18889686 problem in UTILITY/OPENSSL s11u1-sru 0.175.1.21.0.2.0 S11.1SRU21.2
authorRonald Jordan <ron.jordan@oracle.com>
Tue, 10 Jun 2014 04:08:50 -0700
branchs11u1-sru
changeset 3170 18a6de8a81bd
parent 3164 7648a39bf1b4
child 3176 bae881946d57
18889686 problem in UTILITY/OPENSSL 18889720 problem in UTILITY/OPENSSL 18889740 problem in UTILITY/OPENSSL 18889837 problem in UTILITY/OPENSSL 18889844 problem in UTILITY/OPENSSL 18889862 problem in UTILITY/OPENSSL 18924227 Upgrade OpenSSL to 1.0.0m 18924454 OpenSSL 1.0.0m upgrade requires removal of patch fix for CVE-2014-0076 18924292 Build failure caused by OpenSSL 1.0.0m upgrade
components/openssl/openssl-0.9.8-fips-140/Makefile
components/openssl/openssl-0.9.8-fips-140/patches/38-openssl-0.9.8za-include-limits.patch
components/openssl/openssl-1.0.0/Makefile
components/openssl/openssl-1.0.0/patches/37-cve-2014-0076.patch
components/openssl/openssl-1.0.0/patches/38-openssl-1.0.0m-include-limits.patch
--- a/components/openssl/openssl-0.9.8-fips-140/Makefile	Mon Jun 09 10:00:01 2014 -0700
+++ b/components/openssl/openssl-0.9.8-fips-140/Makefile	Tue Jun 10 04:08:50 2014 -0700
@@ -18,7 +18,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 #
 PARFAIT_BUILD=no
 
@@ -29,13 +29,13 @@
 COMPONENT_NAME =	openssl
 # Note that this is the OpenSSL version that is used to build FIPS-140 certified
 # libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION =	0.9.8y
+COMPONENT_VERSION =	0.9.8za
 IPS_COMPONENT_VERSION = 1.2
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3
+    sha256:cdcb98d0fbc026ca798b17919334310271d3a593554ffd6a59659b9222fd4e48
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 
 # Apply the patch on SPARC only. Must put this before including prep.mk as
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-0.9.8-fips-140/patches/38-openssl-0.9.8za-include-limits.patch	Tue Jun 10 04:08:50 2014 -0700
@@ -0,0 +1,13 @@
+Patch developed in-house.  This issue has been addressed upstream and this
+patch will need to be obsoleted upon the next OpenSSL 0.9.8 release.
+
+--- openssl-0.9.8za/ssl/s3_pkt.c.orig	Thu Jun  5 02:41:31 2014
++++ openssl-0.9.8za/ssl/s3_pkt.c	Thu Jun  5 06:42:42 2014
[email protected]@ -109,6 +109,7 @@
+  *
+  */
+
++#include <limits.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #define USE_SOCKETS
--- a/components/openssl/openssl-1.0.0/Makefile	Mon Jun 09 10:00:01 2014 -0700
+++ b/components/openssl/openssl-1.0.0/Makefile	Tue Jun 10 04:08:50 2014 -0700
@@ -28,15 +28,15 @@
 # When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. 
 # For more information about wanboot-openssl testing, please refer to
 # ../README.
-COMPONENT_VERSION =	1.0.0l
+COMPONENT_VERSION =	1.0.0m
 # Version for IPS. It is easier to do it manually than convert the letter to a
 # number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.0.12
+IPS_COMPONENT_VERSION = 1.0.0.13
 COMPONENT_PROJECT_URL=	http://www.openssl.org/
 COMPONENT_SRC =		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE =	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:2a072e67d9e3ae900548c43d7936305ba576025bd083d1e91ff14d68ded1fdec
+    sha256:224dbbfaee3ad7337665e24eab516c67446d5081379a40b2f623cf7801e672de
 COMPONENT_ARCHIVE_URL =	$(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
 
 # Architecture-specific patches
--- a/components/openssl/openssl-1.0.0/patches/37-cve-2014-0076.patch	Mon Jun 09 10:00:01 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,148 +0,0 @@
-Patch comes from upstream:
-  http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
-It will be obsoleted when openssl-1.0.0m is available.
-
---- openssl-1.0.0l/crypto/bn/bn.h.orig	Mon Jan  6 07:00:59 2014
-+++ openssl-1.0.0l/crypto/bn/bn.h		Fri Apr 18 13:03:57 2014
[email protected]@ -538,6 +538,8 @@
- BIGNUM *BN_mod_sqrt(BIGNUM *ret,
- 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
- 
-+void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-+
- /* Deprecated versions */
- #ifndef OPENSSL_NO_DEPRECATED
- BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
[email protected]@ -759,11 +761,20 @@
- 
- #define bn_fix_top(a)		bn_check_top(a)
- 
-+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-+#define bn_wcheck_size(bn, words) \
-+	do { \
-+		const BIGNUM *_bnum2 = (bn); \
-+		assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
-+	} while(0)
-+
- #else /* !BN_DEBUG */
- 
- #define bn_pollute(a)
- #define bn_check_top(a)
- #define bn_fix_top(a)		bn_correct_top(a)
-+#define bn_check_size(bn, bits)
-+#define bn_wcheck_size(bn, words)
- 
- #endif
- 
---- openssl-1.0.0l/crypto/bn/bn_lib.c.orig	Mon Jan  6 07:00:59 2014
-+++ openssl-1.0.0l/crypto/bn/bn_lib.c		Fri Apr 18 13:03:08 2014
[email protected]@ -843,3 +843,55 @@
- 		}
- 	return bn_cmp_words(a,b,cl);
- 	}
-+
-+/* 
-+ * Constant-time conditional swap of a and b.  
-+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
-+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
-+ * and that no more than nwords are used by either a or b.
-+ * a and b cannot be the same number
-+ */
-+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-+	{
-+	BN_ULONG t;
-+	int i;
-+
-+	bn_wcheck_size(a, nwords);
-+	bn_wcheck_size(b, nwords);
-+
-+	assert(a != b);
-+	assert((condition & (condition - 1)) == 0);
-+	assert(sizeof(BN_ULONG) >= sizeof(int));
-+
-+	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-+
-+	t = (a->top^b->top) & condition;
-+	a->top ^= t;
-+	b->top ^= t;
-+
-+#define BN_CONSTTIME_SWAP(ind) \
-+	do { \
-+		t = (a->d[ind] ^ b->d[ind]) & condition; \
-+		a->d[ind] ^= t; \
-+		b->d[ind] ^= t; \
-+	} while (0)
-+
-+
-+	switch (nwords) {
-+	default:
-+		for (i = 10; i < nwords; i++) 
-+			BN_CONSTTIME_SWAP(i);
-+		/* Fallthrough */
-+	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-+	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-+	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-+	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-+	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-+	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-+	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-+	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-+	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-+	case 1: BN_CONSTTIME_SWAP(0);
-+	}
-+#undef BN_CONSTTIME_SWAP
-+}
---- openssl-1.0.0l/crypto/ec/ec2_mult.c.orig	Mon Jan  6 07:00:59 2014
-+++ openssl-1.0.0l/crypto/ec/ec2_mult.c	Fri Apr 18 13:00:28 2014
[email protected]@ -206,11 +206,15 @@
- 	return ret;
- 	}
- 
-+
- /* Computes scalar*point and stores the result in r.
-  * point can not equal r.
-- * Uses algorithm 2P of
-+ * Uses a modified algorithm 2P of
-  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
-  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
-+ *
-+ * To protect against side-channel attack the function uses constant time swap,
-+ * avoiding conditional branches.
-  */
- static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- 	const EC_POINT *point, BN_CTX *ctx)
[email protected]@ -244,6 +248,11 @@
- 	x2 = &r->X;
- 	z2 = &r->Y;
- 
-+	bn_wexpand(x1, group->field.top);
-+	bn_wexpand(z1, group->field.top);
-+	bn_wexpand(x2, group->field.top);
-+	bn_wexpand(z2, group->field.top);
-+
- 	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
- 	if (!BN_one(z1)) goto err; /* z1 = 1 */
- 	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
[email protected]@ -268,16 +277,12 @@
- 		word = scalar->d[i];
- 		while (mask)
- 			{
--			if (word & mask)
--				{
--				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
--				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
--				}
--			else
--				{
--				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
--				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
--				}
-+			BN_consttime_swap(word & mask, x1, x2, group->field.top);
-+			BN_consttime_swap(word & mask, z1, z2, group->field.top);
-+			if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-+			if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-+			BN_consttime_swap(word & mask, x1, x2, group->field.top);
-+			BN_consttime_swap(word & mask, z1, z2, group->field.top);
- 			mask >>= 1;
- 			}
- 		mask = BN_TBIT;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.0/patches/38-openssl-1.0.0m-include-limits.patch	Tue Jun 10 04:08:50 2014 -0700
@@ -0,0 +1,13 @@
+Patch developed in-house.  This issue has been addressed upstream and this
+patch will need to be obsoleted upon the next OpenSSL 1.0.0 release.
+
+--- openssl-1.0.0m/ssl/s3_pkt.c.orig	Thu Jun  5 02:41:31 2014
++++ openssl-1.0.0m/ssl/s3_pkt.c	Thu Jun  5 06:42:42 2014
[email protected]@ -109,6 +109,7 @@
+  *
+  */
+
++#include <limits.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #define USE_SOCKETS