i++)
932
{
933
- BN_bntest_rand(&a,40+i*10,0,0);
934
- a.neg=rand_neg();
935
- BN_sqr(&c,&a,ctx);
936
+ BN_bntest_rand(a,40+i*10,0,0);
937
+ a->neg=rand_neg();
938
+ BN_sqr(c,a,ctx);
939
if (bp != NULL)
940
{
941
if (!results)
942
{
943
- BN_print(bp,&a);
944
+ BN_print(bp,a);
945
BIO_puts(bp," * ");
946
- BN_print(bp,&a);
947
+ BN_print(bp,a);
948
BIO_puts(bp," - ");
949
}
950
- BN_print(bp,&c);
951
+ BN_print(bp,c);
952
BIO_puts(bp,"\n");
953
}
954
- BN_div(&d,&e,&c,&a,ctx);
955
- BN_sub(&d,&d,&a);
956
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
957
- {
958
- fprintf(stderr,"Square test failed!\n");
959
- return 0;
960
- }
961
- }
962
- BN_free(&a);
963
- BN_free(&c);
964
- BN_free(&d);
965
- BN_free(&e);
966
- return(1);
967
+ BN_div(d,e,c,a,ctx);
968
+ BN_sub(d,d,a);
969
+ if(!BN_is_zero(d) || !BN_is_zero(e))
970
+ {
971
+ fprintf(stderr,"Square test failed!\n");
972
+ goto err;
973
+ }
974
+ }
975
+
976
+ /* Regression test for a BN_sqr overflow bug. */
977
+ BN_hex2bn(&a,
978
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
979
+ BN_sqr(c, a, ctx);
980
+ if (bp != NULL)
981
+ {
982
+ if (!results)
983
+ {
984
+ BN_print(bp,a);
985
+ BIO_puts(bp," * ");
986
+ BN_print(bp,a);
987
+ BIO_puts(bp," - ");
988
+ }
989
+ BN_print(bp,c);
990
+ BIO_puts(bp,"\n");
991
+ }
992
+ BN_mul(d, a, a, ctx);
993
+ if (BN_cmp(c, d))
994
+ {
995
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
996
+ "different results!\n");
997
+ goto err;
998
+ }
999
+
1000
+ /* Regression test for a BN_sqr overflow bug. */
1001
+ BN_hex2bn(&a,
1002
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
1003
+ BN_sqr(c, a, ctx);
1004
+ if (bp != NULL)
1005
+ {
1006
+ if (!results)
1007
+ {
1008
+ BN_print(bp,a);
1009
+ BIO_puts(bp," * ");
1010
+ BN_print(bp,a);
1011
+ BIO_puts(bp," - ");
1012
+ }
1013
+ BN_print(bp,c);
1014
+ BIO_puts(bp,"\n");
1015
+ }
1016
+ BN_mul(d, a, a, ctx);
1017
+ if (BN_cmp(c, d))
1018
+ {
1019
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
1020
+ "different results!\n");
1021
+ goto err;
1022
+ }
1023
+ ret = 1;
1024
+err:
1025
+ if (a != NULL) BN_free(a);
1026
+ if (c != NULL) BN_free(c);
1027
+ if (d != NULL) BN_free(d);
1028
+ if (e != NULL) BN_free(e);
1029
+ return ret;
1030
}
1031
1032
int test_mont(BIO *bp, BN_CTX *ctx)
Loggerhead is a web-based interface for Breezy
Version: 2.0.1