List Info

Thread: OpenSSL: openssl-web/news/ patch-CVE-2007-3108.txt
OpenSSL: openssl-web/news/ patch-CVE-2007-3108.txt
country flaguser name
Germany		 2007-08-02 04:35:48 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Mark J.
Cox
  Root:   /v/openssl/cvs                   Email:  markopenssl.org
  Module: openssl-web                      Date:  
02-Aug-2007 11:35:48
  Branch: HEAD                             Handle:
2007080210354800

  Added files:
    openssl-web/news        patch-CVE-2007-3108.txt

  Log:
    Rather than point to svn where we have to have a couple
of entries,
    use the cumulative 0.9.8 patch from Andy Polyakov

  Summary:
    Revision    Changes     Path
    1.1         +126 -0    
openssl-web/news/patch-CVE-2007-3108.txt
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl-web/news/patch-CVE-2007-3108.txt
 
============================================================
================
  $ cvs diff -u -r0 -r1.1 patch-CVE-2007-3108.txt
  --- /dev/null	2007-08-02 11:33:00 +0200
  +++ patch-CVE-2007-3108.txt	2007-08-02 11:35:48 +0200
   -0,0 +1,126 
  +-----BEGIN PGP SIGNED MESSAGE-----
  +Hash: SHA1
  +
  +- --- openssl-0.9.8e/crypto/bn/bn_mont.c	2006-06-16
03:01:14.000000000 +0200
  ++++ openssl-0.9.8-cvs/crypto/bn/bn_mont.c	2007-06-29
10:13:25.000000000 +0200
  + -176,7 +176,6 
  + 
  + 	max=(nl+al+1); /* allow for overflow (no?) XXX */
  + 	if (bn_wexpand(r,max) == NULL) goto err;
  +- -	if (bn_wexpand(ret,max) == NULL) goto err;
  + 
  + 	r->neg=a->neg^n->neg;
  + 	np=n->d;
  + -228,19 +227,70 
  + 		}
  + 	bn_correct_top(r);
  + 	
  +- -	/* mont->ri will be a multiple of the word size
*/
  +- -#if 0
  +- -	BN_rshift(ret,r,mont->ri);
  +- -#else
  +- -	ret->neg = r->neg;
  +- -	x=ri;
  ++	/* mont->ri will be a multiple of the word size and
below code
  ++	 * is kind of BN_rshift(ret,r,mont->ri) equivalent
*/
  ++	if (r->top <= ri)
  ++		{
  ++		ret->top=0;
  ++		retn=1;
  ++		goto err;
  ++		}
  ++	al=r->top-ri;
  ++
  ++# define BRANCH_FREE 1
  ++# if BRANCH_FREE
  ++	if (bn_wexpand(ret,ri) == NULL) goto err;
  ++	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
  ++	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
  ++	ret->neg=r->neg;
  ++
  + 	rp=ret->d;
  +- -	ap= &(r->d[x]);
  +- -	if (r->top < x)
  +- -		al=0;
  +- -	else
  +- -		al=r->top-x;
  ++	ap=&(r->d[ri]);
  ++
  ++	{
  ++	size_t m1,m2;
  ++
  ++	v=bn_sub_words(rp,ap,np,ri);
  ++	/* this ----------------^^ works even in al<ri case
  ++	 * thanks to zealous zeroing of top of the vector in
the
  ++	 * beginning. */
  ++
  ++	/* if (al==ri && !v) || al>ri) nrp=rp; else
nrp=ap; */
  ++	/* in other words if subtraction result is real, then
  ++	 * trick unconditional memcpy below to perform
in-place
  ++	 * "refresh" instead of actual copy. */
 
++	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/
* al<ri */
 
++	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/
* al>ri */
  ++	m1|=m2;			/* (al!=ri) */
  ++	m1|=(0-(size_t)v);	/* (al!=ri || v) */
  ++	m1&=~m2;		/* (al!=ri || v) && !al>ri */
  ++	nrp=(BN_ULONG
*)(((size_t)rp&~m1)|((size_t)ap&m1));
  ++	}
  ++
  ++	/* 'i<ri' is chosen to eliminate dependency on input
data, even
  ++	 * though it results in redundant copy in al<ri
case. */
  ++	for (i=0,ri-=4; i<ri; i+=4)
  ++		{
  ++		BN_ULONG t1,t2,t3,t4;
  ++		
  ++		t1=nrp[i+0];
  ++		t2=nrp[i+1];
  ++		t3=nrp[i+2];	ap[i+0]=0;
  ++		t4=nrp[i+3];	ap[i+1]=0;
  ++		rp[i+0]=t1;	ap[i+2]=0;
  ++		rp[i+1]=t2;	ap[i+3]=0;
  ++		rp[i+2]=t3;
  ++		rp[i+3]=t4;
  ++		}
  ++	for (ri+=4; i<ri; i++)
  ++		rp[i]=nrp[i], ap[i]=0;
  ++# else
  ++	if (bn_wexpand(ret,al) == NULL) goto err;
  + 	ret->top=al;
  ++	ret->neg=r->neg;
  ++
  ++	rp=ret->d;
  ++	ap=&(r->d[ri]);
  + 	al-=4;
  + 	for (i=0; i<al; i+=4)
  + 		{
  + -258,7 +308,7 
  + 	al+=4;
  + 	for (; i<al; i++)
  + 		rp[i]=ap[i];
  +- -#endif
  ++# endif
  + #else /* !MONT_WORD */ 
  + 	BIGNUM *t1,*t2;
  + 
  + -278,10 +328,12 
  + 	if (!BN_rshift(ret,t2,mont->ri)) goto err;
  + #endif /* MONT_WORD */
  + 
  ++#if !defined(BRANCH_FREE) || BRANCH_FREE==0
  + 	if (BN_ucmp(ret, &(mont->N)) >= 0)
  + 		{
  + 		if (!BN_usub(ret,ret,&(mont->N))) goto err;
  + 		}
  ++#endif
  + 	retn=1;
  + 	bn_check_top(ret);
  +  err:
  +-----BEGIN PGP SIGNATURE-----
  +Version: GnuPG v1.4.5 (GNU/Linux)
  +
 
+iQCVAwUBRrGk++6tTP1JpWPZAQJbjwP/W/6mROtxOVU1gvvq/uFHCytNWHV
aJfKA
 
+7zh+v4OPQEIYekIBkEpNFgTJbHcyIZoyDNnwOetkRXvI4LDqvV1V5/pA5bz
rKqDj
 
+zv7Hj8R7DGqG8ad0Esf3l7SqqirI3curkIzm5/cALJBJxz/Pp7qyXNzzQgp
55UPz
  +iBDdynBpa+s=
  +=aquq
  +-----END PGP SIGNATURE-----
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )