--- openssl-0.9.8k.orig/Configure +++ openssl-0.9.8k/Configure @@ -1,4 +1,4 @@ -: +#!/usr/local/bin/perl eval 'exec perl -S $0 ${1+"$@"}' if $running_under_some_shell; ## --- openssl-0.9.8k.orig/Makefile +++ openssl-0.9.8k/Makefile @@ -11,11 +11,11 @@ SHLIB_VERSION_HISTORY= SHLIB_MAJOR=0 SHLIB_MINOR=9.8 -SHLIB_EXT= -PLATFORM=dist -OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic -CONFIGURE_ARGS=dist -SHLIB_TARGET= +SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +PLATFORM=debian-amd64 +OPTIONS=--prefix=/usr --openssldir=/usr/lib/ssl enable-zlib enable-tlsext no-camellia no-capieng no-cms no-gmp no-idea no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-sslv2 no-zlib-dynamic +CONFIGURE_ARGS=--prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext no-sslv2 debian-amd64 +SHLIB_TARGET=linux-shared # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -26,10 +26,10 @@ # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl +INSTALLTOP=/usr # Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl +OPENSSLDIR=/usr/lib/ssl # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm @@ -59,11 +59,11 @@ # equal 4. # PKCS1_CHECK - pkcs1 tests. -CC= cc -CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED +CC= gcc +CFLAG= -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM +DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_IDEA -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_SSLV2 PEX_LIBS= -EX_LIBS= +EX_LIBS= -ldl -Wl,-Bsymbolic-functions -lz EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r @@ -72,7 +72,7 @@ PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend +MAKEDEPPROG= gcc # We let the C compiler driver to take care of .s files. This is done in # order to be excused from maintaining a separate set of architecture @@ -87,16 +87,16 @@ PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= -BN_ASM= bn_asm.o +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o DES_ENC= des_enc.o fcrypt_b.o -AES_ASM_OBJ= aes_core.o aes_cbc.o +AES_ASM_OBJ= aes-x86_64.o aesni-x86_64.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o rc4_skey.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o RMD160_ASM_OBJ= # KRB5 stuff @@ -133,14 +133,14 @@ BASEADDR=0xFB00000 -DIRS= crypto ssl engines apps test tools +DIRS= crypto ssl engines apps tools SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ md2 md4 md5 sha hmac ripemd \ - des aes rc2 rc4 idea bf cast \ + des aes rc2 rc4 bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -154,10 +154,11 @@ MAKEFILE= Makefile -MANDIR=$(OPENSSLDIR)/man +MANDIR=/usr/share/man MAN1=1 MAN3=3 -MANSUFFIX= +MANSUFFIX=ssl +MANSECTION=SSL SHELL=/bin/sh TOP= . @@ -169,8 +170,8 @@ SHARED_SSL=libssl$(SHLIB_EXT) SHARED_FIPS= SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= +SHARED_LIBS_LINK_EXTS=.so +SHARED_LDFLAGS=-m64 -Wl,--version-script=openssl.ld GENERAL= Makefile BASENAME= openssl @@ -445,7 +446,8 @@ echo 'Description: OpenSSL cryptography library'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lcrypto'; \ + echo 'Libs.private: $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc libssl.pc: Makefile @@ -458,7 +460,8 @@ echo 'Description: Secure Sockets Layer and cryptography libraries'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl'; \ + echo 'Libs.private: -lcrypto $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc openssl.pc: Makefile @@ -471,7 +474,8 @@ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ + echo 'Libs.private: $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc Makefile: Makefile.org Configure config @@ -618,7 +622,7 @@ install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ @@ -696,7 +700,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ @@ -713,7 +717,7 @@ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ - --section=$$sec --center=OpenSSL \ + --section=$${sec}$(MANSECTION) --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ --- openssl-0.9.8k.orig/crypto/x86cpuid.pl +++ openssl-0.9.8k/crypto/x86cpuid.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl push(@INC,"perlasm"); require "x86asm.pl"; --- openssl-0.9.8k.orig/crypto/ppccpuid.pl +++ openssl-0.9.8k/crypto/ppccpuid.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl $flavour = shift; --- openssl-0.9.8k.orig/crypto/x86_64cpuid.pl +++ openssl-0.9.8k/crypto/x86_64cpuid.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl $output=shift; $masm=1 if ($output =~ /\.asm/); --- openssl-0.9.8k.orig/crypto/opensslconf.h +++ openssl-0.9.8k/crypto/opensslconf.h @@ -17,6 +17,9 @@ #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif +#ifndef OPENSSL_NO_IDEA +# define OPENSSL_NO_IDEA +#endif #ifndef OPENSSL_NO_JPAKE # define OPENSSL_NO_JPAKE #endif @@ -35,9 +38,15 @@ #ifndef OPENSSL_NO_SEED # define OPENSSL_NO_SEED #endif +#ifndef OPENSSL_NO_SSLV2 +# define OPENSSL_NO_SSLV2 +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif #ifndef OPENSSL_NO_DYNAMIC_ENGINE # define OPENSSL_NO_DYNAMIC_ENGINE #endif @@ -59,6 +68,9 @@ # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif +# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA) +# define NO_IDEA +# endif # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) # define NO_JPAKE # endif @@ -77,8 +89,13 @@ # if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) # define NO_SEED # endif +# if defined(OPENSSL_NO_SSLV2) && !defined(NO_SSLV2) +# define NO_SSLV2 +# endif #endif +#define OPENSSL_CPUID_OBJ + /* crypto/opensslconf.h.in */ #ifdef OPENSSL_DOING_MAKEDEPEND @@ -101,8 +118,8 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/ssl/lib/engines" -#define OPENSSLDIR "/usr/local/ssl" +#define ENGINESDIR "/usr/lib/ssl/engines" +#define OPENSSLDIR "/usr/lib/ssl" #endif #endif @@ -133,14 +150,14 @@ * - Intel P6 because partial register stalls are very expensive; * - elder Alpha because it lacks byte load/store instructions; */ -#define RC4_INT unsigned int +#define RC4_INT unsigned char #endif #if !defined(RC4_CHUNK) /* * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif @@ -148,7 +165,7 @@ /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG -#define DES_LONG unsigned long +#define DES_LONG unsigned int #endif #endif @@ -162,9 +179,9 @@ /* The prime number generation stuff may not work when * EIGHT_BIT but I don't care since I've only used this mode * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG +#define SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT +#undef THIRTY_TWO_BIT #undef SIXTEEN_BIT #undef EIGHT_BIT #endif @@ -178,7 +195,7 @@ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) #define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR +#define BF_PTR2 #endif /* HEADER_BF_LOCL_H */ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) @@ -208,7 +225,7 @@ /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL -#undef DES_UNROLL +#define DES_UNROLL #endif /* These default values were supplied by --- openssl-0.9.8k.orig/crypto/rc4/asm/rc4-x86_64.pl +++ openssl-0.9.8k/crypto/rc4/asm/rc4-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/asn1/charmap.pl +++ openssl-0.9.8k/crypto/asn1/charmap.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl use strict; --- openssl-0.9.8k.orig/crypto/bn/asm/sparcv9a-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/sparcv9a-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/sparcv9-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/sparcv9-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/x86-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/x86-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/mo-586.pl +++ openssl-0.9.8k/crypto/bn/asm/mo-586.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl) # from OpenSSL 0.9.9-dev --- openssl-0.9.8k.orig/crypto/bn/asm/ppc64-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/ppc64-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/alpha-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/alpha-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/x86_64-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/x86_64-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/ppc.pl +++ openssl-0.9.8k/crypto/bn/asm/ppc.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # Implemented as a Perl wrapper as we want to support several different # architectures with single file. We pick up the target based on the --- openssl-0.9.8k.orig/crypto/bn/asm/ppc-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/ppc-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/armv4-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/armv4-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/s390x-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/s390x-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/via-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/via-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/bn/asm/mips3-mont.pl +++ openssl-0.9.8k/crypto/bn/asm/mips3-mont.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/camellia/asm/cmll-x86.pl +++ openssl-0.9.8k/crypto/camellia/asm/cmll-x86.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Copyright (c) 2008 Andy Polyakov --- openssl-0.9.8k.orig/crypto/camellia/asm/cmll-x86_64.pl +++ openssl-0.9.8k/crypto/camellia/asm/cmll-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Copyright (c) 2008 Andy Polyakov --- openssl-0.9.8k.orig/crypto/md5/asm/md5-x86_64.pl +++ openssl-0.9.8k/crypto/md5/asm/md5-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/local/bin/perl # # MD5 optimized for AMD64. # --- openssl-0.9.8k.orig/crypto/sha/asm/sha1-ia64.pl +++ openssl-0.9.8k/crypto/sha/asm/sha1-ia64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/sha/asm/sha512-sse2.pl +++ openssl-0.9.8k/crypto/sha/asm/sha512-sse2.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/sha/asm/sha512-x86_64.pl +++ openssl-0.9.8k/crypto/sha/asm/sha512-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/sha/asm/sha1-x86_64.pl +++ openssl-0.9.8k/crypto/sha/asm/sha1-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/sha/asm/sha512-ia64.pl +++ openssl-0.9.8k/crypto/sha/asm/sha512-ia64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/sha/asm/sha1-586.pl +++ openssl-0.9.8k/crypto/sha/asm/sha1-586.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # [Re]written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-x86_64.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-x86_64.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-586.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-586.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-ppc.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-ppc.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-armv4.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-armv4.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-sparcv9.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-sparcv9.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/aes/asm/aes-s390x.pl +++ openssl-0.9.8k/crypto/aes/asm/aes-s390x.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # ==================================================================== # Written by Andy Polyakov for the OpenSSL --- openssl-0.9.8k.orig/crypto/perlasm/x86_64-xlate.pl +++ openssl-0.9.8k/crypto/perlasm/x86_64-xlate.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # Ascetic x86_64 AT&T to MASM assembler translator by . # --- openssl-0.9.8k.orig/Netware/do_tests.pl +++ openssl-0.9.8k/Netware/do_tests.pl @@ -1,4 +1,4 @@ -# perl script to run OpenSSL tests +#!/usr/local/bin/perl my $base_path = "\\openssl"; --- openssl-0.9.8k.orig/os2/backwardify.pl +++ openssl-0.9.8k/os2/backwardify.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/local/bin/perl use strict; # Use as $0 --- openssl-0.9.8k.orig/tools/c_rehash +++ openssl-0.9.8k/tools/c_rehash @@ -6,7 +6,7 @@ my $openssl; -my $dir = "/usr/local/ssl"; +my $dir = "/usr/lib/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; @@ -59,12 +59,15 @@ } } closedir DIR; - FILE: foreach $fname (grep {/\.pem$/} @flist) { + FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; + ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); @@ -102,6 +105,9 @@ my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; + if(!$hash || !fprint) { + ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`; + } chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; --- openssl-0.9.8k.orig/apps/CA.pl +++ openssl-0.9.8k/apps/CA.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl # # CA - wrapper around ca to make it easier to use ... basically ca requires # some setup stuff to be done before you can use it and this makes @@ -65,6 +65,7 @@ foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate @@ -165,6 +166,7 @@ } else { print STDERR "Unknown arg $_\n"; print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 1; } } --- openssl-0.9.8k.orig/ms/segrenam.pl +++ openssl-0.9.8k/ms/segrenam.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl my $quiet = 1; --- openssl-0.9.8k.orig/ms/uplink.pl +++ openssl-0.9.8k/ms/uplink.pl @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/local/bin/perl # # For Microsoft CL this is implemented as inline assembler. So that # even though this script can generate even Win32 code, we'll be --- openssl-0.9.8k.orig/fips/fipsalgtest.pl +++ openssl-0.9.8k/fips/fipsalgtest.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/local/bin/perl # Perl utility to run or verify FIPS 140-2 CMVP algorithm tests based on the # pathnames of input algorithm test files actually present (the unqualified # file names are consistent but the pathnames are not). --- openssl-0.9.8k.orig/fips/mkfipsscr.pl +++ openssl-0.9.8k/fips/mkfipsscr.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl # Quick & dirty utility to generate a script for executing the # FIPS 140-2 CMVP algorithm tests based on the pathnames of # input algorithm test files actually present (the unqualified --- openssl-0.9.8k.orig/test/cms-test.pl +++ openssl-0.9.8k/test/cms-test.pl @@ -1,4 +1,4 @@ -# test/cms-test.pl +#!/usr/local/bin/perl # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL # project. # --- openssl-0.9.8k.orig/test/cms-examples.pl +++ openssl-0.9.8k/test/cms-examples.pl @@ -1,4 +1,4 @@ -# test/cms-examples.pl +#!/usr/local/bin/perl # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL # project. # --- openssl-0.9.8k.orig/util/mkerr.pl +++ openssl-0.9.8k/util/mkerr.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl my $config = "crypto/err/openssl.ec"; my $debug = 0; --- openssl-0.9.8k.orig/util/perlpath.pl +++ openssl-0.9.8k/util/perlpath.pl @@ -11,6 +11,10 @@ sub wanted { + if (/^\.pc/) { + $prune = 1; + return; + } return unless /\.pl$/ || /^[Cc]onfigur/; open(IN,"<$_") || die "unable to open $dir/$_:$!\n"; --- openssl-0.9.8k.orig/util/extract-section.pl +++ openssl-0.9.8k/util/extract-section.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl while() { if (/=for\s+comment\s+openssl_manual_section:(\S+)/) --- openssl-0.9.8k.orig/util/extract-names.pl +++ openssl-0.9.8k/util/extract-names.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl $/ = ""; # Eat a paragraph at once. while() { --- openssl-0.9.8k.orig/util/selftest.pl +++ openssl-0.9.8k/util/selftest.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl # # Run the test suite and generate a report # --- openssl-0.9.8k.orig/util/mkdef.pl +++ openssl-0.9.8k/util/mkdef.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl # # generate a .def file # --- openssl-0.9.8k.orig/util/clean-depend.pl +++ openssl-0.9.8k/util/clean-depend.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl # Clean the dependency list in a makefile of standard includes... # Written by Ben Laurie 19 Jan 1999 --- openssl-0.9.8k.orig/util/mkstack.pl +++ openssl-0.9.8k/util/mkstack.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl -w +#!/usr/local/bin/perl # This is a utility that searches out "DECLARE_STACK_OF()" # declarations in .h and .c files, and updates/creates/replaces --- openssl-0.9.8k.orig/util/mksdef.pl +++ openssl-0.9.8k/util/mksdef.pl @@ -1,4 +1,4 @@ - +#!/usr/local/bin/perl # Perl script to split libeay32.def into two distinct DEF files for use in # fipdso mode. It works out symbols in each case by running "link" command and # parsing the output to find the list of missing symbols then splitting --- openssl-0.9.8k.orig/util/pod2man.pl +++ openssl-0.9.8k/util/pod2man.pl @@ -1,4 +1,4 @@ -: #!/usr/bin/perl-5.005 +#!/usr/local/bin/perl eval 'exec /usr/bin/perl -S $0 ${1+"$@"}' if $running_under_some_shell; --- openssl-0.9.8k.orig/util/fipslink.pl +++ openssl-0.9.8k/util/fipslink.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl sub check_env { --- openssl-0.9.8k.orig/util/arx.pl +++ openssl-0.9.8k/util/arx.pl @@ -1,4 +1,4 @@ -#!/bin/perl +#!/usr/local/bin/perl # Simple perl script to wrap round "ar" program and exclude any # object files in the environment variable EXCL_OBJ --- openssl-0.9.8k.orig/util/pl/netware.pl +++ openssl-0.9.8k/util/pl/netware.pl @@ -1,4 +1,4 @@ -# Metrowerks Codewarrior or gcc / nlmconv for NetWare +#!/usr/local/bin/perl # $version_header = "crypto/opensslv.h"; --- openssl-0.9.8k.orig/debian/openssl.postinst +++ openssl-0.9.8k/debian/openssl.postinst @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if [ ! -e /usr/lib/ssl ] +then + echo Linking /usr/lib/ssl to /etc/ssl + ln -sf /etc/ssl /usr/lib/ssl +fi + +#DEBHELPER# --- openssl-0.9.8k.orig/debian/changelog +++ openssl-0.9.8k/debian/changelog @@ -0,0 +1,1783 @@ +openssl (0.9.8k-7ubuntu8.14) lucid-security; urgency=low + + * SECURITY UPDATE: denial of service via invalid OCSP key + - debian/patches/CVE-2013-0166.patch: properly handle NULL key in + crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. + - CVE-2013-0166 + * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack + - debian/patches/CVE-2013-0169.patch: massive code changes + - CVE-2013-0169 + + -- Marc Deslauriers Mon, 18 Feb 2013 15:23:14 -0500 + +openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low + + * SECURITY UPDATE: denial of service attack in DTLS implementation + - debian/patches/CVE_2012-2333.patch: guard for integer overflow + before skipping explicit IV + - CVE-2012-2333 + * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 + - debian/patches/CVE-2012-0884.patch: use a random key if RSA + decryption fails to avoid leaking timing information + - CVE-2012-0884 + * debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto + errors in PKCS7_decrypt and initialize tkeylen properly when + encrypting CMS messages. + + -- Steve Beattie Tue, 22 May 2012 16:11:28 -0700 + +openssl (0.9.8k-7ubuntu8.11) lucid-security; urgency=low + + * SECURITY UPDATE: incomplete fix for CVE-2012-2110 + - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow + and BUF_MEM_grow_clean is non-negative + - CVE-2012-2131 + * debian/patches/CVE-2012-2110b.patch: Use correct error code in + BUF_MEM_grow_clean() + + -- Jamie Strandboge Tue, 24 Apr 2012 08:32:06 -0500 + +openssl (0.9.8k-7ubuntu8.10) lucid-security; urgency=low + + * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken + headers + - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() + and mime_param_cmp() to not dereference the compared strings if either + is NULL + - CVE-2006-7250 + - CVE-2012-1165 + * SECURITY UPDATE: fix various overflows + - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, + crypto/buffer.c and crypto/mem.c to verify size of lengths + - CVE-2012-2110 + + -- Jamie Strandboge Thu, 19 Apr 2012 10:24:54 -0500 + +openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low + + * SECURITY UPDATE: ECDSA private key timing attack + - debian/patches/CVE-2011-1945.patch: compute with fixed scalar + length + - CVE-2011-1945 + * SECURITY UPDATE: ECDH ciphersuite denial of service + - debian/patches/CVE-2011-3210.patch: fix memory usage for thread + safety + - CVE-2011-3210 + * SECURITY UPDATE: DTLS plaintext recovery attack + - debian/patches/CVE-2011-4108.patch: perform all computations + before discarding messages + - CVE-2011-4108 + * SECURITY UPDATE: policy check double free vulnerability + - debian/patches/CVE-2011-4019.patch: only free domain policyin + one location + - CVE-2011-4019 + * SECURITY UPDATE: SSL 3.0 block padding exposure + - debian/patches/CVE-2011-4576.patch: clear bytes used for block + padding of SSL 3.0 records. + - CVE-2011-4576 + * SECURITY UPDATE: malformed RFC 3779 data denial of service attack + - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 + data from triggering an assertion failure + - CVE-2011-4577 + * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service + - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake + restart for SSL/TLS. + - CVE-2011-4619 + * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack + - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC + - CVE-2012-0050 + * debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests + * debian/libssl0.9.8.postinst: Only issue the reboot notification for + servers by testing that the X server is not running (LP: #244250) + + -- Steve Beattie Tue, 31 Jan 2012 01:41:34 -0800 + +openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low + + * SECURITY UPDATE: OCSP stapling vulnerability + - debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch: + stricter parsing of ClientHello message in ssl/t1_lib.c + - CVE-2011-0014 + * Forward TLS version interop patch + - debian/patches/openssl-forward-interop.patch + - Handle TLS versions 2.0 and later properly and correctly use + the highest version of TLS/SSL supported. Although TLS >= + 2.0 is some way off ancient servers have a habit of sticking + around for a while... + [Steve Henson] + + -- Steve Beattie Wed, 09 Feb 2011 16:47:44 -0800 + +openssl (0.9.8k-7ubuntu8.5) lucid-security; urgency=low + + * SECURITY UPDATE: ciphersuite downgrade vulnerability + - openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch: + disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c + and ssl/s3_srvr.c + - CVE-2010-4180 + + -- Steve Beattie Fri, 03 Dec 2010 11:31:43 -0800 + +openssl (0.9.8k-7ubuntu8.4) lucid-security; urgency=low + + * SECURITY UPDATE: TLS race condition leading to a buffer overflow and + possible code execution. (LP: #676243) + - patches/debian/openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch: + stricter NULL/not-NULL checking in ssl/t1_lib.c + - CVE-2010-3864 + + -- Steve Beattie Tue, 16 Nov 2010 15:03:28 -0800 + +openssl (0.9.8k-7ubuntu8.3) lucid-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution via + crafted private key with an invalid prime. + - debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing + it in ssl/s3_clnt.c. + - CVE-2010-2939 + + -- Marc Deslauriers Wed, 06 Oct 2010 16:54:34 -0400 + +openssl (0.9.8k-7ubuntu8.2) lucid-proposed; urgency=low + + * Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch + from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault + on engine initialisation (LP: #590639). + + -- Colin Watson Fri, 24 Sep 2010 12:25:28 +0100 + +openssl (0.9.8k-7ubuntu8.1) lucid-security; urgency=low + + * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759) + - debian/patches/CVE-2009-3555-RFC5746.patch: backport rfc5746 support + from openssl 0.9.8m. + - CVE-2009-3555 + + -- Marc Deslauriers Thu, 12 Aug 2010 08:30:03 -0400 + +openssl (0.9.8k-7ubuntu8) lucid; urgency=low + + * SECURITY UPDATE: denial of service and possible arbitrary code + execution via unchecked return values + - debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in + crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c, + engines/e_ubsec.c. + - CVE-2009-3245 + * SECURITY UPDATE: denial of service via "record of death" + - debian/patches/CVE-2010-0740.patch: only send back minor version + number in ssl/s3_pkt.c. + - CVE-2010-0740 + + -- Marc Deslauriers Tue, 30 Mar 2010 08:57:51 -0400 + +openssl (0.9.8k-7ubuntu7) lucid; urgency=low + + * debian/patches/dtls-compatibility.patch: backport dtls compatibility + code from 0.9.8m to fix interopability. (LP: #516318) + + -- Marc Deslauriers Fri, 26 Mar 2010 08:31:09 -0400 + +openssl (0.9.8k-7ubuntu6) lucid; urgency=low + + * Backport Intel AES-NI support from + http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518). + * Don't change perl #! paths under .pc. + + -- Colin Watson Mon, 01 Feb 2010 15:40:27 -0800 + +openssl (0.9.8k-7ubuntu5) lucid; urgency=low + + * SECURITY UPDATE: memory leak possible during state clean-up. + - Add CVE-2009-4355.patch, upstream fixes thanks to Debian. + + -- Kees Cook Fri, 22 Jan 2010 09:50:01 -0800 + +openssl (0.9.8k-7ubuntu4) lucid; urgency=low + + * Use host compiler when cross-building (patch from Neil Williams in + Debian #465248). + * Don't run 'make test' when cross-building. + * Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339). + + -- Colin Watson Tue, 05 Jan 2010 16:09:38 +0000 + +openssl (0.9.8k-7ubuntu3) lucid; urgency=low + + * debian/patches/disable-sslv2.patch: remove and apply inline to fix + FTBFS when patch won't revert during the build process. + + -- Marc Deslauriers Mon, 07 Dec 2009 21:00:47 -0500 + +openssl (0.9.8k-7ubuntu2) lucid; urgency=low + + * debian/patches/{disable-sslv2,Bsymbolic-functions}.patch: apply + Makefile sections inline as once the package is configured during the + build process, the patches wouldn't revert anymore, causing a FTBFS on + anything other than amd64. + + -- Marc Deslauriers Mon, 07 Dec 2009 19:52:15 -0500 + +openssl (0.9.8k-7ubuntu1) lucid; urgency=low + + * Merge from debian unstable, remaining changes (LP: #493392): + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + - Move runtime libraries to /lib, for the benefit of wpasupplicant + * Strip the patches out of the source into quilt patches + * Disable CVE-2009-3555.patch + + -- Nicolas Valcárcel Scerpella (Canonical) Sun, 06 Dec 2009 20:16:24 -0500 + +openssl (0.9.8k-7) unstable; urgency=low + + * Bump the shlibs to require 0.9.8k-1. The following symbols + to added between g and k: AES_wrap_key, AES_unwrap_key, + ASN1_TYPE_set1, ASN1_STRING_set0, asn1_output_data_fn, + SMIME_read_ASN1, BN_X931_generate_Xpq, BN_X931_derive_prime_ex, + BN_X931_generate_prime_ex, COMP_zlib_cleanup, CRYPTO_malloc_debug_init, + int_CRYPTO_set_do_dynlock_callback, CRYPTO_set_mem_info_functions, + CRYPTO_strdup, CRYPTO_dbg_push_info, CRYPTO_dbg_pop_info, + CRYPTO_dbg_remove_all_info, OPENSSL_isservice, OPENSSL_init, + ENGINE_set_load_ssl_client_cert_function, + ENGINE_get_ssl_client_cert_function, ENGINE_load_ssl_client_cert, + EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, + EVP_CIPHER_CTX_test_flags, HMAC_CTX_set_flags, OCSP_sendreq_new + OCSP_sendreq_nbio, OCSP_REQ_CTX_free, RSA_X931_derive_ex, + RSA_X931_generate_key_ex, X509_ALGOR_set0, X509_ALGOR_get0, + X509at_get0_data_by_OBJ, X509_get1_ocsp + + -- Kurt Roeckx Sat, 28 Nov 2009 14:34:26 +0100 + +openssl (0.9.8k-6) unstable; urgency=low + + * Disable SSL/TLS renegotiation (CVE-2009-3555) (Closes: #555829) + + -- Kurt Roeckx Thu, 12 Nov 2009 18:10:31 +0000 + +openssl (0.9.8k-5) unstable; urgency=low + + * Don't check self signed certificate signatures in X509_verify_cert() + (Closes: #541735) + + -- Kurt Roeckx Fri, 11 Sep 2009 15:42:32 +0200 + +openssl (0.9.8k-4) unstable; urgency=low + + * Split all the patches into a separate files + * Stop undefinging HZ, the issue on alpha should be fixed. + * Remove MD2 from digest algorithm table. (CVE-2009-2409) (Closes: #539899) + + -- Kurt Roeckx Tue, 11 Aug 2009 21:19:18 +0200 + +openssl (0.9.8k-3) unstable; urgency=low + + * Make rc4-x86_64 PIC. Based on patch from Petr Salinger (Closes: #532336) + * Add workaround for kfreebsd that can't see the different between + two pipes. Patch from Petr Salinger. + + -- Kurt Roeckx Sat, 13 Jun 2009 18:15:46 +0200 + +openssl (0.9.8k-2) unstable; urgency=low + + * Move libssl0.9.8-dbg to the debug section. + * Use the rc4 assembler on kfreebsd-amd64 (Closes: #532336) + * Split the line to generate md5-x86_64.s in the Makefile. This will + hopefully fix the build issue on kfreebsd that now outputs the file + to stdout instead of the file. + * Fix denial of service via an out-of-sequence DTLS handshake message + (CVE-2009-1387) (Closes: #532037) + + -- Kurt Roeckx Mon, 08 Jun 2009 19:05:56 +0200 + +openssl (0.9.8k-1) unstable; urgency=low + + * New upstream release + - 0.9.8i fixed denial of service via a DTLS ChangeCipherSpec packet + that occurs before ClientHello (CVE-2009-1386) + * Make aes-x86_64.pl use PIC. + * Fix security issues (Closes: #530400) + - "DTLS record buffer limitation bug." (CVE-2009-1377) + - "DTLS fragment handling" (CVE-2009-1378) + - "DTLS use after free" (CVE-2009-1379) + * Fixed Configure for hurd: use -mtune=i486 instead of -m486 + Patch by Marc Dequènes (Duck) (Closes: #530459) + * Add support for avr32 (Closes: #528648) + + -- Kurt Roeckx Sat, 16 May 2009 17:33:55 +0200 + +openssl (0.9.8g-16ubuntu3) karmic; urgency=low + + * SECURITY UPDATE: certificate spoofing via hash collisions from MD2 + design flaws. + - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest. + - crypto/x509/x509_vfy.c: skip signature check for self signed + certificates + - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 + - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 + - CVE-2009-2409 + + -- Marc Deslauriers Tue, 08 Sep 2009 14:59:05 -0400 + +openssl (0.9.8g-16ubuntu2) karmic; urgency=low + + * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by + Marc Deslauriers) + * SECURITY UPDATE: denial of service via memory consumption from large + number of future epoch DTLS records. + - crypto/pqueue.*: add new pqueue_size counter function. + - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100. + - http://cvs.openssl.org/chngview?cn=18187 + - CVE-2009-1377 + * SECURITY UPDATE: denial of service via memory consumption from + duplicate or invalid sequence numbers in DTLS records. + - ssl/d1_both.c: discard message if it's a duplicate or too far in the + future. + - http://marc.info/?l=openssl-dev&m=124263491424212&w=2 + - CVE-2009-1378 + * SECURITY UPDATE: denial of service or other impact via use-after-free + in dtls1_retrieve_buffered_fragment. + - ssl/d1_both.c: use temp frag_len instead of freed frag. + - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest + - CVE-2009-1379 + * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet + that occurs before ClientHello. + - ssl/s3_pkt.c: abort if s->session is NULL. + - ssl/{ssl.h,ssl_err.c}: add new error codes. + - http://cvs.openssl.org/chngview?cn=17369 + - CVE-2009-1386 + * SECURITY UPDATE: denial of service via an out-of-sequence DTLS + handshake message. + - ssl/d1_both.c: don't buffer fragments with no data. + - http://cvs.openssl.org/chngview?cn=17958 + - CVE-2009-1387 + + -- Jamie Strandboge Fri, 10 Jul 2009 14:44:47 -0500 + +openssl (0.9.8g-16ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Jamie Strandboge Thu, 14 May 2009 14:11:05 -0500 + +openssl (0.9.8g-16) unstable; urgency=high + + * Properly validate the length of an encoded BMPString and UniversalString + (CVE-2009-0590) (Closes: #522002) + + -- Kurt Roeckx Wed, 01 Apr 2009 22:04:53 +0200 + +openssl (0.9.8g-15ubuntu3) jaunty; urgency=low + + * SECURITY UPDATE: crash via invalid memory access when printing BMPString + or UniversalString with invalid length + - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h: + return error if invalid length + - CVE-2009-0590 + - http://www.openssl.org/news/secadv_20090325.txt + - patch from upstream CVS: + crypto/asn1/asn1.h:1.128.2.11->1.128.2.12 + crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5 + crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11 + + -- Jamie Strandboge Fri, 27 Mar 2009 08:23:35 -0500 + +openssl (0.9.8g-15ubuntu2) jaunty; urgency=low + + * Move runtime libraries to /lib, for the benefit of wpasupplicant + (LP: #44194). Leave symlinks behind in /usr/lib (except on the Hurd) + since we used to set an rpath there. + + -- Colin Watson Fri, 06 Mar 2009 12:48:52 +0000 + +openssl (0.9.8g-15ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: LP: #314984 + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Bhavani Shankar Thu, 08 Jan 2009 12:38:06 +0530 + +openssl (0.9.8g-15) unstable; urgency=low + + * Internal calls to didn't properly check for errors which + resulted in malformed DSA and ECDSA signatures being treated as + a good signature rather than as an error. (CVE-2008-5077) + * ipv6_from_asc() could write 1 byte longer than the buffer in case + the ipv6 address didn't have "::" part. (Closes: #506111) + + -- Kurt Roeckx Mon, 05 Jan 2009 21:14:31 +0100 + +openssl (0.9.8g-14ubuntu2) jaunty; urgency=low + + * SECURITY UPDATE: clients treat malformed signatures as good when verifying + server DSA and ECDSA certificates + - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c, + ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and + ssl/ssltest.c to properly check the return code of EVP_VerifyFinal() + - patch based on upstream patch for #2008-016 + - CVE-2008-5077 + + -- Jamie Strandboge Tue, 06 Jan 2009 00:44:19 -0600 + +openssl (0.9.8g-14ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - Link using -Bsymbolic-functions + - Add support for lpia + - Disable SSLv2 during compile + - Ship documentation in openssl-doc, suggested by the package. + - Use a different priority for libssl0.9.8/restart-services + depending on whether a desktop, or server dist-upgrade is being + performed. + - Display a system restart required notification bubble on libssl0.9.8 + upgrade. + - Replace duplicate files in the doc directory with symlinks. + + -- Scott James Remnant Tue, 11 Nov 2008 17:24:44 +0000 + +openssl (0.9.8g-14) unstable; urgency=low + + * Don't give the warning about security updates when upgrading + from etch since it doesn't have any known security problems. + * Automaticly use engines that succesfully initialised. Patch + from the 0.9.8h upstream version. (Closes: #502177) + + -- Kurt Roeckx Fri, 31 Oct 2008 22:45:14 +0100 + +openssl (0.9.8g-13) unstable; urgency=low + + * Fix a problem with tlsext preventing firefox 3 from connection. + Patch from upstream CVS and part of 0.9.8h. + (Closes: #492758) + + -- Kurt Roeckx Sun, 03 Aug 2008 19:47:10 +0200 + +openssl (0.9.8g-12) unstable; urgency=low + + * add the changelog of the 10.1 NMU to make bugtracking happy + + -- Christoph Martin Tue, 22 Jul 2008 14:58:26 +0200 + +openssl (0.9.8g-11) unstable; urgency=low + + [ Christoph Martin ] + * updated cs, gl, sv, ru, ro debconf translation (closes: #480926, #480967, + #482465, #484324, #488595) + * add Vcs-Svn header (closes: #481654) + * fix debian-kfreebsd-i386 build flags (closes: #482275) + * add stunnel4 to restart list (closes: #482111) + * include fixes from 10.1 NMU by Security team + - Fix double free in TLS server name extension which leads to a remote + denial of service (CVE-2008-0891; Closes: #483379). + - Fix denial of service if the 'Server Key exchange message' + is omitted from a TLS handshake which could lead to a client + crash (CVE-2008-1672; Closes: #483379). + This only works if openssl is compiled with enable-tlsext which is + done in Debian. + * fix some lintian warnings + * update to newest standards version + + -- Christoph Martin Thu, 17 Jul 2008 09:53:01 +0200 + +openssl (0.9.8g-10.1ubuntu2) intrepid; urgency=low + + * debian/rules: + - disable SSLv2 during compile + * debian/README.debian + - add note about disabled SSLv2 in Ubuntu + + -- Ante Karamatic Thu, 24 Jul 2008 12:47:09 +0200 + +openssl (0.9.8g-10.1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - display a system restart required notification bubble on libssl0.9.8 upgrade. + - ship documentation in new openssl-doc package. + - configure: add support for lpia. + - replace duplicate files in the doc directory with symlinks. + - link using -bsymbolic-functions. + - update maintainer as per spec. + + -- Luke Yelavich Tue, 10 Jun 2008 11:50:07 +1000 + +openssl (0.9.8g-10.1) unstable; urgency=high + + * Non-maintainer upload by the Security team. + * Fix denial of service if the 'Server Key exchange message' + is omitted from a TLS handshake which could lead to a client + crash (CVE-2008-1672; Closes: #483379). + This only works if openssl is compiled with enable-tlsext which is + done in Debian. + * Fix double free in TLS server name extension which leads to a remote + denial of service (CVE-2008-0891; Closes: #483379). + + -- Nico Golde Tue, 27 May 2008 11:13:44 +0200 + +openssl (0.9.8g-10ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - Display a system restart required notification bubble on libssl0.9.8 upgrade. + - Ship documentation in new openssl-doc package. + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + - Update maintainer as per spec. + + -- Luke Yelavich Mon, 12 May 2008 22:49:33 +1000 + +openssl (0.9.8g-10) unstable; urgency=low + + * undefine HZ so that the code falls back to sysconf(_SC_CLK_TCK) + to fix a build failure on alpha. + + -- Kurt Roeckx Thu, 08 May 2008 17:56:13 +0000 + +openssl (0.9.8g-9) unstable; urgency=high + + [ Christoph Martin ] + * Include updated debconf translations (closes: #473477, #461597, + #461880, #462011, #465517, #475439) + + [ Kurt Roeckx ] + * ssleay_rand_add() really needs to call MD_Update() for buf. + + -- Kurt Roeckx Wed, 07 May 2008 20:32:12 +0200 + +openssl (0.9.8g-8ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. + - Display a system restart required notification bubble on libssl0.9.8 upgrade. + - Ship documentation in new openssl-doc package. + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + - Update maintainer as per spec. + + -- Luke Yelavich Mon, 12 May 2008 10:09:20 +1000 + +openssl (0.9.8g-8) unstable; urgency=high + + * Don't add extentions to ssl v3 connections. It breaks with some + other software. (Closes: #471681) + + -- Kurt Roeckx Sun, 23 Mar 2008 17:50:04 +0000 + +openssl (0.9.8g-7) unstable; urgency=low + + * Upload to unstable. + + -- Kurt Roeckx Wed, 13 Feb 2008 22:22:29 +0000 + +openssl (0.9.8g-6) experimental; urgency=low + + * Bump shlibs. + + -- Kurt Roeckx Sat, 09 Feb 2008 15:42:22 +0100 + +openssl (0.9.8g-5) experimental; urgency=low + + * Enable tlsext. This changes the ABI, but should hopefully + not cause any problems. (Closes: #462596) + + -- Kurt Roeckx Sat, 09 Feb 2008 13:32:49 +0100 + +openssl (0.9.8g-4ubuntu3) hardy; urgency=low + + * Use a different priority for libssl0.9.8/restart-services depending on whether + a desktop, or server dist-upgrade is being performed. (LP: #91814) + * Display a system restart required notification bubble on libssl0.9.8 upgrade. + + -- Luke Yelavich Tue, 22 Apr 2008 10:50:53 +1000 + +openssl (0.9.8g-4ubuntu2) hardy; urgency=low + + * Ship documentation in new openssl-doc package, since it is very large and + not terribly useful for the casual desktop user. + + -- Martin Pitt Tue, 11 Mar 2008 22:52:28 +0100 + +openssl (0.9.8g-4ubuntu1) hardy; urgency=low + + * Merge from unstable; remaining changes: + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + - Link using -Bsymbolic-functions. + + -- Matthias Klose Tue, 29 Jan 2008 14:32:12 +0100 + +openssl (0.9.8g-4) unstable; urgency=low + + * Fix aes ige test speed not to overwrite it's buffer and + cause segfauls. Thanks to Tim Hudson (Closes: #459619) + * Mark some strings in the templates as non translatable. + Patch from Christian Perrier (Closes: #450418) + * Update Dutch debconf translation (Closes: #451290) + * Update French debconf translation (Closes: #451375) + * Update Catalan debconf translation (Closes: #452694) + * Update Basque debconf translation (Closes: #457285) + * Update Finnish debconf translation (Closes: #458261) + + -- Kurt Roeckx Wed, 16 Jan 2008 21:49:43 +0100 + +openssl (0.9.8g-3ubuntu1) hardy; urgency=low + + * Merge with Debian; remaining changes: + - Configure: Add support for lpia. + - Replace duplicate files in the doc directory with symlinks. + + -- Matthias Klose Wed, 05 Dec 2007 00:13:39 +0100 + +openssl (0.9.8g-3) unstable; urgency=low + + * aes-586.pl: push %ebx on the stack before we put some things on the + stack and call a function, giving AES_decrypt() wrong values to work + with. (Closes: #449200) + + -- Kurt Roeckx Sun, 04 Nov 2007 21:49:00 +0100 + +openssl (0.9.8g-2) unstable; urgency=low + + * Avoid text relocations on i386 caused by the assembler versions: + - x86unix.pl: Create a function_begin_B_static to create a + static/local assembler function. + - aes-586.pl: Use the function_begin_B_static for _x86_AES_decrypt + so that it doesn't get exported and doesn't have any (text) relocations. + - aes-586.pl: Set up ebx to point to the GOT and call AES_set_encrypt_key + via the PLT to avoid a relocation. + - x86unix.pl: Call the init function via the PLT, avoiding a relocation + in case of a PIC object. + - cbc.pl: Call functions via the PLT. + - desboth.pl: Call DES_encrypt2 via the PLT. + * CA.sh should use the v3_ca extention when called with -newca + (Closes: #428051) + * Use -Wa,--noexecstack for all arches in Debian. (Closes: #430583) + * Convert the failure message when services fail restart to a debconf + message. + * To restart a service, just restart, instead of stop and start. + Hopefully fixes #444946 + * Also remove igetest from the test dir in the clean target. + (Closes: #424362) + + -- Kurt Roeckx Sat, 03 Nov 2007 13:25:45 +0100 + +openssl (0.9.8g-1) unstable; urgency=low + + * New upstream release + - Fixes version number not to say it's a development version. + + -- Kurt Roeckx Sat, 20 Oct 2007 12:47:10 +0200 + +openssl (0.9.8f-1) unstable; urgency=low + + * New upstream release + - Fixes DTLS issues, also fixes CVE-2007-4995 (Closes: #335703, #439737) + - Proper inclusion of opensslconf.h in pq_compat.h (Closes: #408686) + - New function SSL_set_SSL_CTX: bump shlibs. + * Remove build dependency on gcc > 4.2 + * Remove the openssl preinst, it looks like a workaround + for a change in 0.9.2b where config files got moved. (Closes: #445095) + * Update debconf translations: + - Vietnamese (Closes: #426988) + - Danish (Closes: #426774) + - Slovak (Closes: #440723) + - Finnish (Closes: #444258) + + -- Kurt Roeckx Sat, 13 Oct 2007 00:47:22 +0200 + +openssl (0.9.8e-9) unstable; urgency=high + + * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). + (Closes: #444435) + * Add postgresql-8.2 to the list of services to check. + + -- Kurt Roeckx Fri, 28 Sep 2007 19:47:33 +0200 + +openssl (0.9.8e-8) unstable; urgency=low + + * Fix another case of the "if this code is reached, the program will abort" + (Closes: #429740) + * Temporary force to build with gcc >= 4.2 + + -- Kurt Roeckx Sun, 02 Sep 2007 18:12:11 +0200 + +openssl (0.9.8e-7) unstable; urgency=low + + * Fix problems with gcc-4.2 (Closes: #429740) + * Stop using -Bsymbolic to create the shared library. + * Make x86_64cpuid.pl use PIC. + + -- Kurt Roeckx Sun, 02 Sep 2007 16:15:18 +0200 + +openssl (0.9.8e-6) unstable; urgency=high + + * Add fix for CVE-2007-3108 (Closes: #438142) + + -- Kurt Roeckx Wed, 15 Aug 2007 19:49:54 +0200 + +openssl (0.9.8e-5ubuntu3) gutsy; urgency=low + + * Replace duplicate files in the doc directory with symlinks. + + -- Matthias Klose Thu, 04 Oct 2007 16:27:53 +0000 + +openssl (0.9.8e-5ubuntu2) gutsy; urgency=low + + [ Jamie Strandboge ] + * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in + buffer overflow + * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to + Stephan Hermann + * References: + CVE-2007-5135 + http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded + Fixes LP: #146269 + * Modify Maintainer value to match the DebianMaintainerField + specification. + + [ Kees Cook ] + * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. + * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. + * References + CVE-2007-3108 + + -- Kees Cook Fri, 28 Sep 2007 13:02:19 -0700 + +openssl (0.9.8e-5ubuntu1) gutsy; urgency=low + + * Configure: Add support for lpia. + * Explicitely build using gcc-4.1 (PR other/31359). + + -- Matthias Klose Tue, 31 Jul 2007 12:47:38 +0000 + +openssl (0.9.8e-5) unstable; urgency=low + + [ Christian Perrier ] + * Debconf templates proofread and slightly rewritten by + the debian-l10n-english team as part of the Smith Review Project. + Closes: #418584 + * Debconf templates translations: + - Arabic. Closes: #418669 + - Russian. Closes: #418670 + - Galician. Closes: #418671 + - Swedish. Closes: #418679 + - Korean. Closes: #418755 + - Czech. Closes: #418768 + - Basque. Closes: #418784 + - German. Closes: #418785 + - Traditional Chinese. Closes: #419915 + - Brazilian Portuguese. Closes: #419959 + - French. Closes: #420429 + - Italian. Closes: #420461 + - Japanese. Closes: #420482 + - Catalan. Closes: #420833 + - Dutch. Closes: #420925 + - Malayalam. Closes: #420986 + - Portuguese. Closes: #421032 + - Romanian. Closes: #421708 + + [ Kurt Roeckx ] + * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608) + * Updated Spanish debconf template. (Closes: #421336) + * Do the header changes, changing those defines into real functions, + and bump the shlibs to match. + * Update Japanese debconf translation. (Closes: #422270) + + -- Kurt Roeckx Tue, 15 May 2007 17:21:08 +0000 + +openssl (0.9.8e-4) unstable; urgency=low + + * openssl should depend on libssl0.9.8 0.9.8e-1 since it + uses some of the defines that changed to functions. + Other things build against libssl or libcrypto shouldn't + have this problem since they use the old headers. + (Closes: #414283) + + -- Kurt Roeckx Sat, 10 Mar 2007 17:11:46 +0000 + +openssl (0.9.8e-3) unstable; urgency=low + + * Add nagios-nrpe-server to the list of services to be checked + (Closes: #391188) + * EVP_CIPHER_CTX_key_length() should return the set key length in the + EVP_CIPHER_CTX structure which may not be the same as the underlying + cipher key length for variable length ciphers. + From upstream CVS. (Closes: #412979) + + -- Kurt Roeckx Sun, 4 Mar 2007 23:22:51 +0000 + +openssl (0.9.8e-2) unstable; urgency=low + + * Undo include changes that change defines into real functions, + but keep the new functions in the library. + + -- Kurt Roeckx Sun, 25 Feb 2007 19:19:19 +0000 + +openssl (0.9.8e-1) unstable; urgency=low + + * New upstream release + - Inludes security fixes for CVE-2006-2937, CVE-2006-2940, + CVE-2006-3738, CVE-2006-4343 (Closes: #408902) + - s_client now properly works with SMTP. Also added support + for IMAP. (closes: #221689) + - Load padlock modules (Closes: #345656, #368476) + * Add clamav-freshclam and clamav-daemon to the list of service that + need to be restarted. (Closes: #391191) + * Add armel support. Thanks to Guillem Jover + for the patch. (Closes: #407196) + * Add Portuguese translations. Thanks to Carlos Lisboa. (Closes: 408157) + * Add Norwegian translations. Thanks to Bjørn Steensrud + (Closes: #412326) + + -- Kurt Roeckx Sun, 25 Feb 2007 18:06:28 +0000 + +openssl (0.9.8c-4) unstable; urgency=low + + * Add German debconf translation. Thanks to + Johannes Starosta (Closes: #388108) + * Make c_rehash look for both .pem and .crt files. Also make it support + files in DER format. Patch by "Yauheni Kaliuta" + (Closes: #387089) + * Use & instead of && to check a flag in the X509 policy checking. + Patch from upstream cvs. (Closes: #397151) + * Also restart slapd for security updates (Closes: #400221) + * Add Romanian debconf translation. Thanks to + stan ioan-eugen (Closes: #393507) + + -- Kurt Roeckx Thu, 30 Nov 2006 20:57:46 +0000 + +openssl (0.9.8c-3) unstable; urgency=low + + * Fix patch for CVE-2006-2940, it left ctx unintiliased. + + -- Kurt Roeckx Mon, 2 Oct 2006 18:05:00 +0200 + +openssl (0.9.8c-2) unstable; urgency=high + + * Fix security vulnerabilities (CVE-2006-2937, CVE-2006-2940, + CVE-2006-3738, CVE-2006-4343). Urgency set to high. + + -- Kurt Roeckx Wed, 27 Sep 2006 21:24:55 +0000 + +openssl (0.9.8c-1) unstable; urgency=low + + * New upstream release + - block padding bug with compression now fixed upstream, using + their patch. + - Includes the RSA Signature Forgery (CVE-2006-4339) patch. + - New functions AES_bi_ige_encrypt and AES_ige_encrypt: + bumping shlibs to require 0.9.8c-1. + * Change the postinst script to check that ntp is installed instead + of ntp-refclock and ntp-simple. The binary is now in the ntp + package. + * Move the modified rand/md_rand.c file to the right place, + really fixing #363516. + * Add partimage-server conserver-server and tor to the list of service + to check for restart. Add workaround for openssh-server so it finds + the init script. (Closes: #386365, #386400, #386513) + * Add manpage for c_rehash. + Thanks to James Westby (Closes: #215618) + * Add Lithuanian debconf translation. + Thanks to Gintautas Miliauskas (Closes: #374364) + * Add m32r support. + Thanks to Kazuhiro Inaoka + (Closes: #378689) + + -- Kurt Roeckx Sun, 17 Sep 2006 14:47:59 +0000 + +openssl (0.9.8b-3) unstable; urgency=high + + * Fix RSA Signature Forgery (CVE-2006-4339) using patch provided + by upstream. + * Restart services using a smaller version that 0.9.8b-3, so + they get the fixed version. + * Change the postinst to check for postfix instead of postfix-tls. + + -- Kurt Roeckx Tue, 5 Sep 2006 18:26:10 +0000 + +openssl (0.9.8b-2) unstable; urgency=low + + * Don't call gcc with -mcpu on i386, we already use -march, so no need for + -mtune either. + * Always make all directories when building something: + - The engines directory didn't get build for the static directory, so + where missing in libcrypo.a + - The apps directory didn't always get build, so we didn't have an openssl + and a small part of the regression tests failed. + * Make the package fail to build if the regression tests fail. + + -- Kurt Roeckx Mon, 15 May 2006 16:00:58 +0000 + +openssl (0.9.8b-1) unstable; urgency=low + + * New upstream release + - New functions added (EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free), bump shlibs. + - CA.pl/CA.sh now calls openssl ca with -extensions v3_ca, setting CA:TRUE + instead of FALSE. + - CA.pl/CA.sh creates crlnumber now. (Closes: #347612) + * Run debconf-updatepo, which really already was in the 0.9.8a-8 version + as it was uploaded. + * Add Galician debconf translation. Patch from + Jacobo Tarrio (Closes: #361266) + * libssl0.9.8.postinst makes uses of bashisms (local variables) + so use #!/bin/bash + * libssl0.9.8.postinst: Call set -e after sourcing the debconf + script. + * libssl0.9.8.postinst: Change list of service that may need + to be restarted: + - Replace ssh by openssh-server + - Split postgresql in postgresql-7.4 postgresql-8.0 postgresql-8.1 + - Add: dovecot-common bind9 ntp-refclock ntp-simple openntpd clamcour + fetchmail ftpd-ssl proftpd proftpd-ldap proftpd-mysql proftpd-pgsql + * libssl0.9.8.postinst: The check to see if something was installed + wasn't working. + * libssl0.9.8.postinst: Add workaround to find the name of the init + script for proftpd and dovecot. + * libssl0.9.8.postinst: Use invoke-rc.d when it's available. + * Change Standards-Version to 3.7.0: + - Make use of invoke-rc.d + * Add comment to README.Debian that rc5, mdc2 and idea have been + disabled (since 0.9.6b-3) (Closes: #362754) + * Don't add uninitialised data to the random number generator. This stop + valgrind from giving error messages in unrelated code. + (Closes: #363516) + * Put the FAQ in the openssl docs. + * Add russian debconf translations from Yuriy Talakan + (Closes #367216) + + -- Kurt Roeckx Thu, 4 May 2006 20:40:03 +0200 + +openssl (0.9.8a-8) unstable; urgency=low + + * Call pod2man with the proper section. Section changed + from 1/3/5/7 to 1SSL/3SSL/5SSL/7SSL. The name of the files + already had the ssl in, the section didn't. The references + to other manpage is still wrong. + * Don't install the LICENSE file, it's already in the copyright file. + * Don't set an rpath on openssl to point to /usr/lib. + * Add support for kfreebsd-amd64. (Closes: #355277) + * Add udeb to the shlibs. Patch from Frans Pop + (Closes: #356908) + + -- Kurt Roeckx Sat, 11 Feb 2006 14:14:37 +0100 + +openssl (0.9.8a-7) unstable; urgency=high + + * Add italian debconf templates. Thanks to Luca Monducci. + (Closes: #350249) + * Change the debconf question to use version 0.9.8-3 + instead of 0.9.8-1, since that's the last version + with a security fix. + * Call conn_state() if the BIO is not in the BIO_CONN_S_OK state + (Closes: #352047). RC bug affecting testing, so urgency high. + + -- Kurt Roeckx Sat, 9 Feb 2006 19:07:56 +0100 + +openssl (0.9.8a-6) unstable; urgency=low + + * Remove empty postinst/preinst/prerm scripts. There is no need + to have empty ones, debhelper will add them when needed. + * Remove the static pic libraries. Nobody should be linking + it's shared libraries static to libssl or libcrypto. + This was added for opensc who now links to it shared. + * Do not assume that in case the sequence number is 0 and the + packet has an odd number of bytes that the other side has + the block padding bug, but try to check that it actually + has the bug. The wrong detection of this bug resulted + in an "decryption failed or bad record mac" error in case + both sides were using zlib compression. (Closes: #338006) + + -- Kurt Roeckx Mon, 21 Jan 2006 16:25:41 +0100 + +openssl (0.9.8a-5) unstable; urgency=low + + * Stop ssh from crashing randomly on sparc (Closes: #335912) + Patch from upstream cvs. + + -- Kurt Roeckx Tue, 13 Dec 2005 21:37:42 +0100 + +openssl (0.9.8a-4) unstable; urgency=low + + * Call dh_makeshlibs with the proper version instead of putting + it in shlibs.local, which doesn't seem to do anything. 0.9.8a-1 + added symbol versioning, so it should have bumped the shlibs. + (Closes: #338284) + * The openssl package had a duplicate dependency on libssl0.9.8, + only require the version as required by the shlibs. + * Make libssl-dev depend on zlib1g-dev, since it's now required for + static linking. (Closes: #338313) + * Generate .pc files that make use of Libs.private, so things only + link to the libraries they should when linking shared. + * Use -m64 instead of -bpowerpc64-linux on ppc64. (Closes: #335486) + * Make powerpc and ppc64 use the assembler version for bn. ppc64 + had the location in the string wrong, powerpc had it missing. + * Add includes for stddef to get size_t in md2.h, md4.h, md5.h, + ripemd.h and sha.h. (Closes: #333101) + * Run make test for each of the versions we build, make it + not fail the build process if an error is found. + * Add build dependency on bc for the regression tests. + + -- Kurt Roeckx Wed, 13 Nov 2005 16:01:05 +0100 + +openssl (0.9.8a-3) unstable; urgency=high + + * Link to libz instead of dynamicly loading it. It gets loaded + at the moment the library is initialised, so there is no point + in not linking to it. It's now failing in some cases since + it's not opened by it's soname, but by the symlink to it. + This should hopefully solve most of the bugs people have reported + since the move to libssl0.9.8. + (Closes: #334180, #336140, #335271) + * Urgency set to high because it fixes a grave bug affecting testing. + + -- Kurt Roeckx Tue, 1 Nov 2005 14:56:40 +0100 + +openssl (0.9.8a-2) unstable; urgency=low + + * Add Build-Dependency on m4, since sparc needs it to generate + it's assembler files. (Closes: #334542) + * Don't use rc4-x86_64.o on amd64 for now, it seems to be broken + and causes a segfault. (Closes: #334501, #334502) + + -- Kurt Roeckx Tue, 18 Oct 2005 19:05:53 +0200 + +openssl (0.9.8a-1) unstable; urgency=low + + Christoph Martin: + * fix asm entries for some architectures, fixing #332758 properly. + * add noexecstack option to i386 subarch + * include symbol versioning in Configure (closes: #330867) + * include debian-armeb arch (closes: #333579) + * include new upstream patches; includes some minor fixes + * fix dh_shlibdeps line, removing the redundant dependency on + libssl0.9.8 (closes: #332755) + * add swedish debconf template (closes: #330554) + + Kurt Roeckx: + * Also add noexecstack option for amd64, since it now has an + executable stack with the assembler fixes for amd64. + + -- Christoph Martin Mon, 17 Oct 2005 17:01:06 +0200 + +openssl (0.9.8-3) unstable; urgency=low + + * Apply security fix for CAN-2005-2969. (Closes: #333500) + * Change priority of -dbg package to extra. + + -- Kurt Roeckx Wed, 12 Oct 2005 22:38:58 +0200 + +openssl (0.9.8-2) unstable; urgency=low + + * Don't use arch specific assembler. Should fix build failure on + ia64, sparc and amd64. (Closes: #332758) + * Add myself to the uploaders. + + -- Kurt Roeckx Mon, 10 Oct 2005 19:22:36 +0200 + +openssl (0.9.8-1) unstable; urgency=low + + * New upstream release (closes: #311826) + + -- Christoph Martin Thu, 29 Sep 2005 14:20:04 +0200 + +openssl (0.9.7g-3) unstable; urgency=low + + * change Configure line for debian-freebsd-i386 to debian-kfreebsd-i386 + (closes: #327692) + * include -dbg version. That implies compiling with -g and without + -fomit-frame-pointer (closes: #293823, #153811) + + -- Christoph Martin Fri, 23 Sep 2005 13:51:57 +0200 + +openssl (0.9.7g-2) unstable; urgency=low + + * really include nl translation + * remove special ia64 code from rc4 code to make the abi compatible to + older 0.9.7 versions (closes: #310489, #309274) + * fix compile flag for debian-ppc64 (closes: #318750) + * small fix in libssl0.9.7.postinst (closes: #239956) + * fix pk7_mime.c to prevent garbled messages because of to early memory + free (closes: #310184) + * include vietnamese debconf translation (closes: #316689) + * make optimized i386 libraries have non executable stack (closes: + #321721) + * remove leftover files from ssleay + * move from dh_installmanpages to dh_installman + * change Maintainer to pkg-openssl-devel@lists.alioth.debian.org + + -- Christoph Martin Wed, 7 Sep 2005 15:32:54 +0200 + +openssl (0.9.7g-1) unstable; urgency=low + + * New upstream release + * Added support for proxy certificates according to RFC 3820. + Because they may be a security thread to unaware applications, + they must be explicitely allowed in run-time. See + docs/HOWTO/proxy_certificates.txt for further information. + * Prompt for pass phrases when appropriate for PKCS12 input format. + * Back-port of selected performance improvements from development + branch, as well as improved support for PowerPC platforms. + * Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + * Perform some character comparisons of different types in X509_NAME_cmp: + this is needed for some certificates that reencode DNs into UTF8Strings + (in violation of RFC3280) and can't or wont issue name rollover + certificates. + * corrected watchfile + * added upstream source url (closes: #292904) + * fix typo in CA.pl.1 (closes: #290271) + * change debian-powerpc64 to debian-ppc64 and adapt the configure + options to be the same like upstream (closes: #289841) + * include -signcert option in CA.pl usage + * compile with zlib-dynamic to use system zlib (closes: #289872) + + -- Christoph Martin Mon, 9 May 2005 23:32:03 +0200 + +openssl (0.9.7e-3) unstable; urgency=high + + * really fix der_chop. The fix from -1 was not really included (closes: + #281212) + * still fixes security problem CAN-2004-0975 etc. + - tempfile raise condition in der_chop + - Avoid a race condition when CRLs are checked in a multi threaded + environment. + + -- Christoph Martin Thu, 16 Dec 2004 18:41:29 +0100 + +openssl (0.9.7e-2) unstable; urgency=high + + * fix perl path in der_chop and c_rehash (closes: #281212) + * still fixes security problem CAN-2004-0975 etc. + - tempfile raise condition in der_chop + - Avoid a race condition when CRLs are checked in a multi threaded + environment. + + -- Christoph Martin Sun, 14 Nov 2004 20:16:21 +0100 + +openssl (0.9.7e-1) unstable; urgency=high + + * SECURITY UPDATE: fix insecure temporary file handling + * apps/der_chop: + - replaced $$-style creation of temporary files with + File::Temp::tempfile() + - removed unused temporary file name in do_certificate() + * References: + CAN-2004-0975 (closes: #278260) + * fix ASN1_STRING_to_UTF8 with UTF8 (closes: #260357) + * New upstream release with security fixes + - Avoid a race condition when CRLs are checked in a multi threaded + environment. + - Various fixes to s3_pkt.c so alerts are sent properly. + - Reduce the chances of duplicate issuer name and serial numbers (in + violation of RFC3280) using the OpenSSL certificate creation + utilities. + * depends openssl on perl-base instead of perl (closes: #280225) + * support powerpc64 in Configure (closes: #275224) + * include cs translation (closes: #273517) + * include nl translation (closes: #272479) + * Fix default dir of c_rehash (closes: #253126) + + -- Christoph Martin Fri, 12 Nov 2004 14:11:15 +0100 + +openssl (0.9.7d-5) unstable; urgency=low + + * Make S/MIME encrypt work again (backport from CVS) (closes: #241407, + #241386) + + -- Christoph Martin Mon, 26 Jul 2004 17:22:42 +0200 + +openssl (0.9.7d-4) unstable; urgency=low + + * add Catalan translation (closes: #248749) + * add Spanish translation (closes: #254561) + * include NMU fixes: see below + * decrease optimisation level for debian-arm to work around gcc bug + (closes: #253848) (thanks to Steve Langasek and Thom May) + * Add libcrypto0.9.7-udeb. (closes: #250010) (thanks to Bastian Blank) + * Add watchfile + + -- Christoph Martin Wed, 14 Jul 2004 14:31:02 +0200 + +openssl (0.9.7d-3) unstable; urgency=low + + * rename -pic.a libraries to _pic.a (closes: #250016) + + -- Christoph Martin Mon, 24 May 2004 17:02:29 +0200 + +openssl (0.9.7d-2) unstable; urgency=low + + * include PIC libs (libcrypto-pic.a and libssl-pic.a) to libssl-dev + (closes: #246928, #243999) + * add racoon to restart list (closes: #242652) + * add Brazilian, Japanese and Danish translations (closes: #242087, + #241830, #241705) + + -- Christoph Martin Tue, 11 May 2004 10:13:49 +0200 + +openssl (0.9.7d-1) unstable; urgency=high + + * new upstream + * fixes security holes (http://www.openssl.org/news/secadv_20040317.txt) + (closes: #238661) + * includes support for debian-amd64 (closes: #235551, #232310) + * fix typo in pem.pod (closes: #219873) + * fix typo in libssl0.9.7.templates (closes: #224690) + * openssl suggests ca-certificates (closes: #217180) + * change debconf template to gettext format (closes: #219013) + * include french debconf template (closes: #219014) + + -- Christoph Martin Thu, 18 Mar 2004 16:18:43 +0100 + +openssl (0.9.7c-5) unstable; urgency=low + + * include openssl.pc into libssl-dev (closes: #212545) + + -- Christoph Martin Thu, 16 Oct 2003 16:31:32 +0200 + +openssl (0.9.7c-4) unstable; urgency=low + + * change question to restart services to debconf (closes: #214840) + * stop using dh_undocumented (closes: #214831) + + -- Christoph Martin Fri, 10 Oct 2003 15:40:48 +0200 + +openssl (0.9.7c-3) unstable; urgency=low + + * fix POSIX conformance for head in libssl0.9.7.postinst (closes: + #214700) + + -- Christoph Martin Wed, 8 Oct 2003 14:02:38 +0200 + +openssl (0.9.7c-2) unstable; urgency=low + + * add filerc macro to libssl0.9.7.postinst (closes: #213906) + * restart spamassassins spamd on upgrade (closes: #214106) + * restart more services on upgrade + * fix EVP_BytesToKey manpage (closes: #213715) + + -- Christoph Martin Tue, 7 Oct 2003 15:01:32 +0200 + +openssl (0.9.7c-1) unstable; urgency=high + + * upstream security fix (closes: #213451) + - Fix various bugs revealed by running the NISCC test suite: + Stop out of bounds reads in the ASN1 code when presented with + invalid tags (CAN-2003-0543 and CAN-2003-0544). + Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). + If verify callback ignores invalid public key errors don't try to check + certificate signature with the NULL public key. + - In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + * more minor upstream bugfixes + * fix formatting in c_issuer (closes: #190026) + * fix Debian-FreeBSD support (closes: #200381) + * restart some services in postinst to make them use the new libraries + * remove duplicated openssl.1, crypto.3 and ssl.3 (closes: #198594) + + -- Christoph Martin Wed, 1 Oct 2003 08:54:27 +0200 + +openssl (0.9.7b-2) unstable; urgency=high + + * fix permission of /etc/ssl/private to 700 again + * change section of libssl-dev to libdevel + + -- Christoph Martin Wed, 23 Apr 2003 11:13:24 +0200 + +openssl (0.9.7b-1) unstable; urgency=high + + * upstream security fix + - Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131) + (closes: #189087) + - Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. (CAN-2003-0147) + - Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + for more details see the CHANGES file + + -- Christoph Martin Wed, 16 Apr 2003 10:32:57 +0200 + +openssl (0.9.7a-1) unstable; urgency=high + + * upstream Security fix + - In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + for more details see the CHANGES file + + -- Christoph Martin Fri, 21 Feb 2003 22:39:40 +0100 + +openssl (0.9.7-4) unstable; urgency=low + + * use DH_COMPAT=3 to build + * move i686 to i686/cmov to fix problems on Via C3. For that to work we + have to depend on the newest libc6 on i386 (closes: #177891) + * fix bug in ui_util.c (closes: #177615) + * fix typo in md5.h (closes: #178112) + + -- Christoph Martin Fri, 24 Jan 2003 10:22:56 +0100 + +openssl (0.9.7-3) unstable; urgency=low + + * enable build of ultrasparc code on non ultrasparc machines (closes: + #177024) + + -- Christoph Martin Fri, 17 Jan 2003 08:22:13 +0100 + +openssl (0.9.7-2) unstable; urgency=low + + * include changes between 0.9.6g-9 and -10 + * fix problem in build-process on i386 with libc6 version number + + -- Christoph Martin Mon, 13 Jan 2003 14:26:56 +0100 + +openssl (0.9.7-1) unstable; urgency=low + + * new upstream + * includes engine support + * a lot of bugfixes and enhancements, see the CHANGES file + * include AES encryption + * makes preview of certificate configurable (closes: #176059) + * fix x509 manpage (closes: #168070) + * fix declaration of ERR_load_PEM_string in pem.h (closes: #141360) + + -- Christoph Martin Sat, 11 Jan 2003 09:12:16 +0100 + +openssl (0.9.6g-10) unstable; urgency=low + + * fix problem in build-process on i386 with libc6 version number + (closes: #167096) + + -- Christoph Martin Mon, 4 Nov 2002 12:27:21 +0100 + +openssl (0.9.6g-9) unstable; urgency=low + + * fix typo in i386 libc6 depend (sigh) (closes: #163848) + + -- Christoph Martin Tue, 8 Oct 2002 23:29:20 +0200 + +openssl (0.9.6g-8) unstable; urgency=low + + * fix libc6 depends. Only needed for i386 (closes: #163701) + * remove SHLIB section for bsds from Configure (closes: #163585) + + -- Christoph Martin Tue, 8 Oct 2002 10:57:35 +0200 + +openssl (0.9.6g-7) unstable; urgency=low + + * enable i686 optimisation and depend on fixed glibc (closes: #163500) + * remove transition package ssleay + * include optimisation vor sparcv8 (closes: #139996) + * improve optimisation vor sparcv9 + + -- Christoph Martin Sun, 6 Oct 2002 14:07:12 +0200 + +openssl (0.9.6g-6) unstable; urgency=low + + * temporarily disable i686 optimisation (See bug in glibc #161788) + + -- Christoph Martin Sat, 21 Sep 2002 18:56:49 +0200 + +openssl (0.9.6g-5) unstable; urgency=low + + * i486 can use i586 assembler + * include set -xe in the for loops in the rules files to make it abort + on error (closes: #161768) + + -- Christoph Martin Sat, 21 Sep 2002 16:23:11 +0200 + +openssl (0.9.6g-4) unstable; urgency=low + + * fix optimization for alpha and sparc + * add optimization for i486 + + -- Christoph Martin Fri, 20 Sep 2002 22:36:19 +0200 + +openssl (0.9.6g-3) unstable; urgency=low + + * add optimized libraries for i586, i686, ev4, ev5 and v9 (closes: #139783) + + -- Christoph Martin Thu, 19 Sep 2002 18:33:04 +0200 + +openssl (0.9.6g-2) unstable; urgency=low + + * fix manpage names (closes: #156717, #156718, #156719, #156721) + + -- Christoph Martin Thu, 15 Aug 2002 11:26:37 +0200 + +openssl (0.9.6g-1) unstable; urgency=low + + * new upstream version + * Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). (closes: #155985, #156495) + * Fix ASN1 checks. Check for overflow by comparing with LONG_MAX + and get fix the header length calculation. + * include support for new sh* architectures (closes: #155117) + + -- Christoph Martin Wed, 14 Aug 2002 13:59:22 +0200 + +openssl (0.9.6e-1) unstable; urgency=high + + * fixes remote exploits (see DSA-136-1) + + -- Christoph Martin Tue, 30 Jul 2002 18:32:28 +0200 + +openssl (0.9.6d-1) unstable; urgency=low + + * new upstream (minor) version + * includes Configure lines for debian-*bsd-* (closes: #130413) + * fix wrong prototype for BN_pseudo_rand_range in BN_rand(3ssl) (closes: + #144586) + * fix typos in package description (closes: #141469) + * fix typo in SSL_CTX_set_cert_store manpage (closes: #135297) + + -- Christoph Martin Mon, 3 Jun 2002 19:42:10 +0200 + +openssl (0.9.6c-2) unstable; urgency=low + + * moved from non-US to main + + -- Christoph Martin Tue, 19 Mar 2002 14:48:39 +0100 + +openssl (0.9.6c-1) unstable; urgency=low + + * new upstream version with a lot of bugfixes + * remove directory /usr/include/openssl from openssl package (closes: + bug #121226) + * remove selfdepends from libssl0.9.6 + * link openssl binary shared again + + -- Christoph Martin Sat, 5 Jan 2002 19:04:31 +0100 + +openssl (0.9.6b-4) unstable; urgency=low + + * build with -D_REENTRANT for threads support on all architectures + (closes: #112329, #119239) + + -- Christoph Martin Sat, 24 Nov 2001 12:17:51 +0100 + +openssl (0.9.6b-3) unstable; urgency=low + + * disable idea, mdc2 and rc5 because they are not free (closes: #65368) + * ready to be moved from nonus to main + + -- Christoph Martin Wed, 21 Nov 2001 17:51:41 +0100 + +openssl (0.9.6b-2) unstable; urgency=high + + * fix definition of crypt in des.h (closes: #107533) + * fix descriptions (closes: #109503) + + -- Christoph Martin Mon, 17 Sep 2001 15:38:27 +0200 + +openssl (0.9.6b-1) unstable; urgency=medium + + * new upstream fixes some security issues (closes: #105835, #100146) + * added support for s390 (closes: #105681) + * added support for sh (closes: #100003) + * change priority of libssl096 to standard as ssh depends on it (closes: + #105440) + * don't optimize for i486 to support i386. (closes: #104127, #82194) + + -- Christoph Martin Fri, 20 Jul 2001 15:52:42 +0200 + +openssl (0.9.6a-3) unstable; urgency=medium + + * add perl-base to builddeps + * include static libraries in libssl-dev (closes: #93688) + + -- Christoph Martin Mon, 14 May 2001 20:16:06 +0200 + +openssl (0.9.6a-2) unstable; urgency=medium + + * change Architecture of ssleay from any to all (closes: #92913) + * depend libssl-dev on the exact same version of libssl0.9.6 (closes: + #88939) + * remove lib{crypto,ssl}.a from openssl (closes: #93666) + * rebuild with newer gcc to fix atexit problem (closes: #94036) + + -- Christoph Martin Wed, 2 May 2001 12:28:39 +0200 + +openssl (0.9.6a-1) unstable; urgency=medium + + * new upstream, fixes some security bugs (closes: #90584) + * fix typo in s_server manpage (closes: #89756) + + -- Christoph Martin Tue, 10 Apr 2001 12:13:11 +0200 + +openssl (0.9.6-2) unstable; urgency=low + + * policy: reorganisation of package names: libssl096 -> libssl0.9.6, + libssl096-dev -> libssl-dev (closes: #83426) + * libssl0.9.6 drops replaces libssl09 (Closes: #83425) + * install upstream CHANGES files (Closes: #83430) + * added support for hppa and ia64 (Closes: #88790) + * move man3 manpages to libssl-dev (Closes: #87546) + * fix formating problem in rand_add(1) (Closes: #87547) + * remove manpage duplicates (Closes: #87545, #74986) + * make package descriptions clearer (Closes: #83518, #83444) + * increase default emailAddress_max from 40 to 60 (Closes: #67238) + * removed RSAREF warning (Closes: #84122) + + -- Christoph Martin Thu, 8 Mar 2001 14:24:00 +0100 + +openssl (0.9.6-1) unstable; urgency=low + + * New upstream version (Thanks to Enrique Zanardi ) + (closes: #72388) + * Add support for debian-hurd (closes: #76032) + + -- Christoph Martin Mon, 13 Nov 2000 22:30:46 +0100 + +openssl (0.9.5a-5) unstable; urgency=low + + * move manpages in standard directories with section ssl (closes: + #72152, #69809) + + -- Christoph Martin Thu, 5 Oct 2000 19:56:20 +0200 + +openssl (0.9.5a-4) unstable; urgency=low + + * include edg_rand_bytes patch from and for apache-ssl + + -- Christoph Martin Sat, 23 Sep 2000 16:48:06 +0200 + +openssl (0.9.5a-3) unstable; urgency=low + + * fix call to dh_makeshlibs to create correct shlibs file and make + dependend programs link correctly (closes: Bug#61658) + * include a note in README.debian concerning the location of the + subcommand manpages (closes: Bug#69809) + + -- Christoph Martin Sat, 16 Sep 2000 19:10:50 +0200 + +openssl (0.9.5a-2) unstable; urgency=low + + * try to fix the sharedlib problem. change soname of library + (closes: Bug#4622, #66102, #66538, #66123) + + -- Christoph Martin Wed, 12 Jul 2000 03:26:30 +0200 + +openssl (0.9.5a-1) unstable; urgency=low + + * new upstream version (major changes see file NEWS) (closes: Bug#63976, + #65239, #65358) + * new library package libssl095a because of probably changed library + interface (closes: Bug#46222) + * added architecture mips and mipsel (closes: Bug#62437, #60366) + * provide shlibs.local file in build to help build if libraries are not + yet installed (closes: Bug#63984) + + -- Christoph Martin Sun, 11 Jun 2000 15:17:35 +0200 + +openssl (0.9.4-5) frozen unstable; urgency=medium + + * cleanup of move of doc directories to /usr/share/doc (closes: + Bug#56430) + * lintian issues (closes: Bug#49358) + * move demos from openssl to libssl09-dev (closes: Bug#59201) + * move to debhelpers + + -- Christoph Martin Sat, 11 Mar 2000 10:38:04 +0100 + +openssl (0.9.4-4) unstable; urgency=medium + + * Added 'debian-arm' in 'Configure'. (closes: Bug#54251, #54766) + * Fixed Configure for 'debian-m68k' (closes: Bug#53636) + + -- Christoph Martin Sat, 15 Jan 2000 13:16:18 +0100 + +openssl (0.9.4-3) unstable; urgency=low + + * define symbol SSLeay_add_ssl_algorithms for backward compatibility + (closes: Bug#46882) + * remove manpages from /usr/doc/openssl (closes: Bug#46791) + + -- Christoph Martin Thu, 14 Oct 1999 16:51:08 +0200 + +openssl (0.9.4-2) unstable; urgency=low + + * include some more docu in pod format (Bug #43933) + * removed -mv8 from sparc flags (Bug #44769) + + -- Christoph Martin Tue, 14 Sep 1999 22:04:06 +0200 + +openssl (0.9.4-1) unstable; urgency=low + + * new upstream version (Closes: #42926) + + -- Christoph Martin Sat, 28 Aug 1999 17:04:23 +0200 + +openssl (0.9.3a-1) unstable; urgency=low + + * new upstream version (Bug #38345, #38627) + * sparc is big-endian (Bug #39973) + + -- Christoph Martin Wed, 7 Jul 1999 16:03:37 +0200 + +openssl (0.9.2b-3) unstable; urgency=low + + * correct move conffiles to /etc/ssl (Bug #38570) + + -- Christoph Martin Mon, 31 May 1999 21:08:07 +0200 + +openssl (0.9.2b-2) unstable; urgency=low + + * added convenience package ssleay to help upgrade to openssl (Bug + #37185, #37623, #36326) + * added some missing dependencies from libssl09 (Bug #36681, #35867, + #36326) + * move lib*.so to libssl09-dev (Bug #36761) + * corrected version numbers of library files + * introduce link from /usr/lib/ssl to /etc/ssl (Bug #36710) + + -- Christoph Martin Sun, 23 May 1999 14:57:48 +0200 + +openssl (0.9.2b-1) unstable; urgency=medium + + * First openssl version + + -- Christoph Martin Wed, 31 Mar 1999 15:54:26 +0200 + +ssleay (0.9.0b-2) unstable; urgency=low + + * Include message about the (not)usage of RSAREF (#24409) + * Move configfiles from /usr/lib/ssl to /etc/ssl (#26406) + * Change definitions for sparc (#26487) + * Added missing dependency (#28591) + * Make debian/libtool executable (#29708) + * /etc/ssl/lib/ssleay.cnf is now a confile (#32624) + + -- Christoph Martin Sun, 21 Mar 1999 19:41:04 +0100 + +ssleay (0.9.0b-1) unstable; urgency=low + + * new upstream version (Bug #21227, #25971) + * build shared libraries with -fPIC (Bug #20027) + * support sparc architecture (Bug #28467) + + -- Christoph Martin Tue, 13 Oct 1998 10:20:13 +0200 + +ssleay (0.8.1-7) frozen unstable; urgency=high + + * security fix patch to 0.8.1b (bug #24022) + + -- Christoph Martin Mon, 6 Jul 1998 15:42:15 +0200 + +ssleay (0.8.1-6) frozen unstable; urgency=low + + * second try to fix bug #15235 (copyright was still missing) + + -- Christoph Martin Mon, 22 Jun 1998 08:56:27 +0200 + +ssleay (0.8.1-5) frozen unstable; urgency=high + + * changed /dev/random to /dev/urandom (Bug #23169, #17817) + * copyright contains now the full licence (Bug #15235) + * fixed bug #19410 (md5sums-lists-nonexisting-file) + * added demos to /usr/doc (Bug #17372) + * fixed type in package description (Bug #18969) + * fixed bug in adding documentation (Bug #21463) + * added patch for support of debian-powerpc (Bug #21579) + + -- Christoph Martin Thu, 18 Jun 1998 23:09:13 +0200 + +ssleay (0.8.1-4) unstable; urgency=low + + * purged dependency from libc5 + + -- Christoph Martin Tue, 11 Nov 1997 15:31:50 +0100 + +ssleay (0.8.1-3) unstable; urgency=low + + * changed packagename libssl to libssl08 to get better dependancies + + -- Christoph Martin Fri, 7 Nov 1997 14:23:17 +0100 + +ssleay (0.8.1-2) unstable; urgency=low + + * linked shared libraries against libc6 + * use /dev/random for randomseed + + -- Christoph Martin Wed, 5 Nov 1997 11:21:40 +0100 + +ssleay (0.8.1-1) unstable; urgency=low + + * new upstream version + + -- Christoph Martin Thu, 16 Oct 1997 16:15:43 +0200 + +ssleay (0.6.6-2) unstable; urgency=low + + * cleanup in diffs + * removed INSTALL from docs (bug #13205) + * split libssl and libssl-dev (but #13735) + + -- Christoph Martin Wed, 15 Oct 1997 17:38:38 +0200 + +ssleay (0.6.6-1) unstable; urgency=low + + * New upstream version + * added shared libraries for libcrypto and libssl + + -- Christoph Martin Thu, 26 Jun 1997 19:26:14 +0200 + +ssleay (0.6.4-2) unstable; urgency=low + + * changed doc filenames from .doc to .txt to be able to read them + over with webbrowser + + -- Christoph Martin Tue, 25 Feb 1997 14:02:53 +0100 + +ssleay (0.6.4-1) unstable; urgency=low + + * Initial Release. + + -- Christoph Martin Fri, 22 Nov 1996 21:29:51 +0100 + --- openssl-0.9.8k.orig/debian/libssl0.9.8.files +++ openssl-0.9.8k/debian/libssl0.9.8.files @@ -0,0 +1,5 @@ +lib/*.so.*.*.* +lib/*/*.so.*.*.* +lib/i686/cmov/*.so.*.*.* +usr/lib/*.so.*.*.* +usr/lib/ssl/engines --- openssl-0.9.8k.orig/debian/compat +++ openssl-0.9.8k/debian/compat @@ -0,0 +1 @@ +3 --- openssl-0.9.8k.orig/debian/libssl0.9.8.dirs +++ openssl-0.9.8k/debian/libssl0.9.8.dirs @@ -0,0 +1,2 @@ +lib +usr/share/doc/libssl0.9.8 --- openssl-0.9.8k.orig/debian/libssl-dev.files +++ openssl-0.9.8k/debian/libssl-dev.files @@ -0,0 +1,7 @@ +usr/lib/libssl.so +usr/lib/libcrypto.so +usr/lib/libssl.a +usr/lib/libcrypto.a +usr/lib/pkgconfig +usr/include +usr/share/man/man3 --- openssl-0.9.8k.orig/debian/libssl0.9.8.postinst +++ openssl-0.9.8k/debian/libssl0.9.8.postinst @@ -0,0 +1,179 @@ +#!/bin/bash + +. /usr/share/debconf/confmodule + +set -e + +package_name() +{ + echo $(basename $0 .postinst) +} + +# element() is a helper function for file-rc: +element() { + local element list IFS + + element="$1" + + [ "$2" = "in" ] && shift + list="$2" + [ "$list" = "-" ] && return 1 + [ "$list" = "*" ] && return 0 + + IFS="," + set -- $list + case $element in + "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") + return 0 + esac + return 1 +} + +# filerc (runlevel, service) returns /etc/init.d/service, if service is +# running in $runlevel: +filerc() { + local runlevel basename + runlevel=$1 + basename=$2 + while read LINE + do + case $LINE in + \#*|"") continue + esac + + set -- $LINE + SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" + [ "$CMD" = "/etc/init.d/$basename" ] || continue + + if element "$runlevel" in "$START" || element "S" in "$START" + then + echo "/etc/init.d/$basename" + return 0 + fi + done < /etc/runlevel.conf + echo "" +} + +if [ "$1" = "configure" ] +then + if [ ! -z "$2" ]; then + if dpkg --compare-versions "$2" lt 0.9.8g-9 && dpkg --compare-versions "$2" gt 0.9.8c-4etch3; then + db_version 2.0 + + echo -n "Checking for services that may need to be restarted..." + + check="sendmail openssh-server" + check="$check apache2-common ssh-nonfree exim4" + check="$check apache-ssl libapache-mod-ssl openvpn spamassassin" + check="$check courier-imap-ssl courier-mta-ssl courier-pop-ssl" + check="$check postfix cyrus21-imapd cyrus21-pop3d" + check="$check postgresql-7.4 postgresql-8.0 postgresql-8.1" + check="$check postgresql-8.2" + check="$check racoon dovecot-common bind9" + check="$check ntp openntpd clamcour nagios-nrpe-server" + check="$check clamav-freshclam clamav-daemon" + check="$check fetchmail ftpd-ssl slapd" + check="$check proftpd proftpd-ldap proftpd-mysql proftpd-pgsql" + check="$check partimage-server conserver-server tor" + check="$check stunnel4" + # Only get the ones that are installed, and configured + check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') + # apache2 ships its init script in apache2-common, but the + # script is apache2 + check=$(echo $check | sed 's/apache2-common/apache2/g') + # For mod-ssl apache has to be restarted + check=$(echo $check | sed 's/libapache-mod-ssl/apache/g') + # The name of proftpd-{ldap,mysql,pgsql} init script is + # same as "proftpd". + check=$(echo $check | sed 's/proftpd-.*/proftpd/g') + # dovecot-common ships its init script, but the + # script name is dovecot for dovecot-{imapd,pop3d}. + check=$(echo $check | sed 's/dovecot-common/dovecot/g') + # openssh-server's init script it called ssh + check=$(echo $check | sed 's/openssh-server/ssh/g') + echo "done." + + echo "Checking init scripts..." + for service in $check; do + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1) + if [ -n "$idl" ] && [ -x $idl ]; then + services="$service $services" + else + echo "WARNING: init script for $service not found." + fi + else + if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then + + idl=$(filerc $rl $service) + else + idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) + fi + if [ -n "$idl" ] && [ -x $idl ]; then + services="$service $services" + fi + fi + done + if [ -n "$services" ]; then + db_reset libssl0.9.8/restart-services + db_set libssl0.9.8/restart-services "$services" + if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then + db_input medium libssl0.9.8/restart-services || true + else + db_input critical libssl0.9.8/restart-services || true + fi + db_go || true + db_get libssl0.9.8/restart-services + + if [ "x$RET" != "x" ] + then + services=$RET + answer=yes + else + answer=no + fi + echo + if [ "$answer" = yes ] && [ "$services" != "" ]; then + echo "Restarting services possibly affected by the upgrade:" + failed="" + rl=$(runlevel | sed 's/.*\ //') + for service in $services; do + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + idl="invoke-rc.d ${service}" + elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then + idl=$(filerc $rl $service) + else + idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) + fi + + if ! $idl restart; then + failed="$service $failed" + fi + done + echo + if [ -n "$failed" ]; then + db_subst libssl0.9.8/restart-failed services "$failed" + db_input critical libssl0.9.8/restart-failed || true + db_go || true + else + echo "Services restarted successfully." + fi + echo + fi + else + echo "Nothing to restart." + fi + # Shut down the frontend, to make sure none of the + # restarted services keep a connection open to it + db_stop + fi # end upgrading and $2 lt 0.9.8c-2 + fi # Upgrading + + # Only issue the reboot notification for servers; we proxy this by + # testing that the X server is not running (LP: #244250) + if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then + /usr/share/update-notifier/notify-reboot-required + fi +fi + +#DEBHELPER# --- openssl-0.9.8k.orig/debian/rules +++ openssl-0.9.8k/debian/rules @@ -0,0 +1,210 @@ +#!/usr/bin/make -f +# Sample debian.rules file - for GNU Hello (1.3). +# Copyright 1994,1995 by Ian Jackson. +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified +# +# Modified to be a prototype for debmake by Christoph Lameter +SHELL=/bin/bash + +package=openssl + +# For generating the manpages +export VERSION=$(shell dpkg-parsechangelog | grep '^Version:' | sed -e 's/^.*://' -e 's/-.*//') + +# The binary architeture +DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH) +DEB_HOST_ARCH_OS = $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +DEB_HOST_GNU_TYPE=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) +CROSS=CC=$(DEB_HOST_GNU_TYPE)-gcc +MAKE_TEST=: +else +CROSS=CC=$(CC) +MAKE_TEST=make test +endif + +CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib enable-tlsext no-sslv2 +OPT_alpha = ev4 ev5 +OPT_i386 = i486 i586 i686/cmov +OPT_sparc = v8 v9 +ARCHOPTS = OPT_$(DEB_HOST_ARCH) +OPTS = $($(ARCHOPTS)) +WANTED_LIBC_VERSION = 2.3.1-10 + +patch: patch-stamp +patch-stamp: + QUILT_PATCHES=debian/patches quilt push -a || test $$? = 2 + touch patch-stamp + +unpatch: + QUILT_PATCHES=debian/patches quilt pop -a || test $$? = 2 + rm -rf patch-stamp debian/patched + +build: build-stamp +build-stamp: patch-stamp + dh_testdir + perl util/perlpath.pl /usr/bin +# perl util/ssldir.pl /usr/lib/ssl +# chmod +x debian/libtool + ./Configure no-shared $(CONFARGS) debian-$(DEB_HOST_ARCH) + make $(CROSS) -f Makefile all + $(MAKE_TEST) + mv libcrypto.a libcrypto.static + mv libssl.a libssl.static + make -f Makefile clean + test -z "$(OPTS)" || for opt in $(OPTS); \ + do \ + set -xe; \ + ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH)-$$opt; \ + make $(CROSS) -f Makefile all; \ + $(MAKE_TEST); \ + mkdir -p $$opt; \ + mv libcrypto.so* libssl.so* $$opt/; \ + make -f Makefile clean; \ + done + ./Configure shared $(CONFARGS) debian-$(DEB_HOST_ARCH) + #make $(CROSS) -f Makefile depend + ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/ +# make $(CROSS) -f Makefile linux-shared + make $(CROSS) -f Makefile all + $(MAKE_TEST) +# strip apps/openssl +# make -f Makefile clean +# ./Configure --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 debian-$(DEB_HOST_ARCH) +# make $(CROSS) -f Makefile all + touch build + +clean: clean-patched unpatch +clean-patched: patch-stamp + dh_testdir + dh_testroot + dh_clean + -rm -f build + -perl util/perlpath.pl /usr/bin + -./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH) + [ ! -f Makefile ] || make -f Makefile clean clean-shared + #-make -f Makefile dclean + -perl util/perlpath.pl /usr/local/bin/perl +# perl util/ssldir.pl /usr/local/ssl + -rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl + -rm -f util/mk1mf.bak Makefile.bak `find . -name Makefile.save` + -rm -f crypto/pem/ctx_size + -rm -f `find . -name "*~"` + -rm -f `find . -name "*.orig" -o -name "*.rej"` + -rm -f certs/*.0 certs/*.1 +# -rm -rf debian/tmp debian/files* core `find debian/* -type d` + -rm -rf core $(OPTS) + -rm doc/*.pod + -rm -f libcrypto.* libssl.* + -cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest ecdsatest ecdhtest ideatest md2test md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest + +binary-indep: build + dh_testdir + dh_testroot +# There are no architecture-independent files to be uploaded +# generated by this package. If there were any they would be +# made here. + +binary-arch: build + dh_testdir + dh_testroot + dh_clean +# -rm -rf debian/tmp `find debian/* -type d` + install -d debian/tmp debian/libssl0.9.8 debian/libssl-dev +# cd debian/tmp && install -d `cat ../dirs` +# cd debian/libssl09 && install -d `cat ../libssl09.dirs` +# cd debian/libssl09-dev && install -d `cat ../libssl09-dev.dirs` + dh_installdirs +#openssl install + make -f Makefile install INSTALL_PREFIX=`pwd`/debian/tmp +# rm debian/tmp/usr/share/man/man1/openssl.1 +# rm debian/tmp/usr/share/man/man3/crypto.3 +# rm debian/tmp/usr/share/man/man3/ssl.3 +# rm debian/tmp/usr/lib/libcrypto.a +# rm debian/tmp/usr/lib/libssl.a + # pic static libraries, nobody should need them +# mv debian/tmp/usr/lib/libcrypto.a debian/tmp/usr/lib/libcrypto_pic.a +# mv debian/tmp/usr/lib/libssl.a debian/tmp/usr/lib/libssl_pic.a + cp -pf libcrypto.static debian/tmp/usr/lib/libcrypto.a + cp -pf libssl.static debian/tmp/usr/lib/libssl.a +# mv debian/tmp/usr/lib/ssl/bin debian/tmp/usr/bin/ssl +# (cd debian/tmp/usr/lib/ssl; ln -s /usr/bin/ssl bin) +# mv debian/tmp/usr/lib/ssl/include debian/tmp/usr/include/ssl +# (cd debian/tmp/usr/lib/ssl; ln -s /usr/include/ssl include) +# chmod -x debian/tmp/usr/lib/*.so.* +# mv debian/tmp/usr/lib/*.a debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/lib/*.so debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/lib/*.so.*.*.* debian/libssl09/usr/lib/ +# mv debian/tmp/usr/lib/*.la debian/libssl09-dev/usr/lib/ +# mv debian/tmp/usr/include debian/libssl09-dev/usr/ + # move runtime libraries to /lib + install -d debian/tmp/lib + mv debian/tmp/usr/lib/lib*.so.* debian/tmp/lib/ + ln -sf /lib/$$(readlink debian/tmp/usr/lib/libcrypto.so) debian/tmp/usr/lib/libcrypto.so + ln -sf /lib/$$(readlink debian/tmp/usr/lib/libssl.so) debian/tmp/usr/lib/libssl.so +ifneq ($(DEB_HOST_ARCH_OS),hurd) + # leave symlinks behind due to rpath in old versions + for x in debian/tmp/lib/lib*.so.*; do ln -s /lib/$$(basename $$x) debian/tmp/usr/lib/$$(basename $$x); done +endif + mkdir -p debian/tmp/etc/ssl + mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ + ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ + cp -pf debian/tmp/lib/libcrypto.so.* debian/libcrypto0.9.8-udeb/lib/ + cp -pf debian/tmp/lib/libssl.so.* debian/libssl0.9.8-udeb/lib/ + for opt in $(OPTS); do set -xe; mkdir -p debian/tmp/lib/$$opt; cp -auv $$opt/lib*.so* debian/tmp/lib/$$opt/; done + install debian/copyright debian/libssl0.9.8/usr/share/doc/libssl0.9.8/ + install debian/changelog debian/libssl0.9.8/usr/share/doc/libssl0.9.8/changelog.Debian + install debian/copyright debian/libssl-dev/usr/share/doc/libssl-dev/ + install debian/changelog debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian +# (cd debian/tmp/usr/doc/openssl/doc; for f in *.doc*; do mv "$$f" "$$(echo $$f | sed -e 's/doc/txt/')";done) +# (cd doc; for f in *; do install "$$f" ../debian/tmp/usr/share/doc/openssl/doc/"$$(echo $$f | sed -e 's/doc/txt/')";done) +# debstd -u CHANGES* LICENSE README NEWS + + dh_installdocs CHANGES.SSLeay README NEWS debian/README.optimization + dh_installexamples + dh_installchangelogs CHANGES +# dh_installmenu +# dh_installcron + dh_installman -popenssl + dh_installdebconf +# dh_undocumented c_rehash.1 + dh_movefiles +# rmdir debian/tmp/usr/lib/ssl/lib +# rmdir debian/tmp/usr/include/openssl +# rmdir debian/tmp/usr/include +# for opt in $(OPTS); do set -xe; rm -fr debian/tmp/lib/$$opt; done + dh_compress +# symlink doc files + for p in openssl libssl-dev; do \ + for f in changelog.Debian.gz changelog.gz copyright; do \ + ln -sf ../libssl0.9.8/$$f debian/$$p/usr/share/doc/$$p/$$f; \ + done; \ + done + chmod 700 debian/openssl/etc/ssl/private + dh_fixperms -X etc/ssl/private + dh_strip --dbg-package=libssl0.9.8 + dh_perl -d +# dh_suidregister + dh_makeshlibs -V "libssl0.9.8 (>= 0.9.8k-1)" --add-udeb="libcrypto0.9.8-udeb" + sed -i '/^udeb: libssl/s/libcrypto0.9.8-udeb/libssl0.9.8-udeb/' debian/libssl0.9.8/DEBIAN/shlibs + dh_shlibdeps -L libssl0.9.8 -l debian/libssl0.9.8/lib + dh_gencontrol + dh_installdeb + dh_md5sums + dh_builddeb + echo -en "\a" + +# Below here is fairly generic really + +binary: binary-indep binary-arch + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +.PHONY: binary binary-arch binary-indep clean patch --- openssl-0.9.8k.orig/debian/watch +++ openssl-0.9.8k/debian/watch @@ -0,0 +1,2 @@ +version=2 +ftp://ftp.openssl.org/source/openssl-(\d+\.\d+\.\d+[a-z]?)\.tar\.gz --- openssl-0.9.8k.orig/debian/openssl-doc.docs +++ openssl-0.9.8k/debian/openssl-doc.docs @@ -0,0 +1,2 @@ +doc +FAQ --- openssl-0.9.8k.orig/debian/openssl.dirs +++ openssl-0.9.8k/debian/openssl.dirs @@ -0,0 +1,4 @@ +usr/bin +usr/lib +etc/ssl/certs +etc/ssl/private --- openssl-0.9.8k.orig/debian/copyright +++ openssl-0.9.8k/debian/copyright @@ -0,0 +1,135 @@ +This package was debianized by Christoph Martin martin@uni-mainz.de on +Fri, 22 Nov 1996 21:29:51 +0100. + +Copyright (c) 1998-2004 The OpenSSL Project +Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson + +The upstream sources were obtained from http://www.openssl.org/ + + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + --- openssl-0.9.8k.orig/debian/libssl0.9.8-udeb.dirs +++ openssl-0.9.8k/debian/libssl0.9.8-udeb.dirs @@ -0,0 +1 @@ +lib --- openssl-0.9.8k.orig/debian/libssl0.9.8.templates +++ openssl-0.9.8k/debian/libssl0.9.8.templates @@ -0,0 +1,30 @@ +Template: libssl0.9.8/restart-services +Type: string +_Description: Services to restart to make them use the new libraries: + This release of OpenSSL fixes some security issues. Services will not + use these fixes until they are restarted. Please note that restarting + the SSH server (sshd) should not affect any existing connections. + . + Please check the list of detected services that need to be restarted + and correct it, if needed. The services names must be identical to the + initialization script names in /etc/init.d and separated by + spaces. No services will be restarted if the list is empty. + . + Any service that later fails unexpectedly after this upgrade should + be restarted. It is recommended to reboot this host to avoid any + SSL-related trouble. + +Template: libssl0.9.8/restart-failed +Type: error +#flag:translate!:3 +#flag:comment:2 +# This paragraph is followed by a (non translatable) paragraph containing +# a list of services that could not be restarted +_Description: Failure restarting some services for OpenSSL upgrade + The following services could not be restarted for the OpenSSL library upgrade: + . + ${services} + . + You will need to start these manually by running + '/etc/init.d/ start'. + --- openssl-0.9.8k.orig/debian/libssl-dev.dirs +++ openssl-0.9.8k/debian/libssl-dev.dirs @@ -0,0 +1,3 @@ +usr/lib +usr/share/doc/libssl-dev +usr/share/man --- openssl-0.9.8k.orig/debian/openssl.files +++ openssl-0.9.8k/debian/openssl.files @@ -0,0 +1,9 @@ +usr/share/man/man1 +usr/share/man/man5 +usr/share/man/man7 +usr/bin +usr/lib/ssl/misc +usr/lib/ssl/certs +usr/lib/ssl/openssl.cnf +usr/lib/ssl/private +etc/ssl --- openssl-0.9.8k.orig/debian/libcrypto0.9.8-udeb.dirs +++ openssl-0.9.8k/debian/libcrypto0.9.8-udeb.dirs @@ -0,0 +1 @@ +lib --- openssl-0.9.8k.orig/debian/README.debian +++ openssl-0.9.8k/debian/README.debian @@ -0,0 +1,67 @@ +openssl for DEBIAN +---------------------- + +openssl replaces ssleay. + +The application links to openssl like req, ca, verify and s_client +have been removed. + +Instead of `` please call now `openssl ` + +eg: +instead of `req` please call `openssl req` + + +PATENT ISSUES +------------- + +Some algorithms used in the library are covered by patents. As +a result, the following algorithms in libcrypto have been disabled: +- RC5 +- MDC2 +- IDEA + +Also see the patents section in the README file. + + +Self-signed certs and webservers: +--------------------------------- + +If you get with a selfsigned certificate and a webserver: + > "The certificate is not approved for the attempted operation." + +Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) writes: +>Probably you are using a CA certificate for your server; if you use +>"openssl req" to generate a new key and self-signed certificate with +>the default openssl.cnf, the certificate you get includes certain +>X.509v3 extensions that make it unfit for use as a server certificate. +>This was not so with earlier versions of the software because back +>then there was far less X.509v3 support. +> +>To look at the certificate some HTTPS server presents to its cliens, +>use "openssl s_client -port 443 -host your.server", store the output +>(at least the part from "-----BEGIN CERTIFICATE-----" up to "-----END +>CERTIFICATE-----", including these separators) in a file and use +>"openssl x509 -in the_file_you_just_stored -text" to look at it in +>readable form. If it has in the "X509v3 extensions section" any of +>the following entries, it is not usable as a server certificate: +> +> X509v3 Basic Constraints: +> CA:TRUE +> +> X509v3 Key Usage: +> Certificate Sign, CRL Sign +> +>To quickly create a new server key and certificate that works with +>Netscape, you can just copy the original openssl.cnf file and comment +>out the "x509_extensions" entry in the "[ req ]" section. +>The, use "openssl req ..." as before to create a new certificate and +>key. + + +Christoph Martin , Wed, 31 Mar 1999 16:00:51 +0200 + +In Ubuntu, SSLv2 (older, considered insecure, version of SSL) is disabled +by default. + +Ante Karamatic , Thu 24 Jul 2008 12:43:15 +0200 --- openssl-0.9.8k.orig/debian/README.optimization +++ openssl-0.9.8k/debian/README.optimization @@ -0,0 +1,32 @@ +openssl ships optimized libraries for some cpus. The loading of these +libraries depends on the ability of the dynamic linker to automaticly +search additional directories depending on the cpu. If you want to +find out which are these directories for your computer, run the +following command: + +LD_LIBRARY_PATH=/usr/lib strace true 2>&1 | fgrep "open(\"/usr/lib" + +On a Pentium III this gives: + +open("/usr/lib/i686/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) +open("/usr/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) +open("/usr/lib/mmx/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) +open("/usr/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory) + +Following is a list of cpus, library paths and possible optimizations: + +486 /usr/lib/i486 -march=i486 -mcpu=i486 +asm +Pentium /usr/lib/i586 -march=i586 -mcpu=i586 +asm +Pentium MMX /usr/lib/i586 -march=i586 -mcpu=i586 +asm +Pentium II /usr/lib/i686 -march=i686 -mcpu=i686 +asm +Pentium III /usr/lib/i686 -march=i686 -mcpu=i686 +asm +AMD-K6 /usr/lib/i586 -march=i586 -mcpu=i586 +asm +AMD-K7 /usr/lib/i686 -march=i686 -mcpu=i686 +asm + +Sparc v8 /usr/lib/v8 -mcpu=v8 +asm +Sparc v9 /usr/lib/v9 -mcpu=v9 -Wa,-Av8plus +asm + +Alpha EV4 /usr/lib/ev4 -mcpu=ev4 +Alpha EV5 /usr/lib/ev5 -mcpu=ev5 + ++asm means that the handcrafted 586 assembler routines can be used. --- openssl-0.9.8k.orig/debian/libssl-dev.docs +++ openssl-0.9.8k/debian/libssl-dev.docs @@ -0,0 +1 @@ +demos --- openssl-0.9.8k.orig/debian/control +++ openssl-0.9.8k/debian/control @@ -0,0 +1,91 @@ +Source: openssl +Build-Depends: debhelper (>= 5.0.22), binutils (>= 2.14.90.0.7), zlib1g-dev, m4, bc, quilt +Section: utils +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian OpenSSL Team +Uploaders: Christoph Martin , Kurt Roeckx +Standards-Version: 3.8.0 +Vcs-Browser: http://svn.debian.org/wsvn/pkg-openssl/openssl +Vcs-Svn: svn://svn.debian.org/pkg-openssl/openssl/ + +Package: openssl +Priority: optional +Architecture: any +Depends: ${shlibs:Depends}, ${perl:Depends} +Conflicts: ssleay (<< 0.9.2b) +Suggests: ca-certificates, openssl-doc +Description: Secure Socket Layer (SSL) binary and related cryptographic tools + This package contains the openssl binary and related tools. + . + It is part of the OpenSSL implementation of SSL. + . + You need it to perform certain cryptographic actions like: + - Creation of RSA, DH and DSA key parameters; + - Creation of X.509 certificates, CSRs and CRLs; + - Calculation of message digests; + - Encryption and decryption with ciphers; + - SSL/TLS client and server tests; + - Handling of S/MIME signed or encrypted mail. + +Package: openssl-doc +Section: doc +Priority: optional +Architecture: all +Description: Secure Socket Layer (SSL) documentation + This package contains the OpenSSL documentation. + . + It is part of the OpenSSL implementation of SSL. + +Package: libssl0.9.8 +Section: libs +Priority: important +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: ssleay (<< 0.9.2b), libssl, openssl (<< 0.9.6-2), libssl096-dev (<< 0.9.6-2) +Description: SSL shared libraries + libssl and libcrypto shared libraries needed by programs like + apache-ssl, telnet-ssl and openssh. + . + It is part of the OpenSSL implementation of SSL. + +Package: libcrypto0.9.8-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: crypto shared library - udeb + libcrypto shared library. + . + Do not install it on a normal system. + +Package: libssl0.9.8-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: optional +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ssl shared library - udeb + libssl shared library. + . + Do not install it on a normal system. + +Package: libssl-dev +Section: libdevel +Priority: optional +Architecture: any +Depends: libssl0.9.8 (= ${binary:Version}), zlib1g-dev +Conflicts: ssleay (<< 0.9.2b), libssl08-dev, libssl09-dev, libssl095a-dev, libssl096-dev +Description: SSL development libraries, header files and documentation + libssl and libcrypto development libraries, header files and manpages. + . + It is part of the OpenSSL implementation of SSL. + +Package: libssl0.9.8-dbg +Section: debug +Priority: extra +Architecture: any +Depends: libssl0.9.8 (= ${binary:Version}) +Description: Symbol tables for libssl and libcrypto + This package is part of the OpenSSL implementation of SSL. --- openssl-0.9.8k.orig/debian/po/ko.po +++ openssl-0.9.8k/debian/po/ko.po @@ -0,0 +1,84 @@ +# Korean translations for openssl package +# openssl 패키지에 대한 한국어 번역문. +# Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openssl package. +# Sunjae Park , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-04-11 13:43-0400\n" +"Last-Translator: Sunjae Park \n" +"Language-Team: Korean \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "새 라이브러리를 사용하도록 재시작할 서비스 목록:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"이번 OpenSSL 릴리즈는 보안 문제를 몇 개 해결합니다. 서비스들을 재시작시킬 때" +"까지는 이 문제들이 해결되지 않습니다. 참고로 SSH 서버(sshd)를 재시작시키더라" +"도 기존 연결에는 영향을 주지 않을 것입니다." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"재시작시킬 서비스의 목록을 확인하시고 필요할 경우 목록을 수정하십시오. 서비스" +"의 이름들은 /etc/init.d에 있는 초기화 스크립트의 이름과 같아야 하며 빈칸으로 " +"구분되어야 합니다. 목록이 비어있을 경우에는 서비스를 재시작시키지 않습니다." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"이 업그레이드를 적용한 후 갑자기 오동작을 하는 서비스는 재시작시키십시오. " +"SSL 관련된 문제가 없도록 이 호스트를 재부팅하시길 권장합니다." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ja.po +++ openssl-0.9.8k/debian/po/ja.po @@ -0,0 +1,81 @@ +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.8e-4\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-01-22 07:37+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "新しいライブラリを使うために再起動するサービス:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"OpenSSL は、今回のリリースでセキュリティホールが修正されました。各サービスは" +"再起動を行わないと、この修正されたライブラリを利用しません。注意: SSH サーバ " +"(sshd) を再起動しても、現状の接続には何ら影響しません。" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"再起動が必要だと判断されたサービスのリストを確認してください。必要であれば修" +"正してください。サービス名は /etc/init.d にあるスクリプトの名前を指し、空白で" +"区切る必要があります。リストが空の場合は、どのサービスも再起動されません。" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"他のサービスがここでのアップグレードの後に何故かエラーを起こし始めた場合、そ" +"れらも再起動する必要があります。SSL 関連のトラブルを避けるためには、マシンを" +"再起動するのをお勧めします。" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "OpenSSL のアップグレードによって再起動に失敗したサービス" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"以下のサービスは OpenSSL ライブラリのアップグレードに伴った再起動を行うことが" +"できませんでした。" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"開始するには '/etc/init.d/ start' を手動で実行する必要があります。" --- openssl-0.9.8k.orig/debian/po/sk.po +++ openssl-0.9.8k/debian/po/sk.po @@ -0,0 +1,56 @@ +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.8e-5\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-01-21 11:41+0100\n" +"Last-Translator: Ivan Masár \n" +"Language-Team: Slovak \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Služby, ktoré sa majú reštartovať, aby začali používať nové knižnice:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "This release of OpenSSL fixes some security issues. Services will not use these fixes until they are restarted. Please note that restarting the SSH server (sshd) should not affect any existing connections." +msgstr "Táto verzia OpenSSL opravuje niektoré bezpečnostné problémy. Služby nezačnú používať tieto opravy až pokým nebudú reštartované. Prosím, pamätajte, že reštartovanie SSH servera (sshd) by nemalo mať vplyv na žiadne už nadviazané spojenia." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Please check the list of detected services that need to be restarted and correct it, if needed. The services names must be identical to the initialization script names in /etc/init.d and separated by spaces. No services will be restarted if the list is empty." +msgstr "Prosím, skontrolujte zoznam zistených služieb, ktoré sa majú reštartovať a ak je to potrebné, opravte ho. Názvy služieb musia byť rovnaké ako názvy inicializačných skriptov v /etc/init.d a oddelené medzerami. Ak tento zoznam bude prázdny, žiadne služby sa nebudú reštartovať." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Any service that later fails unexpectedly after this upgrade should be restarted. It is recommended to reboot this host to avoid any SSL-related trouble." +msgstr "Každá služba, ktorá po vykonaní tejto aktualizácie zlyhá, by mala byť reštartovaná. Odporúča sa reštartovať tento počítač, aby ste sa vyhli akýmkoľvek problémom týkajúcim sa SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Počas aktualizácie knižnice OpenSSL sa nepodarilo sa reštartovať niektoré služby." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "The following services could not be restarted for the OpenSSL library upgrade:" +msgstr "Nasledovné služby nebolo možné reštartovať počas aktualizácie knižnice OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "You will need to start these manually by running '/etc/init.d/ start'." +msgstr "Budete ich musieť reštartovať ručne spustením „/etc/init.d/ start“." + --- openssl-0.9.8k.orig/debian/po/nl.po +++ openssl-0.9.8k/debian/po/nl.po @@ -0,0 +1,102 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-11-14 20:03+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Dutch\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Welke diensten moeten herstart worden (zodat ze de nieuwe bibliotheken " +"gebruiken)?" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Deze uitgave van OpenSSL dicht een aantal veiligheidslekken. Andere " +"achtergronddiensten maken pas gebruik van de nieuwe versie eens ze herstart " +"zijn. Herstarten van de SSH-server (sshd) heeft normaal geen gevolgen voor " +"bestande verbindingen." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Hierna volgt een lijst van gedetecteerde diensten die herstart moeten " +"worden. Verbeter de lijst, als u denkt dat ze incorrect is. De namen moeten " +"overeenkomen met de script-namen in /etc/init.d en moeten gescheiden worden " +"door spaties. Als de lijst leeg is worden er geen diensten herstart." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Als er andere diensten mysterieus beginnen te falen na deze opwaardering, " +"dient u deze te herstarten. Er wordt u ten zeerste aanbevolen uw machine te " +"herstarten om SSL-gerelateerde problemen te vermijden." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Herstarten van sommige diensten na de OpenSSL-opwaardering is mislukt." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"De volgende diensten konden niet herstart worden na de opwaardering van de " +"OpenSSL-bibliotheek:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"U zult deze handmatig moeten herstarten via het commando '/etc/init.d/" +" start'." + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/nb.po +++ openssl-0.9.8k/debian/po/nb.po @@ -0,0 +1,91 @@ +# translation of openssl_0.9.8c-4_templates.po to Norwegian Bokmål +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud , 2007. +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8c-4_templates\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-02-25 12:31+0100\n" +"Last-Translator: Bjørn Steensrud \n" +"Language-Team: Norwegian Bokmål \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Hvilke tjenester skal startes på nytt slik at de bruker de nye bibliotekene?" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Denne utgaven retter sikkerhetsproblemer. Tjenester kan ikke bruke disse " +"rettelsene før de er startet på nytt. Merk: om sshd startes på nytt blir " +"antakelig ingen eksisterende tilkoblinger påvirket." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Her følger en liste over funne tjenester som trenger omstart. Rett på lista " +"om den er feil. Tjenestenavnene må være lik skript-navnene i /etc/init.d, og " +"være atskilt med mellomrom. Hvis du tømmer lista blir ingen tjenester " +"omstartet." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Hvis andre tjenester begynner å svikte på mystisk måte etter denne " +"oppgraderingen, så kan det være nødvendig å starte dem på nytt også. Vi " +"anbefaler sterkt at maskinen stoppes og startes for å unngå vansker i " +"forbindelse med SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ml.po +++ openssl-0.9.8k/debian/po/ml.po @@ -0,0 +1,86 @@ +# English translation of openssl. +# Copyright (C) 2007 THE openssl'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openssl package. +# Praveen|പ്രവീണ്‍ A|എ , 2007. +# +# +msgid "" +msgstr "" +"Project-Id-Version: openssl 20070415\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-04-14 07:15+0530\n" +"Last-Translator: Praveen|പ്രവീണ്‍ A|എ \n" +"Language-Team: Swathanthra|സ്വതന്ത്ര Malayalam|മലയാളം Computing|കമ്പ്യൂട്ടിങ്ങ് \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "പുിതിയ ലൈബ്രറികള്‍ ഉപയോഗിയ്ക്കാന്‍ പുനരാരംഭിയ്ക്കേണ്ട സേവനങ്ങള്‍:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"OpenSSL ന്റെ ഈ പതിപ്പ് ചില സുരക്ഷാ പ്രശ്നങ്ങളെ പരിഹരിയ്ക്കുന്നുണ്ട്. പുനരാരംഭിയ്ക്കുന്നത് വരെ " +"സേവനങ്ങള്‍ ഈ പരിഹാരങ്ങള്‍ ഉപയോഗിയ്ക്കുന്നതല്ല. SSH സേവകന്‍ (sshd) പുനരാരംഭിയ്ക്കുന്നത് " +"നേരത്തെയുള്ള ബന്ധങ്ങളെ ബാധിയ്ക്കുകയില്ല." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"ദയവായി പുനരാരംഭിയ്ക്കേണ്ടതായി കണ്ടുപിടിയ്ക്കപ്പെട്ട സേവനങ്ങളുടെ പട്ടിക ദയവായി " +"പരിശോദിയ്ക്കുകയും ആവശ്യമെങ്കില്‍ തിരുത്തുകയും ചെയ്യുക. സേവന നാമങ്ങള്‍ /etc/init.d യിലെ ആരംഭ " +"സ്ക്രിപ്റ്റ് നാമങ്ങളുമായി സമാനമായിരിയ്ക്കുയും സ്പേയ്സുകള്‍ കൊണ്ട് " +"വേര്‍തിരിയ്ക്കപ്പെട്ടവയുമായിരിയ്ക്കണം. പട്ടിക ശൂന്യമാണെങ്കില്‍ സേവനങ്ങളൊന്നും പുനരാരംഭിയ്ക്കുന്നതല്ല." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"ഈ പുതുക്കലിന് ശേഷം പിന്നീട് അപ്രതീക്ഷിതമായി മുടങ്ങുന്ന ഏതൊരു സേവനങ്ങളേയും " +"പുനരാരംഭിയ്ക്കേണ്ടതുണ്ട്. SSL ലുമായി ബന്ധപ്പെട്ട പ്രശ്നം ഒഴിവാക്കാന്‍ ഈ ഹോസ്റ്റിനെ " +"പുനരാരംഭിയ്ക്കാന്‍ ശുപാര്‍ശ ചെയ്തിരിയ്ക്കുന്നു." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/it.po +++ openssl-0.9.8k/debian/po/it.po @@ -0,0 +1,90 @@ +# openssl po-debconf translation to Italian (it) +# Copyright (C) 2006 Software in the Public Interest +# This file is distributed under the same license as the openssl package. +# Luca Monducci , 2006-2008. +# Giuseppe Sacco , 2007 +# +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.8g italian debconf templates\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-01-19 21:17+0100\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Servizi da riavviare per l'uso delle nuove librerie:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Questo rilascio di OpenSSL corregge alcuni problemi legati alla sicurezza, " +"ma i servizi non utilizzeranno queste correzioni finché non verranno " +"riavviati. Notare che il riavvio del server SSH (sshd) non ha effetti sulle " +"connessioni attive." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Controllare ed eventualmente correggere l'elenco dei servizi che devono " +"essere riavviati. Il nome dei servizi, separati da spazi, devono essere gli " +"stessi degli script di inizializzazione che si trovano in /etc/init.d. Se " +"l'elenco è vuoto non verrà riavviato nessun servizio." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Qualsiasi servizio che si bloccasse in maniera imprevista dopo questo " +"aggiornamento dovrà essere riavviato. Si consiglia di riavviare la macchina " +"per evitare qualsiasi problema legato a SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" +"Errore nel riavvio di alcuni servizi per l'aggiornamento di OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Non è stato possibile riavviare i seguenti servizi per l'aggiornamento " +"di OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"È necessario avviarli manualmente con \"/etc/init.d/ start\"." --- openssl-0.9.8k.orig/debian/po/fr.po +++ openssl-0.9.8k/debian/po/fr.po @@ -0,0 +1,99 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8e-4\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-11-11 18:47+0100\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Services à redémarrer afin d'utiliser les nouvelles bibliothèques :" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Cette version d'OpenSSL corrige certaines failles de sécurité. Les services " +"n'utiliseront pas ces correctifs tant qu'ils n'auront pas été redémarrés. " +"Veuillez noter que le redémarrage du serveur SSH (sshd) n'affectera aucune " +"connexion existante." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Veuillez vérifier et corriger si nécessaire la liste des services devant " +"être redémarrés. Les noms des services doivent être identiques aux noms des " +"scripts présents dans /etc/init.d et doivent être séparés par des espaces. " +"Si la liste est vide, aucun service ne sera redémarré." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Si d'autres services ne fonctionnent plus correctement après cette mise à " +"jour, ils devront être redémarrés. Il est fortement recommandé de redémarrer " +"le système pour éviter les problèmes liés à SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" +"Impossible de redémarrer certains services lors de la mise à jour d'OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Les services suivants ne peuvent pas être redémarrés lors de la mise à jour " +"de la bibliothèque OpenSSL :" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Vous devrez les redémarrer vous-même avec la commande « /etc/init.d/" +" start »." + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/pt_BR.po +++ openssl-0.9.8k/debian/po/pt_BR.po @@ -0,0 +1,95 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-04-18 22:26-0300\n" +"Last-Translator: André Luís Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Serviços a serem reiniciados para que possam utilizar as novas bibliotecas:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Esta versão do OpenSSL corrige alguns problemas de segurança. Os serviços " +"não utilizarão essas correções até que sejam reiniciados. Por favor, note " +"que reiniciar o servidor SSH (sshd) não fará com que nenhuma conexão SSH " +"ativa seja afetada." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Por favor, confira a lista de serviços que precisam ser reiniciados " +"detectados e corrija a mesma, caso necessário. Os nomes dos serviços devem " +"ser idênticos aos scripts de inicialização dos mesmos localizados sob o " +"diretório /etc/init.d e devem ser separados por espaços. Nenhum serviço será " +"reiniciado caso a lista esteja vazia." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Qualquer serviço que falhar inesperadamente após esta atualização deverá ser " +"reiniciado. É recomendado reiniciar este host para evitar qualquer problema " +"relacionado a SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/da.po +++ openssl-0.9.8k/debian/po/da.po @@ -0,0 +1,97 @@ +# translation of openssl_0.9.7d-1_templates.po to Danish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Claus Hindsgaul , 2004. +# Claus Hindsgaul , 2007. +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.7d-1_templates\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-05-30 22:26+0200\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Services, der skal genstartes, for at f dem til at benytte de nye " +"biblioteker:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Denne version af openssl retter nogle sikkerhedsproblemer. Services vil ikke " +"benytte disse rettelser, fr de er blevetgenstartet. Bemrk at det ikke vil " +"pvirke eksisterende forbindelser at genstarte SSH-serveren (sshd)." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Tjek listen over fundne services, som skal genstartes, og ret den om " +"ndvendigt. Servicenavnene skal vre identiske med initialiseringsscriptenes " +"navne i /etc/init.d, og vre adskilt med mellemrum. Hvis listen er tom, vil " +"ingen services blive genstartet." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Enhver service, der fejler uden grund efter denne opgradering, br " +"genstartes. Det anbefales at genstarte denne maskine for at undg SSL-" +"relaterede problemer." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ca.po +++ openssl-0.9.8k/debian/po/ca.po @@ -0,0 +1,97 @@ +# +# Catalan translation for openssl package. +# Copyright (C) 2007 Debian OpenSSL Team. +# This file is distributed under the same license as the openssl package. +# +# Aleix Badia i Bosch , 2004 +# Jordà Polo , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8g-3\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-11-24 16:43+0100\n" +"Last-Translator: Jordà Polo \n" +"Language-Team: Català \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Serveis que cal reiniciar perquè utilitzin les noves biblioteques:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Aquesta versió d'OpenSSL resol alguns problemes de seguretat. Els serveis no " +"utilitzaran les correccions fins que no es tornin a iniciar. Fixeu-vos que " +"reiniciar el servidor SSH (sshd) no hauria d'afectar cap de les connexions " +"existents." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Si us plau, comproveu la llista de serveis detectats que caldria reiniciar, " +"i esmeneu-la si és necessari. Els noms dels serveis han de ser idèntics als " +"noms dels scripts que hi ha al directori /etc/init.d, i haurien d'estar " +"separats per espais. Si la llista és buida no es reiniciarà cap servei." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Si després de l'actualització fallen altres serveis de forma inesperada, és " +"possible que també calgui tornar a iniciar-los. Si els problemes relacionats " +"amb SSL persisteixen, podeu reiniciar l'ordinador." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" +"S'ha trobat un error mentre es reiniciaven alguns serveis per " +"l'actualització de l'OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"No s'han pogut reiniciar els següents serveis per l'actualització de la " +"biblioteca OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Aquests els haureu d'iniciar manualment executant «/etc/init.d/ " +"start»." + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/cs.po +++ openssl-0.9.8k/debian/po/cs.po @@ -0,0 +1,93 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-05-12 19:14+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Služby, které se mají restartovat, aby začaly využívat nové knihovny:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Toto vydání OpenSSL opravuje některé bezpečnostní problémy. Tyto opravy se v " +"programech projeví až po jejich restartu. Poznamenejme, že restart SSH " +"serveru (sshd) by neměl ovlivnit stávající spojení." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Zkontrolujte prosím seznam rozpoznaných služeb, které je třeba restartovat. " +"Jestliže se vám zdá, že je seznam chybný, můžete jej upravit. Názvy služeb " +"musí být shodné s názvy skriptů v adresáři /etc/init.d a musí být odděleny " +"mezerami. Pokud seznam vymažete, nebude restartována žádná služba." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Jestliže po této aktualizaci začnou neočekávaně selhávat některé služby, " +"měli byste je taktéž restartovat. Abyste se vyhnuli problémům spojeným se " +"SSL, doporučujeme restartovat celý počítač." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Chyba při restartu některých služeb po aktualizaci OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Následující služby se nepodařilo po aktualizaci knihovny OpenSSL restartovat:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "Budete je muset spustit ručně příkazem „/etc/init.d/ start“." --- openssl-0.9.8k.orig/debian/po/eu.po +++ openssl-0.9.8k/debian/po/eu.po @@ -0,0 +1,94 @@ +# translation of eu.po to Euskara +# Openssl debconf template basque translation +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2007. +msgid "" +msgstr "" +"Project-Id-Version: eu\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-12-21 10:56+0100\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1)\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Liburutegi berriak erabili ditzaten berrabiarazi behar diren zerbitzuak:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"OpenSSL bertsio honek zenbait segurtasun arazo konpontzen ditu. Zerbitzuak " +"ez dituzte konponketa hauek erabiliko berrabiarazi arte. Kontutan izan SSH " +"zerbitzua berrabiarazteak ez dituela sorturik dauden konexioei eragingo." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Mesedez egiaztatu antzemandako berrabiarazi beharra dute zerbitzuen zerrenda " +"eta zuzendu behar izanez gero. Zerbitzu izenak /etc/init.d-eko abiarazte " +"Script-en berdinak izan behar dira. Zerrenda hutsik utziaz ez da zerbitzurik " +"berrabiaraziko." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Bertsio berritze honen ondoren esperogabe huts egiten duen edozein zerbitzu " +"berrabiarazi egin beharko zenuke. Ostalari osoa berrabiaraztea gomendatzen " +"da SSL inguruko arazoak saihesteko." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Huts OpenSSL bertsio-berritzerako zerbitzu batzuek berrabiaraztean." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Hurrengo zerbitzuak ezin izan dira berrabiarazi OpenSSL liburutegi bertsio-" +"berritzerako:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Eskuz berrabiarazi beharko dituzu '/etc/ init.d/ start' eginez." + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/POTFILES.in +++ openssl-0.9.8k/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] libssl0.9.8.templates --- openssl-0.9.8k.orig/debian/po/sv.po +++ openssl-0.9.8k/debian/po/sv.po @@ -0,0 +1,94 @@ +# translation of openssl_0.9.8g-10_sv.po to swedish +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# Martin Bagge , 2008. +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8g-10_sv\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-05-23 00:17+0200\n" +"Last-Translator: Martin Bagge \n" +"Language-Team: swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Tjnster som ska startas om fr att f dem att anvnda de nya biblioteken:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Den hr utgvan av OpenSSL rttar till ett antal skerhetsproblem. " +"Tjnsterna kommer inte att anvnda dessa rttningar frrn de har startats " +"om. Observera att omstart av SSH-servern (sshd) inte kommer att pverka " +"befintliga anslutningar." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Undersk listan ver identifierade tjnster som behver startas om och gr " +"ndringar i den om det behvs. Tjnstenamnen mste vara identiska fr " +"initieringsskripten i /etc/init.d och mste separeras med blanksteg. Inga " +"tjnster kommer att startas om om listan r tom." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Om andra tjnster senare brjar att f underliga problem efter denna " +"uppgradering br de startas om. Vi rekommenderar att du startar om din " +"dator fr att undvika SSL-relaterade problem." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Misslyckades med att starta om tjnster fr uppgraderingen av OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "Fljande tjnster kunde inte startas om vid uppgraderingen av OpenSSL biblioteket:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "Du mste starta om dessa tjnster manuellt genom att kra '/etc/init.d/ start'" + --- openssl-0.9.8k.orig/debian/po/vi.po +++ openssl-0.9.8k/debian/po/vi.po @@ -0,0 +1,84 @@ +# Vietnamese translation for openssl. +# Copyright © 2007 Free Software Foundation, Inc. +# Clytie Siddall , 2005-2007. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8e-5\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-06-01 16:14+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.6.3b1\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Dịch vụ cần khởi chạy lại để sử dụng thư viện mới:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Phiên bản OpenSSL này sửa chữa một số vấn đề bảo mật. Dịch vụ sẽ chỉ sử dụng " +"những sự sửa này sau khi khởi chạy lại. Ghi chú rằng việc khởi chạy lại " +"trình phục vụ SSH (sshd) không nên có tác động kết nối tồn tại nào." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Hãy kiểm tra danh sách các dịch vụ đã phát hiện cần khởi chạy lại, và sửa " +"chữa nếu cần thiết. Tên mỗi dịch vụ phải trùng với tên văn lệnh khởi động " +"trong « /etc/init.d », các tên dịch vụ định giới bằng dấu cách. Bỏ rỗng thì " +"không khời chạy dịch vụ nào." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Dịch vụ nào bị lỗi bất thường sau khi nâng cấp nên được khởi chạy lại. " +"Khuyên bạn khởi động máy này để tránh vấn đề liên quan đến SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ar.po +++ openssl-0.9.8k/debian/po/ar.po @@ -0,0 +1,86 @@ +# translation of openssl-ar.po to Arabic +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Ossama M. Khayat , 2007. +msgid "" +msgstr "" +"Project-Id-Version: openssl-ar\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-04-11 09:47+0300\n" +"Last-Translator: Ossama M. Khayat \n" +"Language-Team: Arabic \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=6; plural=n==1 ? 0 : n==0 ? 1 : n==2 ? 2: n%100>=3 && " +"n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "الخدمات المطلوب إعادة تشغيلها لجعلها تستخدم المكتبات الجديدة:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"هذا الإصدار من OpenSSL يحل بعض المشاكل الأمنية. ولن تستخدم الخدمات هذه " +"الحلول حتى يتم إعادة تشغيلها. الرجاء التنبه إلى أن إعادة تشغيل خادم SSH " +"(sshd) لا يؤثر على أية اتصالات حالية." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"الرجاء التحقق من قائمة الخدمات المكتشفة والتي يجب إعادة تشغيلها وقم بتصحيحها " +"إن كانت هناك حاجة لذلك. يجب أن تكون أسماء الخدمات مطابقة لأسماء ملفات شيفرات " +"التشغيل في /etc/init.d وتفصلها مسافات. لن تتم إعادة تشغيل أية خدمات إن كانت " +"القائمة فارغة." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"يجب إعادة تشغيل أية خدمة تفشل بشكل غير متوقع عقب عملية الترقية هذه. كما أنه " +"من المستحسن إعادة تشغيل هذا الجهاز لتجنب أية مشاكل متعلقة بخدمة SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/de.po +++ openssl-0.9.8k/debian/po/de.po @@ -0,0 +1,91 @@ +# German translation of openssl's debconf templates +# Copyright (C) 2006-2008 Johannes Starosta +# This file is distributed under the same license as the openssl package. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.8e-4\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-03-24 22:48+0100\n" +"Last-Translator: Johannes Starosta \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Welche Dienste sollen erneut gestartet werden, damit sie die neuen " +"Bibliotheken verwenden?" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"In dieser Version von OpenSSL wurden Sicherheitsprobleme behoben. Dienste " +"werden diese Aktualisierungen nicht nutzen, bis sie neugestartet werden. " +"Hinweis: Den SSH-Server (sshd) neu zu starten, dürfte keine bestehenden " +"Verbindungen beeinträchtigen." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Es folgt nun eine Liste der erkannten Dienste, die neu gestartet werden " +"sollten. Bitte berichtigen Sie die Liste, falls Sie glauben, dass sie Fehler " +"enthält. Die Namen der Dienste müssen den Namen der Skripte in /etc/init.d " +"entsprechen und werden durch Leerzeichen getrennt. Es wird kein Dienst neu " +"gestartet, falls die Liste leer bleibt." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Falls andere Dienste nach diesem Upgrade ein merkwürdiges Fehlverhalten " +"zeigen, könnte es nötig werden, sie ebenfalls neu zu starten. Es wird " +"empfohlen, den Rechner neu zu starten, um Probleme mit SSL zu vermeiden." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Neustarten einiger Dienste beim OpenSSL-Upgrade fehlgeschlagen" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Die folgenden Dienste konnten beim Upgrade der OpenSSL-Bibliothek nicht neu " +"gestartet werden:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Sie werden sie manuell durch Aufruf von »/etc/init.d/ start« starten " +"müssen." --- openssl-0.9.8k.orig/debian/po/fi.po +++ openssl-0.9.8k/debian/po/fi.po @@ -0,0 +1,92 @@ +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8e-8\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-12-30 00:00+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Palvelut, jotka käynnistetään uudelleen uusien kirjastojen käyttämiseksi:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Tämä OpenSSL:n julkaisu sisältää joitain turvapäivityksiä. Palvelut eivät " +"käytä näitä päivityksiä ennen kuin ne on käynnistetty uudelleen. Huomaa, " +"että SSH-palvelimen (sshd) uudelleenkäynnistyksen ei pitäisi vaikuttaa " +"olemassa oleviin yhteyksiin." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Tarkista alla oleva lista löydetyistä palveluista, jotka pitää käynnistää " +"uudelleen, ja korjaa sitä tarvittaessa. Palveluiden nimien pitää täsmätä " +"hakemistossa /etc/init.d olevien alustustiedostojen nimiin ja olla " +"välilyönnein eroteltuja. Jos lista on tyhjä, mitään palveluita ei " +"käynnistetä uudelleen." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Palvelut, joissa esiintyy odottamattomia häiriöitä päivityksen jälkeen " +"tulisi käynnistää uudelleen. On suositeltavaa käynnistää kone uudelleen SSL:" +"än liittyvien ongelmien välttämiseksi." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" +"Joidenkin palveluiden käynnistäminen uudelleen OpenSSL:n päivityksen " +"yhteydessä epäonnistui." + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Seuraavia palveluita ei voitu käynnistää uudelleen päivitettäessä OpenSSL-" +"kirjasto:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Nämä tarvitsee käynnistää käsin ajamalla ”/etc/init.d/ start”." + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/gl.po +++ openssl-0.9.8k/debian/po/gl.po @@ -0,0 +1,88 @@ +# Galician translation of openssl's debconf templates. +# This file is distributed under the same license as the openssl package. +# Jacobo Tarrio , 2006, 2007, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-05-13 00:08+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Servizos a reiniciar para facer que empreguen as novas bibliotecas:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Esta versión de OpenSSL arranxa algúns fallos de seguridade. Os servizos non " +"han ter eses fallos arranxados ata que se reinicien. Teña en conta que " +"reiniciar o servidor de SSH (sshd) non debería afectar a ningunha conexión " +"existente." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Verifique a lista de servizos detectados que hai que reiniciar e corríxaa se " +"é preciso. Os nomes dos servizos deben ser idénticos aos nomes dos scripts " +"de inicialización de /etc/init.d e deben ir separados por espazos. Non se ha " +"reiniciar ningún servizo se a lista está baleira." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Tamén se debería reiniciar calquera servizo que falle de xeito inesperado " +"trala actualización. Recoméndase reiniciar esta máquina para evitar " +"experimentar problemas relacionados con SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Problemas ao reiniciar algúns servizos para a actualización de OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Non se puido reiniciar os seguintes servizos para a actualización da " +"biblioteca OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Ha ter que reinicialos manualmente executando \"/etc/init.d/ start" +"\"." --- openssl-0.9.8k.orig/debian/po/templates.pot +++ openssl-0.9.8k/debian/po/templates.pot @@ -0,0 +1,75 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ro.po +++ openssl-0.9.8k/debian/po/ro.po @@ -0,0 +1,93 @@ +# translation of ro.po to Romanian +# Romanian translation of openssl. +# Copyright (C) 2006 THE openssl'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openssl package. +# +# Stan Ioan-Eugen , 2006. +# Eddy Petrișor , 2007, 2008. +msgid "" +msgstr "" +"Project-Id-Version: ro\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-06-30 02:26+0300\n" +"Last-Translator: Eddy Petrișor \n" +"Language-Team: Romanian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < 20)) ? 1 : 2;\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Serviciile repornite pentru a asigura folosirea noilor biblioteci:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Cu această nouă versiune s-au rezolvat probleme de securitate. Serviciile nu " +"vor folosi aceste îmbunătățiri dacă nu sunt repornite. A se reține că " +"repornirea serverului SSH (sshd) nu ar trebui să afecteze conexiunile deja " +"existente." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Verificați și corectați, dacă este nevoie, lista cu serviciile detectate " +"care ar trebui repornite. Numele serviciilor trebuie să fie identice cu " +"numele scripturilor de inițializare din /etc/init.d și trebuie să fie " +"separate prin spații. Dacă lista este goală, nu va fi repornit nici un " +"serviciu." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Orice alt serviciu care prezintă probleme neașteptate după această " +"actualizare, ar trebui repornit. Recomandăm să reporniți calculatorul pentru " +"a evita probleme legate de SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Eșec la repornirea unor servicii pentru actualizarea lui OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "Următoarele servicii nu au putut fi repornite pentru actualizarea bibliotecii OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Va trebui să le porniți manual cu o comandă de tipul „/etc/init.d/ " +"start'." + --- openssl-0.9.8k.orig/debian/po/es.po +++ openssl-0.9.8k/debian/po/es.po @@ -0,0 +1,119 @@ +# openssl translation to spanish +# Copyright (C) 2004 Software in the Public Interest +# This file is distributed under the same license as the openssl package. +# +# Changes: +# - Initial translation +# Lucas Wall , 2004 +# +# - Last revision +# Manuel Porras Peralta «Venturi», 2007 +# Maximiliano Marín, 2007 +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.7d-3\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-05-01 17:20+0200\n" +"Last-Translator: Manuel Porras Peralta «Venturi» \n" +"Language-Team: Debian Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Servicios que tienen que reiniciarse para que usen las nuevas bibliotecas:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Esta versión de OpenSSL corrige algunos problemas de seguridad. Los " +"servicios no usarán los arreglos hasta que se reinicien. Tenga en cuenta que " +"reiniciar el servicio SSH (sshd) no debería afectar a ninguna de las " +"conexiones existentes." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Por favor, compruebe la lista de los servicios detectados que necesitan " +"reiniciarse y corríjala si fuese necesario. Los nombres de los servicios " +"deben ser idénticos a los nombres de los programas de inicio en «/etc/init.d» " +"y deben estar separados por espacios. No se reiniciará ningún servicio si " +"deja la lista en blanco." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Tras esta actualización, debería reiniciar más tarde cualquier servicio que " +"falle inesperadamente. Se recomienda reiniciar el sistema para evitar " +"cualquier problema relacionado con SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Fallo al reiniciar algunos servicios por la actualización de OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"No fue posible reiniciar los servicios indicados a continuación por la " +"actualización de OpenSSL: " + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Tendrá que iniciarlos manualmente ejecutando « /etc/init.d/ start » " + +#~ msgid "${services}" +#~ msgstr "${services}" --- openssl-0.9.8k.orig/debian/po/zh_TW.po +++ openssl-0.9.8k/debian/po/zh_TW.po @@ -0,0 +1,78 @@ +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2007-04-18 01:10+0800\n" +"Last-Translator: Tetralet \n" +"Language-Team: Debian-user in Chinese [Big5] \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "必須重新啟動才能使用新函式庫的服務程式:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"這個 OpenSSL 的釋出版修正了一些安全上的問題。這些服務程式必須重新啟動否則無法" +"套用這些修正。請注意到,重新啟動 SSH 服務程式 (sshd) 並不會影響到任何現有的連" +"線。" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"請檢視被偵測到需重新啟動的服務程式之列表,有必要時請加以修正。這些服務程式名" +"稱必須和 /etc/init.d 裡的初始化 Script 名稱一致,並以空白分隔。如果列表裡空無" +"一物,就表示沒有服務程式會被重新啟動。" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"在此更新之後,必須將任何預料之外無法成功運行的服務程式重新啟動。建議重新啟動" +"這台主機以避免發生任何 SSL 相關的問題。" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/lt.po +++ openssl-0.9.8k/debian/po/lt.po @@ -0,0 +1,104 @@ +# translation of openssl_0.9.8b-2_templates.po to Lithuanian +# opensll debconf translation templates. +# Copyright (C) 2003 Christoph Martin +# This file is distributed under the same license as the openssl package. +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry'# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Gintautas Miliauskas , 2006. +msgid "" +msgstr "" +"Project-Id-Version: openssl_0.9.8b-2_templates\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2006-06-19 01:32+0300\n" +"Last-Translator: Gintautas Miliauskas \n" +"Language-Team: Lithuanian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%" +"100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "Services to restart to make them use the new libraries:" +msgstr "" +"Kuriuos servisus norėtumėte paleisti iš naujo, kad jie naudotų naujas " +"bibliotekas?" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Šioje versijoje ištaisytos saugumo skylės. Servisai nenaudos šių pataisymų, " +"kol nebus iš naujo paleisti. Pastaba: sshd paleidimas iš naujo neturėtų " +"turėti įtakos esamiems prisijungimams." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Pateiktas servisų, kuriuos reikėtų paleisti iš naujo, sąrašas. Jei matote " +"klaidų, sąrašą pataisykite. Servisų vardai turi būti identiški atitinkamų " +"paleidžiamųjų failų /etc/init.d kataloge vardams ir turi būti atskirti " +"tarpais. Jei sąrašą paliksite tuščią, nė vienas servisas nebus iš naujo " +"paleistas." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +#, fuzzy +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Jei kiti servisai po šio atnaujinimo sutriks, gali reikėti ir juos paleisti " +"iš naujo. Rekomenduojame perkrauti sistemą, jei norite išvengti problemų, " +"susijusių su SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" --- openssl-0.9.8k.orig/debian/po/ru.po +++ openssl-0.9.8k/debian/po/ru.po @@ -0,0 +1,94 @@ +# translation of openssl_0.9.8g-10.1_ru.po to Russian +# This file is distributed under the same license as the PACKAGE package. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. +# +# Yuriy Talakan' , 2006. +# Yuriy Talakan' , 2007. +# Yuri Kozlov , 2008. +msgid "" +msgstr "" +"Project-Id-Version: openssl 0.9.8g-10.1\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-06-03 21:21+0400\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Перезапускаемые службы для использования новой библиотеки:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Этот выпуск OpenSSL исправляет некоторые проблемы безопасности. Службы не " +"могут использовать эти исправления, пока не будут перезапущены. Обратите " +"внимание, что перезапуск сервера SSH (sshd) не повлияет на существующие " +"соединения." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Проверьте список обнаруженных служб, которые надо перезапустить и " +"поправьте его, если необходимо. Имена служб должны соответствовать именам " +"сценариев запуска в /etc/init.d и должны быть разделены пробелами. Если " +"список пустой, службы не будут перезапущены." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Надо перезапустить любую службу, которая после этого обновления неожиданно " +"начнёт работать с ошибками. Рекомендуется перегрузить машину во избежание " +"проблем, связанных с SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Не удалось перезапустить некоторые службы при обновлении OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Следующие службы не удалось перезапустить при обновлении " +"библиотеки OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Вам нужно будет перезапустить их вручную с помощью команд '/etc/init.d/<служба> " +"start'." + --- openssl-0.9.8k.orig/debian/po/pt.po +++ openssl-0.9.8k/debian/po/pt.po @@ -0,0 +1,88 @@ +# Portuguese translation for openssl's debconf messages +# Copyright (C) 2007, Carlos Lisboa +# This file is distributed under the same license as the openssl package. +# Carlos Lisboa , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: openssl\n" +"Report-Msgid-Bugs-To: openssl@packages.debian.org\n" +"POT-Creation-Date: 2008-01-16 21:40+0100\n" +"PO-Revision-Date: 2008-04-10 20:36+0100\n" +"Last-Translator: Carlos Lisboa \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "Services to restart to make them use the new libraries:" +msgstr "Serviços a reiniciar para que usem as novas bibliotecas:" + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"This release of OpenSSL fixes some security issues. Services will not use " +"these fixes until they are restarted. Please note that restarting the SSH " +"server (sshd) should not affect any existing connections." +msgstr "" +"Este lançamento do OpenSSL resolve alguns problemas de segurança. Os " +"serviços podem não usar as correcções até que sejam reiniciados. Note que " +"reiniciar o servidor SSH (sshd) não deve afectar quaisquer ligações " +"existentes." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the " +"initialization script names in /etc/init.d and separated by spaces. No " +"services will be restarted if the list is empty." +msgstr "" +"Por favor verifique a lista de serviços detectados que necessitam de ser " +"reiniciados e corrija-a, se necessário. Os nomes dos serviços devem ser " +"idênticos aos nomes dos scripts de inicialização em /etc/init.d e separados " +"por espaços. Nennhum serviço será reiniciado se a lista estiver vazia." + +#. Type: string +#. Description +#: ../libssl0.9.8.templates:1001 +msgid "" +"Any service that later fails unexpectedly after this upgrade should be " +"restarted. It is recommended to reboot this host to avoid any SSL-related " +"trouble." +msgstr "" +"Qualquer serviço que mais tarde falhe de forma inesperada após esta " +"actualização deverá ser reiniciado. É recomendado que reinicie este " +"computador para evitar qualquer problema relacionado como SSL." + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "Failure restarting some services for OpenSSL upgrade" +msgstr "Falha ao reiniciar alguns serviços para a actualização do OpenSSL" + +#. Type: error +#. Description +#. This paragraph is followed by a (non translatable) paragraph containing +#. a list of services that could not be restarted +#: ../libssl0.9.8.templates:2001 +msgid "" +"The following services could not be restarted for the OpenSSL library " +"upgrade:" +msgstr "" +"Os seguintes serviços não poderam ser reiniciados para a actualização " +"da biblioteca OpenSSL:" + +#. Type: error +#. Description +#: ../libssl0.9.8.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/ " +"start'." +msgstr "" +"Terá que iniciá-los manualmente correndo '/etc/init.d/ start'." --- openssl-0.9.8k.orig/debian/patches/CVE-2011-4108.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-4108.patch @@ -0,0 +1,122 @@ +Origin: http://cvs.openssl.org/chngview?cn=19574 + http://cvs.openssl.org/chngview?cn=21942 +Subject: Fix for DTLS plaintext recovery attack + +Discovered by Nadhem Alfardan and Kenny Paterson. + +Also includes changeset 19574, don't drop DTLS connection if mac or +decryption failed. + +[Ubuntu note: patch differs from upstream in that it drops the + modifications to the CHANGES file to reduce conflicts.] + +--- + ssl/d1_pkt.c | 44 +++++++++++++++++++++++--------------------- + 1 file changed, 23 insertions(+), 21 deletions(-) + +Index: b/ssl/d1_pkt.c +=================================================================== +--- a/ssl/d1_pkt.c ++++ b/ssl/d1_pkt.c +@@ -335,6 +335,7 @@ dtls1_process_record(SSL *s) + SSL3_RECORD *rr; + unsigned int mac_size; + unsigned char md[EVP_MAX_MD_SIZE]; ++ int decryption_failed_or_bad_record_mac = 0; + + + rr= &(s->s3->rrec); +@@ -369,12 +370,10 @@ dtls1_process_record(SSL *s) + enc_err = s->method->ssl3_enc->enc(s,0); + if (enc_err <= 0) + { +- if (enc_err == 0) +- /* SSLerr() and ssl3_send_alert() have been called */ +- goto err; +- +- /* otherwise enc_err == -1 */ +- goto decryption_failed_or_bad_record_mac; ++ /* To minimize information leaked via timing, we will always ++ * perform all computations before discarding the message. ++ */ ++ decryption_failed_or_bad_record_mac = 1; + } + + #ifdef TLS_DEBUG +@@ -400,7 +399,7 @@ if ( (sess == NULL) || + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); + goto f_err; + #else +- goto decryption_failed_or_bad_record_mac; ++ decryption_failed_or_bad_record_mac = 1; + #endif + } + /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +@@ -411,17 +410,25 @@ if ( (sess == NULL) || + SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); + goto f_err; + #else +- goto decryption_failed_or_bad_record_mac; ++ decryption_failed_or_bad_record_mac = 1; + #endif + } + rr->length-=mac_size; + i=s->method->ssl3_enc->mac(s,md,0); + if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + { +- goto decryption_failed_or_bad_record_mac; ++ decryption_failed_or_bad_record_mac = 1; + } + } + ++ if (decryption_failed_or_bad_record_mac) ++ { ++ /* decryption failed, silently discard message */ ++ rr->length = 0; ++ s->packet_length = 0; ++ goto err; ++ } ++ + /* r->length is now just compressed */ + if (s->expand != NULL) + { +@@ -460,14 +467,6 @@ if ( (sess == NULL) || + dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ + return(1); + +-decryption_failed_or_bad_record_mac: +- /* Separate 'decryption_failed' alert was introduced with TLS 1.0, +- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption +- * failure is directly visible from the ciphertext anyway, +- * we should not reveal which kind of error occured -- this +- * might become visible to an attacker (e.g. via logfile) */ +- al=SSL_AD_BAD_RECORD_MAC; +- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); + err: +@@ -500,8 +499,7 @@ int dtls1_get_record(SSL *s) + + /* The epoch may have changed. If so, process all the + * pending records. This is a non-blocking operation. */ +- if ( ! dtls1_process_buffered_records(s)) +- return 0; ++ dtls1_process_buffered_records(s); + + /* if we're renegotiating, then there may be buffered records */ + if (dtls1_get_processed_record(s)) +@@ -621,8 +619,12 @@ again: + goto again; + } + +- if ( ! dtls1_process_record(s)) +- return(0); ++ if (!dtls1_process_record(s)) ++ { ++ rr->length = 0; ++ s->packet_length=0; /* dump this record */ ++ goto again; /* get another record */ ++ } + + dtls1_clear_timeouts(s); /* done waiting */ + return(1); --- openssl-0.9.8k.orig/debian/patches/debian-targets.patch +++ openssl-0.9.8k/debian/patches/debian-targets.patch @@ -0,0 +1,53 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-02-16 09:44:22.000000000 +0100 ++++ openssl-0.9.8k/Configure 2009-07-19 11:37:38.000000000 +0200 +@@ -320,6 +320,48 @@ + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:-DTERMIO -O3 -Wa,--noexecstack -mcpu=ev4 -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:-DTERMIO -O3 -Wa,--noexecstack -mcpu=ev5 -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-arm","gcc:-DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armeb","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++#"debian-amd64","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm_linux}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++#"debian-freebsd-alpha","gcc:-DTERMIOS -O -Wa,--noexecstack -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++#"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i486 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mv8 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:-DTERMIOS -O3 -Wa,--noexecstack -g::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-O2 -Wa,--noexecstack -g -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_UNROLL DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -mcpu=v8 -g -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO -O3 -mcpu=v9 -Wa,--noexecstack -Wa,-Av8plus -g -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + #### + #### Variety of LINUX:-) + #### --- openssl-0.9.8k.orig/debian/patches/CVE-2010-2939.patch +++ openssl-0.9.8k/debian/patches/CVE-2010-2939.patch @@ -0,0 +1,16 @@ +Description: fix denial of service and possible code execution via + crafted private key with an invalid prime. +Origin: other, http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594415 + +diff -Nur openssl-0.9.8k/ssl/s3_clnt.c openssl-0.9.8k.new/ssl/s3_clnt.c +--- openssl-0.9.8k/ssl/s3_clnt.c 2010-10-06 16:53:50.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/s3_clnt.c 2010-10-06 16:54:08.000000000 -0400 +@@ -1375,6 +1375,7 @@ + s->session->sess_cert->peer_ecdh_tmp=ecdh; + ecdh=NULL; + BN_CTX_free(bn_ctx); ++ bn_ctx = NULL; + EC_POINT_free(srvr_ecpoint); + srvr_ecpoint = NULL; + } --- openssl-0.9.8k.orig/debian/patches/man-section.patch +++ openssl-0.9.8k/debian/patches/man-section.patch @@ -0,0 +1,32 @@ +Index: openssl-0.9.8k/Makefile.org +=================================================================== +--- openssl-0.9.8k.orig/Makefile.org 2009-07-19 11:34:06.000000000 +0200 ++++ openssl-0.9.8k/Makefile.org 2009-07-19 11:37:21.000000000 +0200 +@@ -155,7 +155,8 @@ + MANDIR=/usr/share/man + MAN1=1 + MAN3=3 +-MANSUFFIX= ++MANSUFFIX=ssl ++MANSECTION=SSL + SHELL=/bin/sh + + TOP= . +@@ -694,7 +695,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ +@@ -711,7 +712,7 @@ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ +- --section=$$sec --center=OpenSSL \ ++ --section=$${sec}$(MANSECTION) --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ --- openssl-0.9.8k.orig/debian/patches/CVE-2011-4109.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-4109.patch @@ -0,0 +1,76 @@ +Origin: http://cvs.openssl.org/chngview?cn=21941 +Subject: Fix double free in policy check code (CVE-2011-4109) + +Stop policy check failure freeing same buffer twice. +[Ben Laurie, Kasper ] + +CVE-2011-4109 + +[Ubuntu note: patch differs from upstream as the CHANGES file + modifications were dropped to reduce patch conflicts. + +--- + crypto/x509v3/pcy_map.c | 10 ++++++---- + crypto/x509v3/pcy_tree.c | 5 ++++- + 2 files changed, 10 insertions(+), 5 deletions(-) + +Index: b/crypto/x509v3/pcy_map.c +=================================================================== +--- a/crypto/x509v3/pcy_map.c ++++ b/crypto/x509v3/pcy_map.c +@@ -70,8 +70,6 @@ static int ref_cmp(const X509_POLICY_REF + + static void policy_map_free(X509_POLICY_REF *map) + { +- if (map->subjectDomainPolicy) +- ASN1_OBJECT_free(map->subjectDomainPolicy); + OPENSSL_free(map); + } + +@@ -95,6 +93,7 @@ int policy_cache_set_mapping(X509 *x, PO + { + POLICY_MAPPING *map; + X509_POLICY_REF *ref = NULL; ++ ASN1_OBJECT *subjectDomainPolicyRef; + X509_POLICY_DATA *data; + X509_POLICY_CACHE *cache = x->policy_cache; + int i; +@@ -153,13 +152,16 @@ int policy_cache_set_mapping(X509 *x, PO + if (!sk_ASN1_OBJECT_push(data->expected_policy_set, + map->subjectDomainPolicy)) + goto bad_mapping; ++ /* map->subjectDomainPolicy will be freed when ++ * cache->data is freed. Set it to NULL to avoid double-free. */ ++ subjectDomainPolicyRef = map->subjectDomainPolicy; ++ map->subjectDomainPolicy = NULL; + + ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); + if (!ref) + goto bad_mapping; + +- ref->subjectDomainPolicy = map->subjectDomainPolicy; +- map->subjectDomainPolicy = NULL; ++ ref->subjectDomainPolicy = subjectDomainPolicyRef; + ref->data = data; + + if (!sk_X509_POLICY_REF_push(cache->maps, ref)) +Index: b/crypto/x509v3/pcy_tree.c +=================================================================== +--- a/crypto/x509v3/pcy_tree.c ++++ b/crypto/x509v3/pcy_tree.c +@@ -612,6 +612,10 @@ int X509_policy_check(X509_POLICY_TREE * + case 2: + return 1; + ++ /* Some internal error */ ++ case -1: ++ return -1; ++ + /* Some internal error */ + case 0: + return 0; +@@ -691,4 +695,3 @@ int X509_policy_check(X509_POLICY_TREE * + return 0; + + } +- --- openssl-0.9.8k.orig/debian/patches/CVE-2012-0884-extra.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-0884-extra.patch @@ -0,0 +1,79 @@ +Origin: http://cvs.openssl.org/chngview?cn=22161 + and http://cvs.openssl.org/chngview?cn=22537 +Subject: Detect symmetric crypto errors in PKCS7_decrypt and initialise + tkeylen properly + + Thanks to Ivan Nestlerode for reporting + this bug. + + Initialise tkeylen properly when encrypting CMS messages. + Thanks to Solar Designer of Openwall for reporting this issue. + [Steve Henson] + +--- + crypto/cms/cms_enc.c | 4 ++-- + crypto/pkcs7/pk7_smime.c | 19 +++++++++++++++++-- + 2 files changed, 19 insertions(+), 4 deletions(-) + +Index: b/crypto/pkcs7/pk7_smime.c +=================================================================== +--- a/crypto/pkcs7/pk7_smime.c ++++ b/crypto/pkcs7/pk7_smime.c +@@ -486,15 +486,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *p + return 0; + } + ret = SMIME_text(bread, data); ++ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) ++ { ++ if (!BIO_get_cipher_status(tmpmem)) ++ ret = 0; ++ } + BIO_free_all(bread); + return ret; + } else { + for(;;) { + i = BIO_read(tmpmem, buf, sizeof(buf)); +- if(i <= 0) break; ++ if(i <= 0) ++ { ++ ret = 1; ++ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) ++ { ++ if (!BIO_get_cipher_status(tmpmem)) ++ ret = 0; ++ } ++ ++ break; ++ } + BIO_write(data, buf, i); + } + BIO_free_all(tmpmem); +- return 1; ++ return ret; + } + } +Index: b/crypto/cms/cms_enc.c +=================================================================== +--- a/crypto/cms/cms_enc.c ++++ b/crypto/cms/cms_enc.c +@@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } ++ tkeylen = EVP_CIPHER_CTX_key_length(ctx); + /* Generate random session key */ + if (!enc || !ec->key) + { +- tkeylen = EVP_CIPHER_CTX_key_length(ctx); + tkey = OPENSSL_malloc(tkeylen); + if (!tkey) + { +@@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + /* Only reveal failure if debugging so we don't + * leak information which may be useful in MMA. + */ +- if (ec->debug) ++ if (enc || ec->debug) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + CMS_R_INVALID_KEY_LENGTH); --- openssl-0.9.8k.orig/debian/patches/CVE-2006-7250+2012-1165.patch +++ openssl-0.9.8k/debian/patches/CVE-2006-7250+2012-1165.patch @@ -0,0 +1,23 @@ +Origin: http://cvs.openssl.org/chngview?cn=22243 (assumes 22144) +Description: fix for CVE-2006-7250 and CVE-2012-1165 +Index: openssl-0.9.8o/crypto/asn1/asn_mime.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/asn1/asn_mime.c 2009-03-08 18:05:34.000000000 -0500 ++++ openssl-0.9.8o/crypto/asn1/asn_mime.c 2012-04-16 15:53:15.000000000 -0500 +@@ -790,12 +790,16 @@ + static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b) + { ++ if (!(*a)->name || !(*b)->name) ++ return !!(*a)->name - !!(*b)->name; + return(strcmp((*a)->name, (*b)->name)); + } + + static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b) + { ++ if (!(*a)->param_name || !(*b)->param_name) ++ return !!(*a)->param_name - !!(*b)->param_name; + return(strcmp((*a)->param_name, (*b)->param_name)); + } + --- openssl-0.9.8k.orig/debian/patches/CVE-2012-2333.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-2333.patch @@ -0,0 +1,29 @@ +Origin: http://cvs.openssl.org/chngview?cn=22558 +Subject: Sanity check record length before skipping explicit IV in + TLS 1.2, 1.1 and DTLS to fix DoS attack. + + *) Sanity check record length before skipping explicit IV in TLS + 1.2, 1.1 and DTLS to avoid DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + +--- + ssl/d1_enc.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +Index: b/ssl/d1_enc.c +=================================================================== +--- a/ssl/d1_enc.c ++++ b/ssl/d1_enc.c +@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) + } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ +- if (i > (int)rec->length) ++ if (i + bs > (int)rec->length) + { + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is --- openssl-0.9.8k.orig/debian/patches/dtls-compatibility.patch +++ openssl-0.9.8k/debian/patches/dtls-compatibility.patch @@ -0,0 +1,153 @@ +Description: DTLS interopability patch backported from 0.9.8m +Origin: upstream, http://cvs.openssl.org/chngview?cn=18037 +Origin: upstream, http://cvs.openssl.org/chngview?cn=18041 +Ubuntu-Bug: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/516318 +Bug: http://rt.openssl.org/Ticket/Display.html?id=1751&user=guest&pass=guest + +diff -Nur openssl-0.9.8k/ssl/d1_clnt.c openssl-0.9.8k.new/ssl/d1_clnt.c +--- openssl-0.9.8k/ssl/d1_clnt.c 2008-06-04 14:35:25.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_clnt.c 2010-03-26 08:31:00.000000000 -0400 +@@ -130,7 +130,7 @@ + + static SSL_METHOD *dtls1_get_client_method(int ver) + { +- if (ver == DTLS1_VERSION) ++ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + return(DTLSv1_client_method()); + else + return(NULL); +@@ -181,7 +181,8 @@ + s->server=0; + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); + +- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) ++ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && ++ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) + { + SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); + ret = -1; +diff -Nur openssl-0.9.8k/ssl/d1_lib.c openssl-0.9.8k.new/ssl/d1_lib.c +--- openssl-0.9.8k/ssl/d1_lib.c 2008-10-13 02:43:05.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_lib.c 2010-03-26 08:31:00.000000000 -0400 +@@ -187,7 +187,10 @@ + void dtls1_clear(SSL *s) + { + ssl3_clear(s); +- s->version=DTLS1_VERSION; ++ if (s->options & SSL_OP_CISCO_ANYCONNECT) ++ s->version=DTLS1_BAD_VER; ++ else ++ s->version=DTLS1_VERSION; + } + + /* +diff -Nur openssl-0.9.8k/ssl/d1_pkt.c openssl-0.9.8k.new/ssl/d1_pkt.c +--- openssl-0.9.8k/ssl/d1_pkt.c 2010-03-26 08:30:47.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_pkt.c 2010-03-26 08:31:00.000000000 -0400 +@@ -991,15 +991,17 @@ + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) + { + struct ccs_header_st ccs_hdr; ++ unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; + + dtls1_get_ccs_header(rr->data, &ccs_hdr); + + /* 'Change Cipher Spec' is just a single byte, so we know + * exactly what the record payload has to look like */ + /* XDTLS: check that epoch is consistent */ +- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || +- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || +- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) ++ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER) ++ ccs_hdr_len = 3; ++ ++ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) + { + i=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); +@@ -1315,7 +1317,7 @@ + #if 0 + /* 'create_empty_fragment' is true only when this function calls itself */ + if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done +- && SSL_version(s) != DTLS1_VERSION) ++ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) + { + /* countermeasure against known-IV weakness in CBC ciphersuites + * (see http://www.openssl.org/~bodo/tls-cbc.txt) +diff -Nur openssl-0.9.8k/ssl/s3_clnt.c openssl-0.9.8k.new/ssl/s3_clnt.c +--- openssl-0.9.8k/ssl/s3_clnt.c 2009-02-14 16:50:14.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/s3_clnt.c 2010-03-26 08:31:00.000000000 -0400 +@@ -708,7 +708,7 @@ + + if (!ok) return((int)n); + +- if ( SSL_version(s) == DTLS1_VERSION) ++ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) + { + if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) + { +diff -Nur openssl-0.9.8k/ssl/ssl.h openssl-0.9.8k.new/ssl/ssl.h +--- openssl-0.9.8k/ssl/ssl.h 2008-08-13 15:44:44.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl.h 2010-03-26 08:31:00.000000000 -0400 +@@ -510,6 +510,8 @@ + #define SSL_OP_COOKIE_EXCHANGE 0x00002000L + /* Don't use RFC4507 ticket extension */ + #define SSL_OP_NO_TICKET 0x00004000L ++/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ ++#define SSL_OP_CISCO_ANYCONNECT 0x00008000L + + /* As server, disallow session resumption on renegotiation */ + #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +diff -Nur openssl-0.9.8k/ssl/ssl_lib.c openssl-0.9.8k.new/ssl/ssl_lib.c +--- openssl-0.9.8k/ssl/ssl_lib.c 2009-02-23 11:02:47.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/ssl_lib.c 2010-03-26 08:31:01.000000000 -0400 +@@ -995,7 +995,8 @@ + s->max_cert_list=larg; + return(l); + case SSL_CTRL_SET_MTU: +- if (SSL_version(s) == DTLS1_VERSION) ++ if (SSL_version(s) == DTLS1_VERSION || ++ SSL_version(s) == DTLS1_BAD_VER) + { + s->d1->mtu = larg; + return larg; +diff -Nur openssl-0.9.8k/ssl/ssl_sess.c openssl-0.9.8k.new/ssl/ssl_sess.c +--- openssl-0.9.8k/ssl/ssl_sess.c 2008-06-04 14:35:27.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl_sess.c 2010-03-26 08:31:01.000000000 -0400 +@@ -211,6 +211,11 @@ + ss->ssl_version=TLS1_VERSION; + ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; + } ++ else if (s->version == DTLS1_BAD_VER) ++ { ++ ss->ssl_version=DTLS1_BAD_VER; ++ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; ++ } + else if (s->version == DTLS1_VERSION) + { + ss->ssl_version=DTLS1_VERSION; +diff -Nur openssl-0.9.8k/ssl/t1_enc.c openssl-0.9.8k.new/ssl/t1_enc.c +--- openssl-0.9.8k/ssl/t1_enc.c 2009-01-05 09:43:07.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/t1_enc.c 2010-03-26 08:31:01.000000000 -0400 +@@ -765,10 +765,10 @@ + HMAC_CTX_init(&hmac); + HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); + +- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) ++ if (ssl->version == DTLS1_BAD_VER || ++ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)) + { + unsigned char dtlsseq[8],*p=dtlsseq; +- + s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); + memcpy (p,&seq[2],6); + +@@ -793,7 +793,7 @@ + {unsigned int z; for (z=0; zlength; z++) printf("%02X ",buf[z]); printf("\n"); } + #endif + +- if ( SSL_version(ssl) != DTLS1_VERSION) ++ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER) + { + for (i=7; i>=0; i--) + { --- openssl-0.9.8k.orig/debian/patches/no_check_self_signed.patch +++ openssl-0.9.8k/debian/patches/no_check_self_signed.patch @@ -0,0 +1,39 @@ +Description: Don't check self signed certificate signatures in + X509_verify_cert(): it just wastes time without adding any security. As a + useful side effect self signed root CAs with non-FIPS digests are now usable + in FIPS mode. [Steve Henson] +Origin: upstream, http://cvs.openssl.org/chngview?cn=18260 +Bug-Debian: http://bugs.debian.org/541735 + +Index: openssl/crypto/x509/x509_vfy.c +RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v +rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null +--- x509_vfy.c 2008/07/13 14:33:15 1.77.2.8 ++++ x509_vfy.c 2009/06/15 14:52:38 1.77.2.9 +@@ -986,7 +986,11 @@ + while (n >= 0) + { + ctx->error_depth=n; +- if (!xs->valid) ++ ++ /* Skip signature check for self signed certificates. It ++ * doesn't add any security and just wastes time. ++ */ ++ if (!xs->valid && xs != xi) + { + if ((pkey=X509_get_pubkey(xi)) == NULL) + { +@@ -996,13 +1000,6 @@ + if (!ok) goto end; + } + else if (X509_verify(xs,pkey) <= 0) +- /* XXX For the final trusted self-signed cert, +- * this is a waste of time. That check should +- * optional so that e.g. 'openssl x509' can be +- * used to detect invalid self-signatures, but +- * we don't verify again and again in SSL +- * handshakes and the like once the cert has +- * been declared trusted. */ + { + ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; + ctx->current_cert=xs; --- openssl-0.9.8k.orig/debian/patches/CVE-2009-3555-RFC5746.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-3555-RFC5746.patch @@ -0,0 +1,1807 @@ +Description: backport rfc5746 support to fix TLS renegotiation flaw +Origin: upstream, from OpenSSL_0_9_8-stable branch: + r18790,r18804,r18806,r18816,r18880,r18881,r18884,r18923,r18945,r18948, + r18950,r18953,r18968,r18971,r18973,r18975,r18978,r18979,r18980,r18986, + r18989,r19013,r19038,r19049,r19050,r19062,r19086,r19101,r19102,r19126, + r19139,r19211,r19214,r19270,r19282,r19290,r19293,r19298 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/484417 + +diff -Nur openssl-0.9.8k/apps/s_cb.c openssl-0.9.8k.new/apps/s_cb.c +--- openssl-0.9.8k/apps/s_cb.c 2007-08-12 14:58:59.000000000 -0400 ++++ openssl-0.9.8k.new/apps/s_cb.c 2010-06-23 16:14:39.000000000 -0400 +@@ -621,6 +621,9 @@ + extname = "server ticket"; + break; + ++ case TLSEXT_TYPE_renegotiate: ++ extname = "renegotiate"; ++ break; + + default: + extname = "unknown"; +diff -Nur openssl-0.9.8k/apps/s_client.c openssl-0.9.8k.new/apps/s_client.c +--- openssl-0.9.8k/apps/s_client.c 2008-12-20 12:04:08.000000000 -0500 ++++ openssl-0.9.8k.new/apps/s_client.c 2010-06-23 16:21:22.000000000 -0400 +@@ -249,6 +249,7 @@ + BIO_printf(bio_err," -status - request certificate status from server\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + #endif ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + } + + #ifndef OPENSSL_NO_TLSEXT +@@ -286,7 +287,7 @@ + + int MAIN(int argc, char **argv) + { +- int off=0; ++ int off=0, clr = 0; + SSL *con=NULL,*con2=NULL; + X509_STORE *store = NULL; + int s,k,width,state=0; +@@ -535,6 +536,12 @@ + #endif + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; ++ else if (strcmp(*argv,"-legacy_server_connect") == 0) ++ { off|=SSL_OP_LEGACY_SERVER_CONNECT; } ++ else if (strcmp(*argv,"-no_legacy_server_connect") == 0) ++ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +@@ -709,6 +716,9 @@ + SSL_CTX_set_options(ctx,SSL_OP_ALL|off); + else + SSL_CTX_set_options(ctx,off); ++ ++ if (clr) ++ SSL_CTX_clear_options(ctx, clr); + /* DTLS: partial reads end up discarding unread UDP bytes :-( + * Setting read ahead solves this problem. + */ +@@ -1511,6 +1521,8 @@ + EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + } ++ BIO_printf(bio, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); + #ifndef OPENSSL_NO_COMP + comp=SSL_get_current_compression(s); + expansion=SSL_get_current_expansion(s); +diff -Nur openssl-0.9.8k/apps/s_server.c openssl-0.9.8k.new/apps/s_server.c +--- openssl-0.9.8k/apps/s_server.c 2008-12-20 12:04:08.000000000 -0500 ++++ openssl-0.9.8k.new/apps/s_server.c 2010-06-23 16:18:50.000000000 -0400 +@@ -405,6 +405,7 @@ + BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + #endif + } + +@@ -921,6 +922,8 @@ + } + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +@@ -2002,6 +2005,8 @@ + con->kssl_ctx->client_princ); + } + #endif /* OPENSSL_NO_KRB5 */ ++ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + return(1); + } + +diff -Nur openssl-0.9.8k/doc/ssl/SSL_CTX_set_options.pod openssl-0.9.8k.new/doc/ssl/SSL_CTX_set_options.pod +--- openssl-0.9.8k/doc/ssl/SSL_CTX_set_options.pod 2007-08-23 18:53:57.000000000 -0400 ++++ openssl-0.9.8k.new/doc/ssl/SSL_CTX_set_options.pod 2010-06-23 16:24:12.000000000 -0400 +@@ -2,7 +2,7 @@ + + =head1 NAME + +-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options ++SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options + + =head1 SYNOPSIS + +@@ -11,26 +11,41 @@ + long SSL_CTX_set_options(SSL_CTX *ctx, long options); + long SSL_set_options(SSL *ssl, long options); + ++ long SSL_CTX_clear_options(SSL_CTX *ctx, long options); ++ long SSL_clear_options(SSL *ssl, long options); ++ + long SSL_CTX_get_options(SSL_CTX *ctx); + long SSL_get_options(SSL *ssl); + ++ long SSL_get_secure_renegotiation_support(SSL *ssl); ++ + =head1 DESCRIPTION + ++Note: all these functions are implemented using macros. ++ + SSL_CTX_set_options() adds the options set via bitmask in B to B. + Options already set before are not cleared! + + SSL_set_options() adds the options set via bitmask in B to B. + Options already set before are not cleared! + ++SSL_CTX_clear_options() clears the options set via bitmask in B ++to B. ++ ++SSL_clear_options() clears the options set via bitmask in B to B. ++ + SSL_CTX_get_options() returns the options set for B. + + SSL_get_options() returns the options set for B. + ++SSL_get_secure_renegotiation_support() indicates whether the peer supports ++secure renegotiation. ++ + =head1 NOTES + + The behaviour of the SSL library can be changed by setting several options. + The options are coded as bitmasks and can be combined by a logical B +-operation (|). Options can only be added but can never be reset. ++operation (|). + + SSL_CTX_set_options() and SSL_set_options() affect the (external) + protocol behaviour of the SSL library. The (internal) behaviour of +@@ -199,7 +214,7 @@ + + When performing renegotiation as a server, always start a new session + (i.e., session resumption requests are only accepted in the initial +-handshake). This option is not needed for clients. ++handshake). This option is not needed for clients. + + =item SSL_OP_NO_TICKET + +@@ -210,15 +225,107 @@ + If this option is set this functionality is disabled and tickets will + not be used by clients or servers. + ++=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ++ ++Allow legacy insecure renegotiation between OpenSSL and unpatched clients or ++servers. See the B section for more details. ++ ++=item SSL_OP_LEGACY_SERVER_CONNECT ++ ++Allow legacy insecure renegotiation between OpenSSL and unpatched servers ++B: this option is currently set by default. See the ++B section for more details. ++ + =back + ++=head1 SECURE RENEGOTIATION ++ ++OpenSSL 0.9.8m and later always attempts to use secure renegotiation as ++described in RFC5746. This counters the prefix attack described in ++CVE-2009-3555 and elsewhere. ++ ++The deprecated and highly broken SSLv2 protocol does not support ++renegotiation at all: its use is B discouraged. ++ ++This attack has far reaching consequences which application writers should be ++aware of. In the description below an implementation supporting secure ++renegotiation is referred to as I. A server not supporting secure ++renegotiation is referred to as I. ++ ++The following sections describe the operations permitted by OpenSSL's secure ++renegotiation implementation. ++ ++=head2 Patched client and server ++ ++Connections and renegotiation are always permitted by OpenSSL implementations. ++ ++=head2 Unpatched client and patched OpenSSL server ++ ++The initial connection suceeds but client renegotiation is denied by the ++server with a B warning alert if TLS v1.0 is used or a fatal ++B alert in SSL v3.0. ++ ++If the patched OpenSSL server attempts to renegotiate a fatal ++B alert is sent. This is because the server code may be ++unaware of the unpatched nature of the client. ++ ++If the option B is set then ++renegotiation B succeeds. ++ ++B a bug in OpenSSL clients earlier than 0.9.8m (all of which are ++unpatched) will result in the connection hanging if it receives a ++B alert. OpenSSL versions 0.9.8m and later will regard ++a B alert as fatal and respond with a fatal ++B alert. This is because the OpenSSL API currently has ++no provision to indicate to an application that a renegotiation attempt ++was refused. ++ ++=head2 Patched OpenSSL client and unpatched server. ++ ++If the option B or ++B is set then initial connections ++and renegotiation between patched OpenSSL clients and unpatched servers ++succeeds. If neither option is set then initial connections to unpatched ++servers will fail. ++ ++The option B is currently set by default even ++though it has security implications: otherwise it would be impossible to ++connect to unpatched servers (i.e. all of them initially) and this is clearly ++not acceptable. Renegotiation is permitted because this does not add any ++additional security issues: during an attack clients do not see any ++renegotiations anyway. ++ ++As more servers become patched the option B will ++B be set by default in a future version of OpenSSL. ++ ++OpenSSL client applications wishing to ensure they can connect to unpatched ++servers should always B B ++ ++OpenSSL client applications that want to ensure they can B connect to ++unpatched servers (and thus avoid any security issues) should always B ++B using SSL_CTX_clear_options() or ++SSL_clear_options(). ++ ++The difference between the B and ++B options is that ++B enables initial connections and secure ++renegotiation between OpenSSL clients and unpatched servers B, while ++B allows initial connections ++and renegotiation between OpenSSL and unpatched clients or servers. ++ + =head1 RETURN VALUES + + SSL_CTX_set_options() and SSL_set_options() return the new options bitmask + after adding B. + ++SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask ++after clearing B. ++ + SSL_CTX_get_options() and SSL_get_options() return the current bitmask. + ++SSL_get_secure_renegotiation_support() returns 1 is the peer supports ++secure renegotiation and 0 if it does not. ++ + =head1 SEE ALSO + + L, L, L, +@@ -241,4 +348,11 @@ + can be disabled with this option (in OpenSSL 0.9.6d, it was always + enabled). + ++SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL ++0.9.8m. ++ ++B, B ++and the function SSL_get_secure_renegotiation_support() were first added in ++OpenSSL 0.9.8m. ++ + =cut +diff -Nur openssl-0.9.8k/ssl/d1_both.c openssl-0.9.8k.new/ssl/d1_both.c +--- openssl-0.9.8k/ssl/d1_both.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_both.c 2010-06-23 16:15:07.000000000 -0400 +@@ -750,6 +750,24 @@ + p+=i; + l=i; + ++ /* Copy the finished so we can use it for ++ * renegotiation checks ++ */ ++ if(s->type == SSL_ST_CONNECT) ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_client_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_client_finished_len=i; ++ } ++ else ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_server_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_server_finished_len=i; ++ } ++ + #ifdef OPENSSL_SYS_WIN16 + /* MSVC 1.5 does not clear the top bytes of the word unless + * I do this. +diff -Nur openssl-0.9.8k/ssl/d1_clnt.c openssl-0.9.8k.new/ssl/d1_clnt.c +--- openssl-0.9.8k/ssl/d1_clnt.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_clnt.c 2010-06-23 16:21:47.000000000 -0400 +@@ -278,15 +278,43 @@ + + case SSL3_ST_CR_CERT_A: + case SSL3_ST_CR_CERT_B: ++#ifndef OPENSSL_NO_TLSEXT ++ ret=ssl3_check_finished(s); ++ if (ret <= 0) goto end; ++ if (ret == 2) ++ { ++ s->hit = 1; ++ if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_CR_SESSION_TICKET_A; ++ else ++ s->state=SSL3_ST_CR_FINISHED_A; ++ s->init_num=0; ++ break; ++ } ++#endif + /* Check if it is anon DH */ + if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) + { + ret=ssl3_get_server_certificate(s); + if (ret <= 0) goto end; ++#ifndef OPENSSL_NO_TLSEXT ++ if (s->tlsext_status_expected) ++ s->state=SSL3_ST_CR_CERT_STATUS_A; ++ else ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ } ++ else ++ { ++ skip = 1; ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ } ++#else + } + else + skip=1; ++ + s->state=SSL3_ST_CR_KEY_EXCH_A; ++#endif + s->init_num=0; + break; + +@@ -424,6 +452,13 @@ + } + else + { ++#ifndef OPENSSL_NO_TLSEXT ++ /* Allow NewSessionTicket if ticket expected */ ++ if (s->tlsext_ticket_expected) ++ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; ++ else ++#endif ++ + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; + } + s->init_num=0; +@@ -432,6 +467,24 @@ + + break; + ++#ifndef OPENSSL_NO_TLSEXT ++ case SSL3_ST_CR_SESSION_TICKET_A: ++ case SSL3_ST_CR_SESSION_TICKET_B: ++ ret=ssl3_get_new_session_ticket(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_CR_FINISHED_A; ++ s->init_num=0; ++ break; ++ ++ case SSL3_ST_CR_CERT_STATUS_A: ++ case SSL3_ST_CR_CERT_STATUS_B: ++ ret=ssl3_get_cert_status(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_CR_KEY_EXCH_A; ++ s->init_num=0; ++ break; ++#endif ++ + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + +@@ -542,8 +595,14 @@ + buf=(unsigned char *)s->init_buf->data; + if (s->state == SSL3_ST_CW_CLNT_HELLO_A) + { ++ SSL_SESSION *sess = s->session; + if ((s->session == NULL) || + (s->session->ssl_version != s->version) || ++#ifdef OPENSSL_NO_TLSEXT ++ !sess->session_id_length || ++#else ++ (!sess->session_id_length && !sess->tlsext_tick) || ++#endif + (s->session->not_resumable)) + { + if (!ssl_get_new_session(s,0)) +@@ -622,7 +681,15 @@ + *(p++)=comp->id; + } + *(p++)=0; /* Add the NULL method */ +- ++ ++#ifndef OPENSSL_NO_TLSEXT ++ if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ { ++ SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++#endif ++ + l=(p-d); + d=buf; + +diff -Nur openssl-0.9.8k/ssl/d1_srvr.c openssl-0.9.8k.new/ssl/d1_srvr.c +--- openssl-0.9.8k/ssl/d1_srvr.c 2008-09-14 10:02:01.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/d1_srvr.c 2010-06-23 16:23:11.000000000 -0400 +@@ -267,7 +267,6 @@ + s->shutdown=0; + ret=ssl3_get_client_hello(s); + if (ret <= 0) goto end; +- s->new_session = 2; + + if ( s->d1->send_cookie) + s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; +@@ -293,11 +292,22 @@ + + case SSL3_ST_SW_SRVR_HELLO_A: + case SSL3_ST_SW_SRVR_HELLO_B: ++ s->new_session = 2; + ret=dtls1_send_server_hello(s); + if (ret <= 0) goto end; + ++#ifndef OPENSSL_NO_TLSEXT + if (s->hit) +- s->state=SSL3_ST_SW_CHANGE_A; ++ { ++ if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_SW_SESSION_TICKET_A; ++ else ++ s->state=SSL3_ST_SW_CHANGE_A; ++ } ++#else ++ if (s->hit) ++ s->state=SSL3_ST_SW_CHANGE_A; ++#endif + else + s->state=SSL3_ST_SW_CERT_A; + s->init_num=0; +@@ -310,10 +320,24 @@ + { + ret=dtls1_send_server_certificate(s); + if (ret <= 0) goto end; ++#ifndef OPENSSL_NO_TLSEXT ++ if (s->tlsext_status_expected) ++ s->state=SSL3_ST_SW_CERT_STATUS_A; ++ else ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ } ++ else ++ { ++ skip = 1; ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ } ++#else + } + else + skip=1; ++ + s->state=SSL3_ST_SW_KEY_EXCH_A; ++#endif + s->init_num=0; + break; + +@@ -474,11 +498,34 @@ + if (ret <= 0) goto end; + if (s->hit) + s->state=SSL_ST_OK; ++#ifndef OPENSSL_NO_TLSEXT ++ else if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_SW_SESSION_TICKET_A; ++#endif + else + s->state=SSL3_ST_SW_CHANGE_A; + s->init_num=0; + break; + ++#ifndef OPENSSL_NO_TLSEXT ++ case SSL3_ST_SW_SESSION_TICKET_A: ++ case SSL3_ST_SW_SESSION_TICKET_B: ++ ret=dtls1_send_newsession_ticket(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_SW_CHANGE_A; ++ s->init_num=0; ++ break; ++ ++ case SSL3_ST_SW_CERT_STATUS_A: ++ case SSL3_ST_SW_CERT_STATUS_B: ++ ret=ssl3_send_cert_status(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_SW_KEY_EXCH_A; ++ s->init_num=0; ++ break; ++ ++#endif ++ + case SSL3_ST_SW_CHANGE_A: + case SSL3_ST_SW_CHANGE_B: + +@@ -713,6 +760,8 @@ + p+=sl; + + /* put the cipher */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return -1; + i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); + p+=i; + +@@ -726,6 +775,14 @@ + *(p++)=s->s3->tmp.new_compression->id; + #endif + ++#ifndef OPENSSL_NO_TLSEXT ++ if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) ++ { ++ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); ++ return -1; ++ } ++#endif ++ + /* do the header */ + l=(p-d); + d=buf; +@@ -1145,3 +1202,114 @@ + /* SSL3_ST_SW_CERT_B */ + return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); + } ++ ++#ifndef OPENSSL_NO_TLSEXT ++int dtls1_send_newsession_ticket(SSL *s) ++ { ++ if (s->state == SSL3_ST_SW_SESSION_TICKET_A) ++ { ++ unsigned char *p, *senc, *macstart; ++ int len, slen; ++ unsigned int hlen, msg_len; ++ EVP_CIPHER_CTX ctx; ++ HMAC_CTX hctx; ++ SSL_CTX *tctx = s->initial_ctx; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ unsigned char key_name[16]; ++ ++ /* get session encoding length */ ++ slen = i2d_SSL_SESSION(s->session, NULL); ++ /* Some length values are 16 bits, so forget it if session is ++ * too long ++ */ ++ if (slen > 0xFF00) ++ return -1; ++ /* Grow buffer if need be: the length calculation is as ++ * follows 12 (DTLS handshake message header) + ++ * 4 (ticket lifetime hint) + 2 (ticket length) + ++ * 16 (key name) + max_iv_len (iv length) + ++ * session_length + max_enc_block_size (max encrypted session ++ * length) + max_md_size (HMAC). ++ */ ++ if (!BUF_MEM_grow(s->init_buf, ++ DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + ++ EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) ++ return -1; ++ senc = OPENSSL_malloc(slen); ++ if (!senc) ++ return -1; ++ p = senc; ++ i2d_SSL_SESSION(s->session, &p); ++ ++ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); ++ EVP_CIPHER_CTX_init(&ctx); ++ HMAC_CTX_init(&hctx); ++ /* Initialize HMAC and cipher contexts. If callback present ++ * it does all the work otherwise use generated values ++ * from parent ctx. ++ */ ++ if (tctx->tlsext_ticket_key_cb) ++ { ++ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, ++ &hctx, 1) < 0) ++ { ++ OPENSSL_free(senc); ++ return -1; ++ } ++ } ++ else ++ { ++ RAND_pseudo_bytes(iv, 16); ++ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, ++ tctx->tlsext_tick_aes_key, iv); ++ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, ++ tlsext_tick_md(), NULL); ++ memcpy(key_name, tctx->tlsext_tick_key_name, 16); ++ } ++ l2n(s->session->tlsext_tick_lifetime_hint, p); ++ /* Skip ticket length for now */ ++ p += 2; ++ /* Output key name */ ++ macstart = p; ++ memcpy(p, key_name, 16); ++ p += 16; ++ /* output IV */ ++ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); ++ p += EVP_CIPHER_CTX_iv_length(&ctx); ++ /* Encrypt session data */ ++ EVP_EncryptUpdate(&ctx, p, &len, senc, slen); ++ p += len; ++ EVP_EncryptFinal(&ctx, p, &len); ++ p += len; ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ HMAC_Update(&hctx, macstart, p - macstart); ++ HMAC_Final(&hctx, p, &hlen); ++ HMAC_CTX_cleanup(&hctx); ++ ++ p += hlen; ++ /* Now write out lengths: p points to end of data written */ ++ /* Total length */ ++ len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); ++ p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; ++ s2n(len - 18, p); /* Ticket length */ ++ ++ /* number of bytes to write */ ++ s->init_num= len; ++ s->state=SSL3_ST_SW_SESSION_TICKET_B; ++ s->init_off=0; ++ OPENSSL_free(senc); ++ ++ /* XDTLS: set message header ? */ ++ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; ++ dtls1_set_message_header(s, (void *)s->init_buf->data, ++ SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); ++ ++ /* buffer the message to handle re-xmits */ ++ dtls1_buffer_message(s, 0); ++ } ++ ++ /* SSL3_ST_SW_SESSION_TICKET_B */ ++ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); ++ } ++#endif +diff -Nur openssl-0.9.8k/ssl/Makefile openssl-0.9.8k.new/ssl/Makefile +--- openssl-0.9.8k/ssl/Makefile 2008-09-17 13:11:09.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/Makefile 2010-06-23 16:23:44.000000000 -0400 +@@ -30,7 +30,7 @@ + ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ + ssl_ciph.c ssl_stat.c ssl_rsa.c \ + ssl_asn1.c ssl_txt.c ssl_algs.c \ +- bio_ssl.c ssl_err.c kssl.c ++ bio_ssl.c ssl_err.c kssl.c t1_reneg.c + LIBOBJ= \ + s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ + s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ +@@ -41,7 +41,7 @@ + ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ + ssl_ciph.o ssl_stat.o ssl_rsa.o \ + ssl_asn1.o ssl_txt.o ssl_algs.o \ +- bio_ssl.o ssl_err.o kssl.o ++ bio_ssl.o ssl_err.o kssl.o t1_reneg.o + + SRC= $(LIBSRC) + +@@ -994,6 +994,27 @@ + t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h + t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h + t1_meth.o: t1_meth.c ++t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ++t1_reneg.o: ../include/openssl/bn.h ../include/openssl/buffer.h ++t1_reneg.o: ../include/openssl/comp.h ../include/openssl/crypto.h ++t1_reneg.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ++t1_reneg.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ++t1_reneg.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ++t1_reneg.o: ../include/openssl/err.h ../include/openssl/evp.h ++t1_reneg.o: ../include/openssl/fips.h ../include/openssl/hmac.h ++t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h ++t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h ++t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ++t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ++t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ++t1_reneg.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h ++t1_reneg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ++t1_reneg.o: ../include/openssl/sha.h ../include/openssl/ssl.h ++t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ++t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ++t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ++t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h ++t1_reneg.o: t1_reneg.c + t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h + t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h + t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +diff -Nur openssl-0.9.8k/ssl/s3_both.c openssl-0.9.8k.new/ssl/s3_both.c +--- openssl-0.9.8k/ssl/s3_both.c 2005-04-26 12:02:39.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/s3_both.c 2010-06-23 16:14:45.000000000 -0400 +@@ -168,6 +168,23 @@ + p+=i; + l=i; + ++ /* Copy the finished so we can use it for ++ renegotiation checks */ ++ if(s->type == SSL_ST_CONNECT) ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_client_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_client_finished_len=i; ++ } ++ else ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_server_finished, ++ s->s3->tmp.finish_md, i); ++ s->s3->previous_server_finished_len=i; ++ } ++ + #ifdef OPENSSL_SYS_WIN16 + /* MSVC 1.5 does not clear the top bytes of the word unless + * I do this. +@@ -232,6 +249,23 @@ + goto f_err; + } + ++ /* Copy the finished so we can use it for ++ renegotiation checks */ ++ if(s->type == SSL_ST_ACCEPT) ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_client_finished, ++ s->s3->tmp.peer_finish_md, i); ++ s->s3->previous_client_finished_len=i; ++ } ++ else ++ { ++ OPENSSL_assert(i <= EVP_MAX_MD_SIZE); ++ memcpy(s->s3->previous_server_finished, ++ s->s3->tmp.peer_finish_md, i); ++ s->s3->previous_server_finished_len=i; ++ } ++ + return(1); + f_err: + ssl3_send_alert(s,SSL3_AL_FATAL,al); +diff -Nur openssl-0.9.8k/ssl/s3_clnt.c openssl-0.9.8k.new/ssl/s3_clnt.c +--- openssl-0.9.8k/ssl/s3_clnt.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/s3_clnt.c 2010-06-23 16:15:14.000000000 -0400 +@@ -144,9 +144,6 @@ + + static SSL_METHOD *ssl3_get_client_method(int ver); + static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); +-#ifndef OPENSSL_NO_TLSEXT +-static int ssl3_check_finished(SSL *s); +-#endif + + #ifndef OPENSSL_NO_ECDH + static int curve_id2nid(int curve_id); +@@ -855,7 +852,7 @@ + #endif + #ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ +- if (s->version > SSL3_VERSION) ++ if (s->version >= SSL3_VERSION) + { + if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) + { +@@ -1715,6 +1712,7 @@ + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); + goto f_err; + } ++ + p=d=(unsigned char *)s->init_msg; + n2l(p, s->session->tlsext_tick_lifetime_hint); + n2s(p, ticklen); +@@ -2697,7 +2695,7 @@ + */ + + #ifndef OPENSSL_NO_TLSEXT +-static int ssl3_check_finished(SSL *s) ++int ssl3_check_finished(SSL *s) + { + int ok; + long n; +diff -Nur openssl-0.9.8k/ssl/s3_pkt.c openssl-0.9.8k.new/ssl/s3_pkt.c +--- openssl-0.9.8k/ssl/s3_pkt.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/s3_pkt.c 2010-06-23 16:18:55.000000000 -0400 +@@ -1020,7 +1020,25 @@ + * now try again to obtain the (application) data we were asked for */ + goto start; + } +- ++ /* If we are a server and get a client hello when renegotiation isn't ++ * allowed send back a no renegotiation alert and carry on. ++ * WARNING: experimental code, needs reviewing (steve) ++ */ ++ if (s->server && ++ SSL_is_init_finished(s) && ++ !s->s3->send_connection_binding && ++ (s->version > SSL3_VERSION) && ++ (s->s3->handshake_fragment_len >= 4) && ++ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && ++ (s->session != NULL) && (s->session->cipher != NULL) && ++ !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ ++ { ++ /*s->s3->handshake_fragment_len = 0;*/ ++ rr->length = 0; ++ ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); ++ goto start; ++ } + if (s->s3->alert_fragment_len >= 2) + { + int alert_level = s->s3->alert_fragment[0]; +@@ -1050,6 +1068,21 @@ + s->shutdown |= SSL_RECEIVED_SHUTDOWN; + return(0); + } ++ /* This is a warning but we receive it if we requested ++ * renegotiation and the peer denied it. Terminate with ++ * a fatal alert because if application tried to ++ * renegotiatie it presumably had a good reason and ++ * expects it to succeed. ++ * ++ * In future we might have a renegotiation where we ++ * don't care if the peer refused it where we carry on. ++ */ ++ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) ++ { ++ al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION); ++ goto f_err; ++ } + } + else if (alert_level == 2) /* fatal */ + { +diff -Nur openssl-0.9.8k/ssl/s3_srvr.c openssl-0.9.8k.new/ssl/s3_srvr.c +--- openssl-0.9.8k/ssl/s3_srvr.c 2009-01-07 05:48:23.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/s3_srvr.c 2010-06-23 16:23:48.000000000 -0400 +@@ -248,6 +248,18 @@ + s->state=SSL3_ST_SR_CLNT_HELLO_A; + s->ctx->stats.sess_accept++; + } ++ else if (!s->s3->send_connection_binding && ++ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ /* Server attempting to renegotiate with ++ * client that doesn't support secure ++ * renegotiation. ++ */ ++ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ ret = -1; ++ goto end; ++ } + else + { + /* s->state == SSL_ST_RENEGOTIATE, +@@ -952,7 +964,7 @@ + + #ifndef OPENSSL_NO_TLSEXT + /* TLS extensions*/ +- if (s->version > SSL3_VERSION) ++ if (s->version >= SSL3_VERSION) + { + if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) + { +diff -Nur openssl-0.9.8k/ssl/ssl3.h openssl-0.9.8k.new/ssl/ssl3.h +--- openssl-0.9.8k/ssl/ssl3.h 2007-10-11 20:00:30.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl3.h 2010-06-23 16:21:42.000000000 -0400 +@@ -129,6 +129,9 @@ + extern "C" { + #endif + ++/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ ++#define SSL3_CK_SCSV 0x030000FF ++ + #define SSL3_CK_RSA_NULL_MD5 0x03000001 + #define SSL3_CK_RSA_NULL_SHA 0x03000002 + #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +@@ -440,6 +443,12 @@ + int cert_request; + } tmp; + ++ /* Connection binding to prevent renegotiation attacks */ ++ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_client_finished_len; ++ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_server_finished_len; ++ int send_connection_binding; /* TODOEKR */ + } SSL3_STATE; + + +diff -Nur openssl-0.9.8k/ssl/ssl_err.c openssl-0.9.8k.new/ssl/ssl_err.c +--- openssl-0.9.8k/ssl/ssl_err.c 2008-08-13 15:44:44.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl_err.c 2010-06-23 16:21:42.000000000 -0400 +@@ -171,9 +171,11 @@ + {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, + {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, ++{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, + {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, ++{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, + {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, +@@ -215,6 +217,10 @@ + {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, + {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, + {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, ++{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, +@@ -384,6 +390,7 @@ + {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, + {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, + {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, ++{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, + {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, + {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, + {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, +@@ -411,10 +418,14 @@ + {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, + {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, + {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, ++{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, ++{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, ++{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, + {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, + {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, + {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, + {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, ++{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, + {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, + {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, + {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, +@@ -484,6 +495,7 @@ + {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, + {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, + {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, ++{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, + {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, + {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, + {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, +diff -Nur openssl-0.9.8k/ssl/ssl.h openssl-0.9.8k.new/ssl/ssl.h +--- openssl-0.9.8k/ssl/ssl.h 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl.h 2010-06-23 16:21:42.000000000 -0400 +@@ -485,6 +485,8 @@ + + #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L + #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L ++/* Allow initial connection to servers that don't support RI */ ++#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L + #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L + #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L + #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +@@ -515,6 +517,8 @@ + + /* As server, disallow session resumption on renegotiation */ + #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L ++/* Permit unsafe legacy renegotiation */ ++#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L + /* If set, always create a new key when using tmp_ecdh parameters */ + #define SSL_OP_SINGLE_ECDH_USE 0x00080000L + /* If set, always create a new key when using tmp_dh parameters */ +@@ -563,17 +567,25 @@ + + #define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#define SSL_CTX_clear_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) + #define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) + #define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) ++#define SSL_clear_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) + #define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + + #define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) ++#define SSL_CTX_clear_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) + #define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) ++#define SSL_clear_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) + #define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) + #define SSL_get_mode(ssl) \ +@@ -581,6 +593,8 @@ + #define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) + ++#define SSL_get_secure_renegotiation_support(ssl) \ ++ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + + void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); + void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +@@ -1271,6 +1285,10 @@ + #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 + #endif + ++#define SSL_CTRL_GET_RI_SUPPORT 76 ++#define SSL_CTRL_CLEAR_OPTIONS 77 ++#define SSL_CTRL_CLEAR_MODE 78 ++ + #define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) + #define SSL_num_renegotiations(ssl) \ +@@ -1744,9 +1762,11 @@ + #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 + #define SSL_F_SSL3_WRITE_BYTES 158 + #define SSL_F_SSL3_WRITE_PENDING 159 ++#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 + #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 + #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 + #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 ++#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 + #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 + #define SSL_F_SSL_BAD_METHOD 160 + #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +@@ -1788,6 +1808,10 @@ + #define SSL_F_SSL_INIT_WBIO_BUFFER 184 + #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 + #define SSL_F_SSL_NEW 186 ++#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 ++#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 ++#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 ++#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 + #define SSL_F_SSL_PEEK 270 + #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 + #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 +@@ -1954,6 +1978,7 @@ + #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 + #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 + #define SSL_R_NO_PUBLICKEY 192 ++#define SSL_R_NO_RENEGOTIATION 319 + #define SSL_R_NO_SHARED_CIPHER 193 + #define SSL_R_NO_VERIFY_CALLBACK 194 + #define SSL_R_NULL_SSL_CTX 195 +@@ -1981,10 +2006,14 @@ + #define SSL_R_RECORD_LENGTH_MISMATCH 213 + #define SSL_R_RECORD_TOO_LARGE 214 + #define SSL_R_RECORD_TOO_SMALL 298 ++#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 ++#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 ++#define SSL_R_RENEGOTIATION_MISMATCH 322 + #define SSL_R_REQUIRED_CIPHER_MISSING 215 + #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 + #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 + #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 ++#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 + #define SSL_R_SERVERHELLO_TLSEXT 224 + #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 + #define SSL_R_SHORT_READ 219 +@@ -2054,6 +2083,7 @@ + #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 + #define SSL_R_UNKNOWN_SSL_VERSION 254 + #define SSL_R_UNKNOWN_STATE 255 ++#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 + #define SSL_R_UNSUPPORTED_CIPHER 256 + #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 + #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +diff -Nur openssl-0.9.8k/ssl/ssl_lib.c openssl-0.9.8k.new/ssl/ssl_lib.c +--- openssl-0.9.8k/ssl/ssl_lib.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/ssl_lib.c 2010-06-23 16:24:09.000000000 -0400 +@@ -986,8 +986,12 @@ + + case SSL_CTRL_OPTIONS: + return(s->options|=larg); ++ case SSL_CTRL_CLEAR_OPTIONS: ++ return(s->options&=~larg); + case SSL_CTRL_MODE: + return(s->mode|=larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return(s->mode &=~larg); + case SSL_CTRL_GET_MAX_CERT_LIST: + return(s->max_cert_list); + case SSL_CTRL_SET_MAX_CERT_LIST: +@@ -1002,6 +1006,10 @@ + return larg; + } + return 0; ++ case SSL_CTRL_GET_RI_SUPPORT: ++ if (s->s3) ++ return s->s3->send_connection_binding; ++ else return 0; + default: + return(s->method->ssl_ctrl(s,cmd,larg,parg)); + } +@@ -1088,8 +1096,12 @@ + return(ctx->stats.sess_cache_full); + case SSL_CTRL_OPTIONS: + return(ctx->options|=larg); ++ case SSL_CTRL_CLEAR_OPTIONS: ++ return(ctx->options&=~larg); + case SSL_CTRL_MODE: + return(ctx->mode|=larg); ++ case SSL_CTRL_CLEAR_MODE: ++ return(ctx->mode&=~larg); + default: + return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); + } +@@ -1286,6 +1298,22 @@ + j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + p+=j; + } ++ /* If p == q, no ciphers and caller indicates an error. Otherwise ++ * add SCSV if not renegotiating. ++ */ ++ if (p != q && !s->new_session) ++ { ++ static SSL_CIPHER scsv = ++ { ++ 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, ++ }; ++ j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); ++ p+=j; ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "SCSV sent by client\n"); ++#endif ++ } ++ + return(p-q); + } + +@@ -1295,6 +1323,8 @@ + SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; + int i,n; ++ if (s->s3) ++ s->s3->send_connection_binding = 0; + + n=ssl_put_cipher_by_char(s,NULL,NULL); + if ((num%n) != 0) +@@ -1312,6 +1342,26 @@ + + for (i=0; is3 && (n != 3 || !p[0]) && ++ (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && ++ (p[n-1] == (SSL3_CK_SCSV & 0xff))) ++ { ++ /* SCSV fatal if renegotiating */ ++ if (s->new_session) ++ { ++ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ goto err; ++ } ++ s->s3->send_connection_binding = 1; ++ p += n; ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "SCSV received by server\n"); ++#endif ++ continue; ++ } ++ + c=ssl_get_cipher_by_char(s,p); + p+=n; + if (c != NULL) +@@ -1547,6 +1597,10 @@ + } + #endif + #endif ++ /* Default is to connect to non-RI servers. When RI is more widely ++ * deployed might change this. ++ */ ++ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + + return(ret); + err: +diff -Nur openssl-0.9.8k/ssl/ssl_locl.h openssl-0.9.8k.new/ssl/ssl_locl.h +--- openssl-0.9.8k/ssl/ssl_locl.h 2009-01-05 09:43:07.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/ssl_locl.h 2010-06-23 16:18:26.000000000 -0400 +@@ -868,7 +868,7 @@ + void dtls1_reset_seq_numbers(SSL *s, int rw); + long dtls1_default_timeout(void); + SSL_CIPHER *dtls1_get_cipher(unsigned int u); +- ++int dtls1_send_newsession_ticket(SSL *s); + + + /* some client-only functions */ +@@ -885,6 +885,9 @@ + int ssl3_get_key_exchange(SSL *s); + int ssl3_get_server_certificate(SSL *s); + int ssl3_check_cert_and_algorithm(SSL *s); ++#ifndef OPENSSL_NO_TLSEXT ++int ssl3_check_finished(SSL *s); ++#endif + + int dtls1_client_hello(SSL *s); + int dtls1_send_client_certificate(SSL *s); +@@ -968,6 +971,7 @@ + int ssl_prepare_serverhello_tlsext(SSL *s); + int ssl_check_clienthello_tlsext(SSL *s); + int ssl_check_serverhello_tlsext(SSL *s); ++ + #ifdef OPENSSL_NO_SHA256 + #define tlsext_tick_md EVP_sha1 + #else +@@ -977,6 +981,15 @@ + const unsigned char *limit, SSL_SESSION **ret); + EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; + void ssl_clear_hash_ctx(EVP_MD_CTX **hash); ++ ++int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, ++ int maxlen); ++int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, ++ int *al); ++int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, ++ int maxlen); ++int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, ++ int *al); + #endif + + #endif +diff -Nur openssl-0.9.8k/ssl/t1_lib.c openssl-0.9.8k.new/ssl/t1_lib.c +--- openssl-0.9.8k/ssl/t1_lib.c 2010-06-23 16:14:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/t1_lib.c 2010-06-23 16:24:06.000000000 -0400 +@@ -133,8 +133,9 @@ + int extdatalen=0; + unsigned char *ret = p; + +- /* don't add extensions for SSLv3 */ +- if (s->client_version == SSL3_VERSION) ++ /* don't add extensions for SSLv3 unless doing secure renegotiation */ ++ if (s->client_version == SSL3_VERSION ++ && !s->s3->send_connection_binding) + return p; + + ret+=2; +@@ -173,7 +174,33 @@ + ret+=size_str; + + } ++ ++ /* Add RI if renegotiating */ ++ if (s->new_session) ++ { ++ int el; ++ ++ if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) ++ { ++ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ if((limit - p - 4 - el) < 0) return NULL; ++ ++ s2n(TLSEXT_TYPE_renegotiate,ret); ++ s2n(el,ret); ++ ++ if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) ++ { ++ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } + ++ ret += el; ++ } ++ ++ + if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) + { + int ticklen; +@@ -195,7 +222,8 @@ + } + } + +- if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) ++ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && ++ s->version != DTLS1_VERSION) + { + int i; + long extlen, idlen, itmp; +@@ -255,8 +283,8 @@ + int extdatalen=0; + unsigned char *ret = p; + +- /* don't add extensions for SSLv3 */ +- if (s->version == SSL3_VERSION) ++ /* don't add extensions for SSLv3, unless doing secure renegotiation */ ++ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) + return p; + + ret+=2; +@@ -269,6 +297,30 @@ + s2n(TLSEXT_TYPE_server_name,ret); + s2n(0,ret); + } ++ ++ if(s->s3->send_connection_binding) ++ { ++ int el; ++ ++ if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) ++ { ++ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ if((limit - p - 4 - el) < 0) return NULL; ++ ++ s2n(TLSEXT_TYPE_renegotiate,ret); ++ s2n(el,ret); ++ ++ if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) ++ { ++ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ ++ ret += el; ++ } + + if (s->tlsext_ticket_expected + && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) +@@ -298,15 +350,18 @@ + unsigned short size; + unsigned short len; + unsigned char *data = *p; ++ int renegotiate_seen = 0; ++ + s->servername_done = 0; + s->tlsext_status_type = -1; + + if (data >= (d+n-2)) +- return 1; ++ goto ri_check; ++ + n2s(data,len); + + if (data > (d+n-len)) +- return 1; ++ goto ri_check; + + while (data <= (d+n-4)) + { +@@ -314,7 +369,7 @@ + n2s(data,size); + + if (data+size > (d+n)) +- return 1; ++ goto ri_check; + + if (s->tlsext_debug_cb) + s->tlsext_debug_cb(s, 0, type, data, size, +@@ -415,8 +470,14 @@ + } + + } +- else if (type == TLSEXT_TYPE_status_request +- && s->ctx->tlsext_status_cb) ++ else if (type == TLSEXT_TYPE_renegotiate) ++ { ++ if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) ++ return 0; ++ renegotiate_seen = 1; ++ } ++ else if (type == TLSEXT_TYPE_status_request && ++ s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) + { + + if (size < 5) +@@ -515,12 +576,26 @@ + else + s->tlsext_status_type = -1; + } ++ + /* session ticket processed earlier */ + + data+=size; + } +- + *p = data; ++ ++ ri_check: ++ ++ /* Need RI if renegotiating */ ++ ++ if (!renegotiate_seen && s->new_session && ++ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, ++ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ return 0; ++ } ++ + return 1; + } + +@@ -530,11 +605,11 @@ + unsigned short size; + unsigned short len; + unsigned char *data = *p; +- + int tlsext_servername = 0; ++ int renegotiate_seen = 0; + + if (data >= (d+n-2)) +- return 1; ++ goto ri_check; + + n2s(data,len); + +@@ -544,7 +619,7 @@ + n2s(data,size); + + if (data+size > (d+n)) +- return 1; ++ goto ri_check; + + if (s->tlsext_debug_cb) + s->tlsext_debug_cb(s, 1, type, data, size, +@@ -569,7 +644,8 @@ + } + s->tlsext_ticket_expected = 1; + } +- else if (type == TLSEXT_TYPE_status_request) ++ else if (type == TLSEXT_TYPE_status_request && ++ s->version != DTLS1_VERSION) + { + /* MUST be empty and only sent if we've requested + * a status request message. +@@ -582,7 +658,12 @@ + /* Set flag to expect CertificateStatus message */ + s->tlsext_status_expected = 1; + } +- ++ else if (type == TLSEXT_TYPE_renegotiate) ++ { ++ if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) ++ return 0; ++ renegotiate_seen = 1; ++ } + data+=size; + } + +@@ -614,6 +695,26 @@ + } + + *p = data; ++ ++ ri_check: ++ ++ /* Determine if we need to see RI. Strictly speaking if we want to ++ * avoid an attack we should *always* see RI even on initial server ++ * hello because the client doesn't see any renegotiation during an ++ * attack. However this would mean we could not connect to any server ++ * which doesn't support RI so for the immediate future tolerate RI ++ * absence on initial connect only. ++ */ ++ if (!renegotiate_seen ++ && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT) ++ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ *al = SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, ++ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ++ return 0; ++ } ++ + return 1; + } + +diff -Nur openssl-0.9.8k/ssl/t1_reneg.c openssl-0.9.8k.new/ssl/t1_reneg.c +--- openssl-0.9.8k/ssl/t1_reneg.c 1969-12-31 19:00:00.000000000 -0500 ++++ openssl-0.9.8k.new/ssl/t1_reneg.c 2010-06-23 16:21:34.000000000 -0400 +@@ -0,0 +1,292 @@ ++/* ssl/t1_reneg.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++#include ++#include ++#include "ssl_locl.h" ++ ++/* Add the client's renegotiation binding */ ++int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, ++ int maxlen) ++ { ++ if(p) ++ { ++ if((s->s3->previous_client_finished_len+1) > maxlen) ++ { ++ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); ++ return 0; ++ } ++ ++ /* Length byte */ ++ *p = s->s3->previous_client_finished_len; ++ p++; ++ ++ memcpy(p, s->s3->previous_client_finished, ++ s->s3->previous_client_finished_len); ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension sent by client\n", ++ s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); ++#endif ++ } ++ ++ *len=s->s3->previous_client_finished_len + 1; ++ ++ ++ return 1; ++ } ++ ++/* Parse the client's renegotiation binding and abort if it's not ++ right */ ++int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, ++ int *al) ++ { ++ int ilen; ++ ++ /* Parse the length byte */ ++ if(len < 1) ++ { ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); ++ *al=SSL_AD_ILLEGAL_PARAMETER; ++ return 0; ++ } ++ ilen = *d; ++ d++; ++ ++ /* Consistency check */ ++ if((ilen+1) != len) ++ { ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); ++ *al=SSL_AD_ILLEGAL_PARAMETER; ++ return 0; ++ } ++ ++ /* Check that the extension matches */ ++ if(ilen != s->s3->previous_client_finished_len) ++ { ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); ++ *al=SSL_AD_HANDSHAKE_FAILURE; ++ return 0; ++ } ++ ++ if(memcmp(d, s->s3->previous_client_finished, ++ s->s3->previous_client_finished_len)) ++ { ++ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); ++ *al=SSL_AD_HANDSHAKE_FAILURE; ++ return 0; ++ } ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension received by server\n", ++ ilen ? "Non-empty" : "Empty"); ++#endif ++ ++ s->s3->send_connection_binding=1; ++ ++ return 1; ++ } ++ ++/* Add the server's renegotiation binding */ ++int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, ++ int maxlen) ++ { ++ if(p) ++ { ++ if((s->s3->previous_client_finished_len + ++ s->s3->previous_server_finished_len + 1) > maxlen) ++ { ++ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG); ++ return 0; ++ } ++ ++ /* Length byte */ ++ *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len; ++ p++; ++ ++ memcpy(p, s->s3->previous_client_finished, ++ s->s3->previous_client_finished_len); ++ p += s->s3->previous_client_finished_len; ++ ++ memcpy(p, s->s3->previous_server_finished, ++ s->s3->previous_server_finished_len); ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension sent by server\n", ++ s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); ++#endif ++ } ++ ++ *len=s->s3->previous_client_finished_len ++ + s->s3->previous_server_finished_len + 1; ++ ++ return 1; ++ } ++ ++/* Parse the server's renegotiation binding and abort if it's not ++ right */ ++int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, ++ int *al) ++ { ++ int expected_len=s->s3->previous_client_finished_len ++ + s->s3->previous_server_finished_len; ++ int ilen; ++ ++ /* Check for logic errors */ ++ OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); ++ OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); ++ ++ /* Parse the length byte */ ++ if(len < 1) ++ { ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); ++ *al=SSL_AD_ILLEGAL_PARAMETER; ++ return 0; ++ } ++ ilen = *d; ++ d++; ++ ++ /* Consistency check */ ++ if(ilen+1 != len) ++ { ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR); ++ *al=SSL_AD_ILLEGAL_PARAMETER; ++ return 0; ++ } ++ ++ /* Check that the extension matches */ ++ if(ilen != expected_len) ++ { ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); ++ *al=SSL_AD_HANDSHAKE_FAILURE; ++ return 0; ++ } ++ ++ if(memcmp(d, s->s3->previous_client_finished, ++ s->s3->previous_client_finished_len)) ++ { ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); ++ *al=SSL_AD_HANDSHAKE_FAILURE; ++ return 0; ++ } ++ d += s->s3->previous_client_finished_len; ++ ++ if(memcmp(d, s->s3->previous_server_finished, ++ s->s3->previous_server_finished_len)) ++ { ++ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH); ++ *al=SSL_AD_ILLEGAL_PARAMETER; ++ return 0; ++ } ++#ifdef OPENSSL_RI_DEBUG ++ fprintf(stderr, "%s RI extension received by client\n", ++ ilen ? "Non-empty" : "Empty"); ++#endif ++ s->s3->send_connection_binding=1; ++ ++ return 1; ++ } +diff -Nur openssl-0.9.8k/ssl/tls1.h openssl-0.9.8k.new/ssl/tls1.h +--- openssl-0.9.8k/ssl/tls1.h 2008-04-30 12:11:33.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/tls1.h 2010-06-23 16:14:39.000000000 -0400 +@@ -115,6 +115,9 @@ + #define TLSEXT_TYPE_ec_point_formats 11 + #define TLSEXT_TYPE_session_ticket 35 + ++/* Temporary extension type */ ++#define TLSEXT_TYPE_renegotiate 0xff01 ++ + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ --- openssl-0.9.8k.orig/debian/patches/CVE-2011-4576.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-4576.patch @@ -0,0 +1,26 @@ +Origin: http://cvs.openssl.org/chngview?cn=21940 +Subject: Clear bytes used for block padding of SSL 3.0 records. + +CVE-2011-4576 + +[Ubuntu note: modification to CHANGES file has been dropped to reduce + patch conflicts.] + +--- + ssl/s3_enc.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: b/ssl/s3_enc.c +=================================================================== +--- a/ssl/s3_enc.c ++++ b/ssl/s3_enc.c +@@ -480,6 +480,9 @@ int ssl3_enc(SSL *s, int send) + + /* we need to add 'i-1' padding bytes */ + l+=i; ++ /* the last of these zero bytes will be overwritten ++ * with the padding length. */ ++ memset(&rec->input[rec->length], 0, i); + rec->length+=i; + rec->input[l-1]=(i-1); + } --- openssl-0.9.8k.orig/debian/patches/make-targets.patch +++ openssl-0.9.8k/debian/patches/make-targets.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8k/Makefile.org +=================================================================== +--- openssl-0.9.8k.orig/Makefile.org 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/Makefile.org 2009-07-19 11:37:31.000000000 +0200 +@@ -131,7 +131,7 @@ + + BASEADDR= + +-DIRS= crypto fips ssl engines apps test tools ++DIRS= crypto fips ssl engines apps tools + SHLIBDIRS= crypto ssl fips + + # dirs in crypto to build --- openssl-0.9.8k.orig/debian/patches/openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch +++ openssl-0.9.8k/debian/patches/openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch @@ -0,0 +1,116 @@ +Subject: OpenSSL Ciphersuite Downgrade Attack +Origin: other, http://openssl.org/news/secadv_20101202.txt + +OpenSSL Security Advisory [2 December 2010] + +OpenSSL Ciphersuite Downgrade Attack +===================================== + +A flaw has been found in the OpenSSL SSL/TLS server code where an old bug +workaround allows malicous clients to modify the stored session cache +ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one +on subsequent connections. + +The OpenSSL security team would like to thank Martin Rex for reporting this +issue. + +This vulnerability is tracked as CVE-2010-4180 + +OpenSSL JPAKE validation error +=============================== + +Sebastian Martini found an error in OpenSSL's J-PAKE implementation +which could lead to successful validation by someone with no knowledge +of the shared secret. This error is fixed in 1.0.0c. Details of the +problem can be found here: + +http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf + +Note that the OpenSSL Team still consider our implementation of J-PAKE +to be experimental and is not compiled by default. + +This issue is tracked as CVE-2010-4252 + +Who is affected? +================= + +All versions of OpenSSL contain the ciphersuite downgrade vulnerability. + +Any OpenSSL based SSL/TLS server is vulnerable if it uses +OpenSSL's internal caching mechanisms and the +SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this +by using the SSL_OP_ALL option). + +Users of OpenSSL 0.9.8j or later who do not enable weak ciphersuites are +still vulnerable but the bug has no security implications as the attacker can +only change from one strong ciphersuite to another. + +All users of OpenSSL's experimental J-PAKE implementation are vulnerable +to the J-PAKE validation error. + +Recommendations for users of OpenSSL +===================================== + +Users of all OpenSSL 0.9.8 releases including 0.9.8p should update +to the OpenSSL 0.9.8q release which contains a patch to correct this issue. + +Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +and/or SSL_OP_ALL flags. + +Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release +which contains a patch to correct this issue and also contains a corrected +version of the CVE-2010-3864 vulnerability fix. + +If upgrading is not immediately possible, the relevant source code patch +provided in this advisory should be applied. + +Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by +default) should upgrade to OpenSSL 1.0.0c. + +Patch +===== + +--- + ssl/s3_clnt.c | 3 +++ + ssl/s3_srvr.c | 5 +++++ + 2 files changed, 8 insertions(+) + +Index: b/ssl/s3_clnt.c +=================================================================== +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -813,8 +813,11 @@ int ssl3_get_server_hello(SSL *s) + s->session->cipher_id = s->session->cipher->id; + if (s->hit && (s->session->cipher_id != c->id)) + { ++/* Workaround is now obsolete */ ++#if 0 + if (!(s->options & + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) ++#endif + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); +Index: b/ssl/s3_srvr.c +=================================================================== +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -914,6 +914,10 @@ int ssl3_get_client_hello(SSL *s) + break; + } + } ++/* Disabled because it can be used in a ciphersuite downgrade ++ * attack: CVE-2010-4180. ++ */ ++#if 0 + if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) + { + /* Special case as client bug workaround: the previously used cipher may +@@ -928,6 +932,7 @@ int ssl3_get_client_hello(SSL *s) + j = 1; + } + } ++#endif + if (j == 0) + { + /* we need to have the cipher in the cipher --- openssl-0.9.8k.orig/debian/patches/rc4-amd64.patch +++ openssl-0.9.8k/debian/patches/rc4-amd64.patch @@ -0,0 +1,14 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/Configure 2009-07-19 11:37:10.000000000 +0200 +@@ -128,6 +128,9 @@ + my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; + + my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; ++# rc4 asm is disabled on amd64 because we configured it with RC4_CHAR while ++# the assembler only works with int ++my $x86_64_asm_linux="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::::"; + my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; + + my $no_asm="::::::::::"; --- openssl-0.9.8k.orig/debian/patches/CVE-2009-1377.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-1377.patch @@ -0,0 +1,48 @@ +Index: openssl-0.9.8k/ssl/d1_pkt.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/d1_pkt.c 2008-10-13 08:43:06.000000000 +0200 ++++ openssl-0.9.8k/ssl/d1_pkt.c 2009-07-19 11:32:41.000000000 +0200 +@@ -167,6 +167,10 @@ + DTLS1_RECORD_DATA *rdata; + pitem *item; + ++ /* Limit the size of the queue to prevent DOS attacks */ ++ if (pqueue_size(queue->q) >= 100) ++ return 0; ++ + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) +Index: openssl-0.9.8k/crypto/pqueue/pqueue.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/pqueue/pqueue.c 2005-06-28 14:53:33.000000000 +0200 ++++ openssl-0.9.8k/crypto/pqueue/pqueue.c 2009-07-19 11:32:41.000000000 +0200 +@@ -234,3 +234,17 @@ + + return ret; + } ++ ++int ++pqueue_size(pqueue_s *pq) ++{ ++ pitem *item = pq->items; ++ int count = 0; ++ ++ while(item != NULL) ++ { ++ count++; ++ item = item->next; ++ } ++ return count; ++} +Index: openssl-0.9.8k/crypto/pqueue/pqueue.h +=================================================================== +--- openssl-0.9.8k.orig/crypto/pqueue/pqueue.h 2005-05-31 00:34:27.000000000 +0200 ++++ openssl-0.9.8k/crypto/pqueue/pqueue.h 2009-07-19 11:32:41.000000000 +0200 +@@ -91,5 +91,6 @@ + pitem *pqueue_next(piterator *iter); + + void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + + #endif /* ! HEADER_PQUEUE_H */ --- openssl-0.9.8k.orig/debian/patches/CVE-2009-2409.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-2409.patch @@ -0,0 +1,33 @@ +This is http://cvs.openssl.org/chngview?cn=18381 +Fixes CVE-2009-2409 + +Index: openssl/crypto/evp/c_alld.c +RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v +rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null +--- c_alld.c 2005/04/30 21:51:40 1.7 ++++ c_alld.c 2009/07/08 08:33:26 1.7.2.1 +@@ -64,9 +64,6 @@ + + void OpenSSL_add_all_digests(void) + { +-#ifndef OPENSSL_NO_MD2 +- EVP_add_digest(EVP_md2()); +-#endif + #ifndef OPENSSL_NO_MD4 + EVP_add_digest(EVP_md4()); + #endif +Index: openssl/ssl/ssl_algs.c +RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v +rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null +--- ssl_algs.c 2007/04/23 23:50:21 1.12.2.3 ++++ ssl_algs.c 2009/07/08 08:33:27 1.12.2.4 +@@ -92,9 +92,6 @@ + EVP_add_cipher(EVP_seed_cbc()); + #endif + +-#ifndef OPENSSL_NO_MD2 +- EVP_add_digest(EVP_md2()); +-#endif + #ifndef OPENSSL_NO_MD5 + EVP_add_digest(EVP_md5()); + EVP_add_digest_alias(SN_md5,"ssl2-md5"); --- openssl-0.9.8k.orig/debian/patches/CVE-2012-2110b.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-2110b.patch @@ -0,0 +1,16 @@ +Origin: http://cvs.openssl.org/chngview?cn=22476 +Description: Use correct error code in BUF_MEM_grow_clean() + +Index: openssl-0.9.8o/crypto/buffer/buffer.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/buffer/buffer.c 2012-04-24 07:59:24.000000000 -0500 ++++ openssl-0.9.8o/crypto/buffer/buffer.c 2012-04-24 08:00:21.000000000 -0500 +@@ -156,7 +156,7 @@ + /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ + if (len > LIMIT_BEFORE_EXPANSION) + { +- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); + return 0; + } + n=(len+3)/3*4; --- openssl-0.9.8k.orig/debian/patches/CVE-2013-0166.patch +++ openssl-0.9.8k/debian/patches/CVE-2013-0166.patch @@ -0,0 +1,44 @@ +Description: fix denial of service via invalid OCSP key +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=66e8211c0b1347970096e04b18aa52567c325200 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889 + +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index da3efaa..7ded69b 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -138,6 +138,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat + unsigned char *buf_in=NULL; + int ret= -1,i,inl; + ++ if (!pkey) ++ { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ + EVP_MD_CTX_init(&ctx); + i=OBJ_obj2nid(a->algorithm); + type=EVP_get_digestbyname(OBJ_nid2sn(i)); +diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c +index d3b446c..f24080f 100644 +--- a/crypto/ocsp/ocsp_vfy.c ++++ b/crypto/ocsp/ocsp_vfy.c +@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + { + EVP_PKEY *skey; + skey = X509_get_pubkey(signer); +- ret = OCSP_BASICRESP_verify(bs, skey, 0); +- EVP_PKEY_free(skey); +- if(ret <= 0) ++ if (skey) ++ { ++ ret = OCSP_BASICRESP_verify(bs, skey, 0); ++ EVP_PKEY_free(skey); ++ } ++ if(!skey || ret <= 0) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + goto end; +-- +1.7.9.5 + --- openssl-0.9.8k.orig/debian/patches/CVE-2009-4355.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-4355.patch @@ -0,0 +1,50 @@ +From: "Dr. Stephen Henson" +Subject: memory consumption (DoS) vulnerability + +I've attached a patch which uses an alternative technique. The main problem is +that the ex_data free function pointer is removed when +CRYPTO_cleanup_all_ex_data() is called. If the compression structure is +cleaned up directly this problem is avoided: + +Index: openssl-0.9.8k/crypto/comp/c_zlib.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/comp/c_zlib.c 2010-01-13 20:35:47.000000000 +0000 ++++ openssl-0.9.8k/crypto/comp/c_zlib.c 2010-01-13 20:35:50.000000000 +0000 +@@ -136,15 +136,6 @@ + + static int zlib_stateful_ex_idx = -1; + +-static void zlib_stateful_free_ex_data(void *obj, void *item, +- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) +- { +- struct zlib_state *state = (struct zlib_state *)item; +- inflateEnd(&state->istream); +- deflateEnd(&state->ostream); +- OPENSSL_free(state); +- } +- + static int zlib_stateful_init(COMP_CTX *ctx) + { + int err; +@@ -188,6 +179,12 @@ + + static void zlib_stateful_finish(COMP_CTX *ctx) + { ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); ++ inflateEnd(&state->istream); ++ deflateEnd(&state->ostream); ++ OPENSSL_free(state); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); + } + +@@ -402,7 +399,7 @@ + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, +- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); ++ 0,NULL,NULL,NULL,NULL); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + goto err; --- openssl-0.9.8k.orig/debian/patches/CVE-2012-2110.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-2110.patch @@ -0,0 +1,187 @@ +Origin: http://cvs.openssl.org/chngview?cn=22439 +Description: Check for potentially exploitable overflows in asn1_d2i_read_bio + BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in + CRYPTO_realloc_clean. + +Index: openssl-0.9.8o/crypto/asn1/a_d2i_fp.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/asn1/a_d2i_fp.c 2012-04-19 09:36:24.000000000 -0500 ++++ openssl-0.9.8o/crypto/asn1/a_d2i_fp.c 2012-04-19 09:37:13.000000000 -0500 +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + #include +@@ -143,17 +144,11 @@ + BUF_MEM *b; + unsigned char *p; + int i; +- int ret=-1; + ASN1_const_CTX c; +- int want=HEADER_SIZE; ++ size_t want=HEADER_SIZE; + int eos=0; +-#if defined(__GNUC__) && defined(__ia64) +- /* pathetic compiler bug in all known versions as of Nov. 2002 */ +- long off=0; +-#else +- int off=0; +-#endif +- int len=0; ++ size_t off=0; ++ size_t len=0; + + b=BUF_MEM_new(); + if (b == NULL) +@@ -169,7 +164,7 @@ + { + want-=(len-off); + +- if (!BUF_MEM_grow_clean(b,len+want)) ++ if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); + goto err; +@@ -181,7 +176,14 @@ + goto err; + } + if (i > 0) ++ { ++ if (len+i < len) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } + len+=i; ++ } + } + /* else data already loaded */ + +@@ -206,6 +208,11 @@ + { + /* no data body so go round again */ + eos++; ++ if (eos < 0) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); ++ goto err; ++ } + want=HEADER_SIZE; + } + else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) +@@ -220,10 +227,16 @@ + else + { + /* suck in c.slen bytes of data */ +- want=(int)c.slen; ++ want=c.slen; + if (want > (len-off)) + { + want-=(len-off); ++ if (want > INT_MAX /* BIO_read takes an int length */ || ++ len+want < len) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } + if (!BUF_MEM_grow_clean(b,len+want)) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); +@@ -238,11 +251,18 @@ + ASN1_R_NOT_ENOUGH_DATA); + goto err; + } ++ /* This can't overflow because ++ * |len+want| didn't overflow. */ + len+=i; +- want -= i; ++ want-=i; + } + } +- off+=(int)c.slen; ++ if (off + c.slen < off) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } ++ off+=c.slen; + if (eos <= 0) + { + break; +@@ -252,9 +272,15 @@ + } + } + ++ if (off > INT_MAX) ++ { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); ++ goto err; ++ } ++ + *pb = b; + return off; + err: + if (b != NULL) BUF_MEM_free(b); +- return(ret); ++ return -1; + } +Index: openssl-0.9.8o/crypto/buffer/buffer.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/buffer/buffer.c 2012-04-19 09:36:24.000000000 -0500 ++++ openssl-0.9.8o/crypto/buffer/buffer.c 2012-04-19 09:37:13.000000000 -0500 +@@ -60,6 +60,11 @@ + #include "cryptlib.h" + #include + ++/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That ++ * function is applied in several functions in this file and this limit ensures ++ * that the result fits in an int. */ ++#define LIMIT_BEFORE_EXPANSION 0x5ffffffc ++ + BUF_MEM *BUF_MEM_new(void) + { + BUF_MEM *ret; +@@ -105,6 +110,12 @@ + str->length=len; + return(len); + } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); +@@ -142,6 +153,12 @@ + str->length=len; + return(len); + } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); +Index: openssl-0.9.8o/crypto/mem.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/mem.c 2012-04-19 09:36:24.000000000 -0500 ++++ openssl-0.9.8o/crypto/mem.c 2012-04-19 09:37:13.000000000 -0500 +@@ -372,6 +372,10 @@ + + if (num <= 0) return NULL; + ++ /* We don't support shrinking the buffer. Note the memcpy that copies ++ * |old_len| bytes to the new buffer, below. */ ++ if (num < old_len) return NULL; ++ + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); --- openssl-0.9.8k.orig/debian/patches/man-dir.patch +++ openssl-0.9.8k/debian/patches/man-dir.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8k/Makefile.org +=================================================================== +--- openssl-0.9.8k.orig/Makefile.org 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/Makefile.org 2009-07-19 11:37:29.000000000 +0200 +@@ -152,7 +152,7 @@ + + MAKEFILE= Makefile + +-MANDIR=$(OPENSSLDIR)/man ++MANDIR=/usr/share/man + MAN1=1 + MAN3=3 + MANSUFFIX= --- openssl-0.9.8k.orig/debian/patches/CVE-2011-3210.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-3210.patch @@ -0,0 +1,109 @@ +Origin: http://cvs.openssl.org/chngview?cn=21334 +Subject: (EC)DH memory handling fixes. + +Ensure thread safety during processing of handshake messages. + +CVE-2011-3210 + +[Ubuntu note: patch differs from upstream in that the CHANGES file + modifications have been dropped to reduce patch conflicts.] + +--- + ssl/s3_lib.c | 6 ++++++ + ssl/s3_srvr.c | 22 +++++++++++++++------- + 2 files changed, 21 insertions(+), 7 deletions(-) + +Index: b/ssl/s3_lib.c +=================================================================== +--- a/ssl/s3_lib.c ++++ b/ssl/s3_lib.c +@@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s) + } + #ifndef OPENSSL_NO_DH + if (s->s3->tmp.dh != NULL) ++ { + DH_free(s->s3->tmp.dh); ++ s->s3->tmp.dh = NULL; ++ } + #endif + #ifndef OPENSSL_NO_ECDH + if (s->s3->tmp.ecdh != NULL) ++ { + EC_KEY_free(s->s3->tmp.ecdh); ++ s->s3->tmp.ecdh = NULL; ++ } + #endif + + rp = s->s3->rbuf.buf; +Index: b/ssl/s3_srvr.c +=================================================================== +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -710,9 +710,7 @@ int ssl3_check_client_hello(SSL *s) + if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) + { + /* Throw away what we have done so far in the current handshake, +- * which will now be aborted. (A full SSL_clear would be too much.) +- * I hope that tmp.dh is the only thing that may need to be cleared +- * when a handshake is not completed ... */ ++ * which will now be aborted. (A full SSL_clear would be too much.) */ + #ifndef OPENSSL_NO_DH + if (s->s3->tmp.dh != NULL) + { +@@ -720,6 +718,13 @@ int ssl3_check_client_hello(SSL *s) + s->s3->tmp.dh = NULL; + } + #endif ++#ifndef OPENSSL_NO_ECDH ++ if (s->s3->tmp.ecdh != NULL) ++ { ++ EC_KEY_free(s->s3->tmp.ecdh); ++ s->s3->tmp.ecdh = NULL; ++ } ++#endif + return 2; + } + return 1; +@@ -1329,7 +1334,6 @@ int ssl3_send_server_key_exchange(SSL *s + + if (s->s3->tmp.dh != NULL) + { +- DH_free(dh); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } +@@ -1390,7 +1394,6 @@ int ssl3_send_server_key_exchange(SSL *s + + if (s->s3->tmp.ecdh != NULL) + { +- EC_KEY_free(s->s3->tmp.ecdh); + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } +@@ -1401,12 +1404,11 @@ int ssl3_send_server_key_exchange(SSL *s + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- if (!EC_KEY_up_ref(ecdhp)) ++ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB); + goto err; + } +- ecdh = ecdhp; + + s->s3->tmp.ecdh=ecdh; + if ((EC_KEY_get0_public_key(ecdh) == NULL) || +@@ -2262,6 +2264,12 @@ int ssl3_get_client_key_exchange(SSL *s) + /* Get encoded point length */ + i = *p; + p += 1; ++ if (n != 1 + i) ++ { ++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ++ ERR_R_EC_LIB); ++ goto err; ++ } + if (EC_POINT_oct2point(group, + clnt_ecpoint, p, i, bn_ctx) == 0) + { --- openssl-0.9.8k.orig/debian/patches/CVE-2011-4577.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-4577.patch @@ -0,0 +1,197 @@ +Origin: http://cvs.openssl.org/chngview?cn=21937 +Subject: Prevent malformed RFC3779 data triggering an assertion failure + +CVE-2011-4577 + +[Ubuntu note: dropped CHANGES file modifications to reduce patch conflicts.] + +--- + crypto/x509v3/v3_addr.c | 74 ++++++++++++++++++++++++++++++------------------ + 1 file changed, 47 insertions(+), 27 deletions(-) + +Index: b/crypto/x509v3/v3_addr.c +=================================================================== +--- a/crypto/x509v3/v3_addr.c ++++ b/crypto/x509v3/v3_addr.c +@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAdd + * Expand the bitstring form of an address into a raw byte array. + * At the moment this is coded for simplicity, not speed. + */ +-static void addr_expand(unsigned char *addr, ++static int addr_expand(unsigned char *addr, + const ASN1_BIT_STRING *bs, + const int length, + const unsigned char fill) + { +- OPENSSL_assert(bs->length >= 0 && bs->length <= length); ++ if (bs->length < 0 || bs->length > length) ++ return 0; + if (bs->length > 0) { + memcpy(addr, bs->data, bs->length); + if ((bs->flags & 7) != 0) { +@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *a + } + } + memset(addr + bs->length, fill, length - bs->length); ++ return 1; + } + + /* +@@ -179,11 +181,13 @@ static int i2r_address(BIO *out, + + switch (afi) { + case IANA_AFI_IPV4: +- addr_expand(addr, bs, 4, fill); ++ if (!addr_expand(addr, bs, 4, fill)) ++ return 0; + BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); + break; + case IANA_AFI_IPV6: +- addr_expand(addr, bs, 16, fill); ++ if (!addr_expand(addr, bs, 16, fill)) ++ return 0; + for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) + ; + for (i = 0; i < n; i += 2) +@@ -309,6 +313,12 @@ static int i2r_IPAddrBlocks(X509V3_EXT_M + /* + * Sort comparison function for a sequence of IPAddressOrRange + * elements. ++ * ++ * There's no sane answer we can give if addr_expand() fails, and an ++ * assertion failure on externally supplied data is seriously uncool, ++ * so we just arbitrarily declare that if given invalid inputs this ++ * function returns -1. If this messes up your preferred sort order ++ * for garbage input, tough noogies. + */ + static int IPAddressOrRange_cmp(const IPAddressOrRange *a, + const IPAddressOrRange *b, +@@ -321,22 +331,26 @@ static int IPAddressOrRange_cmp(const IP + + switch (a->type) { + case IPAddressOrRange_addressPrefix: +- addr_expand(addr_a, a->u.addressPrefix, length, 0x00); ++ if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) ++ return -1; + prefixlen_a = addr_prefixlen(a->u.addressPrefix); + break; + case IPAddressOrRange_addressRange: +- addr_expand(addr_a, a->u.addressRange->min, length, 0x00); ++ if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) ++ return -1; + prefixlen_a = length * 8; + break; + } + + switch (b->type) { + case IPAddressOrRange_addressPrefix: +- addr_expand(addr_b, b->u.addressPrefix, length, 0x00); ++ if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) ++ return -1; + prefixlen_b = addr_prefixlen(b->u.addressPrefix); + break; + case IPAddressOrRange_addressRange: +- addr_expand(addr_b, b->u.addressRange->min, length, 0x00); ++ if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) ++ return -1; + prefixlen_b = length * 8; + break; + } +@@ -651,22 +665,22 @@ int v3_addr_add_range(IPAddrBlocks *addr + /* + * Extract min and max values from an IPAddressOrRange. + */ +-static void extract_min_max(IPAddressOrRange *aor, ++static int extract_min_max(IPAddressOrRange *aor, + unsigned char *min, + unsigned char *max, + int length) + { +- OPENSSL_assert(aor != NULL && min != NULL && max != NULL); ++ if (aor == NULL || min == NULL || max == NULL) ++ return 0; + switch (aor->type) { + case IPAddressOrRange_addressPrefix: +- addr_expand(min, aor->u.addressPrefix, length, 0x00); +- addr_expand(max, aor->u.addressPrefix, length, 0xFF); +- return; ++ return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && ++ addr_expand(max, aor->u.addressPrefix, length, 0xFF)); + case IPAddressOrRange_addressRange: +- addr_expand(min, aor->u.addressRange->min, length, 0x00); +- addr_expand(max, aor->u.addressRange->max, length, 0xFF); +- return; ++ return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && ++ addr_expand(max, aor->u.addressRange->max, length, 0xFF)); + } ++ return 0; + } + + /* +@@ -682,9 +696,10 @@ int v3_addr_get_range(IPAddressOrRange * + if (aor == NULL || min == NULL || max == NULL || + afi_length == 0 || length < afi_length || + (aor->type != IPAddressOrRange_addressPrefix && +- aor->type != IPAddressOrRange_addressRange)) ++ aor->type != IPAddressOrRange_addressRange) || ++ !extract_min_max(aor, min, max, afi_length)) + return 0; +- extract_min_max(aor, min, max, afi_length); ++ + return afi_length; + } + +@@ -766,8 +781,9 @@ int v3_addr_is_canonical(IPAddrBlocks *a + IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); + IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); + +- extract_min_max(a, a_min, a_max, length); +- extract_min_max(b, b_min, b_max, length); ++ if (!extract_min_max(a, a_min, a_max, length) || ++ !extract_min_max(b, b_min, b_max, length)) ++ return 0; + + /* + * Punt misordered list, overlapping start, or inverted range. +@@ -801,7 +817,8 @@ int v3_addr_is_canonical(IPAddrBlocks *a + { + IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); + if (a->type == IPAddressOrRange_addressRange) { +- extract_min_max(a, a_min, a_max, length); ++ if (!extract_min_max(a, a_min, a_max, length)) ++ return 0; + if (range_should_be_prefix(a_min, a_max, length) >= 0) + return 0; + } +@@ -836,8 +853,9 @@ static int IPAddressOrRanges_canonize(IP + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; + unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; + +- extract_min_max(a, a_min, a_max, length); +- extract_min_max(b, b_min, b_max, length); ++ if (!extract_min_max(a, a_min, a_max, length) || ++ !extract_min_max(b, b_min, b_max, length)) ++ return 0; + + /* + * Punt overlaps. +@@ -1097,13 +1115,15 @@ static int addr_contains(IPAddressOrRang + + p = 0; + for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { +- extract_min_max(sk_IPAddressOrRange_value(child, c), +- c_min, c_max, length); ++ if (!extract_min_max(sk_IPAddressOrRange_value(child, c), ++ c_min, c_max, length)) ++ return -1; + for (;; p++) { + if (p >= sk_IPAddressOrRange_num(parent)) + return 0; +- extract_min_max(sk_IPAddressOrRange_value(parent, p), +- p_min, p_max, length); ++ if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), ++ p_min, p_max, length)) ++ return 0; + if (memcmp(p_max, c_max, length) < 0) + continue; + if (memcmp(p_min, c_min, length) > 0) --- openssl-0.9.8k.orig/debian/patches/shared-lib-ext.patch +++ openssl-0.9.8k/debian/patches/shared-lib-ext.patch @@ -0,0 +1,14 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-07-19 11:36:24.000000000 +0200 ++++ openssl-0.9.8k/Configure 2009-07-19 11:37:03.000000000 +0200 +@@ -1568,7 +1568,8 @@ + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { --- openssl-0.9.8k.orig/debian/patches/no-symbolic.patch +++ openssl-0.9.8k/debian/patches/no-symbolic.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8k/Makefile.shared +=================================================================== +--- openssl-0.9.8k.orig/Makefile.shared 2009-07-19 11:35:02.000000000 +0200 ++++ openssl-0.9.8k/Makefile.shared 2009-07-19 11:35:48.000000000 +0200 +@@ -149,7 +149,7 @@ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + --- openssl-0.9.8k.orig/debian/patches/CVE-2012-0050.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-0050.patch @@ -0,0 +1,50 @@ +Origin: http://cvs.openssl.org/chngview?cn=22032 +Subject: Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. + +CVE-2012-0050 + +[Ubuntu note: fix differs from upstream by dropping the modifications to + the CHANGES file to reduce patch conflicts.] + +--- + ssl/d1_pkt.c | 17 +++++++---------- + 1 file changed, 7 insertions(+), 10 deletions(-) + +Index: b/ssl/d1_pkt.c +=================================================================== +--- a/ssl/d1_pkt.c ++++ b/ssl/d1_pkt.c +@@ -339,6 +339,7 @@ dtls1_process_record(SSL *s) + unsigned int mac_size; + unsigned char md[EVP_MAX_MD_SIZE]; + int decryption_failed_or_bad_record_mac = 0; ++ unsigned char *mac = NULL; + + + rr= &(s->s3->rrec); +@@ -406,19 +407,15 @@ if ( (sess == NULL) || + #endif + } + /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +- if (rr->length < mac_size) ++ if (rr->length >= mac_size) + { +-#if 0 /* OK only for stream ciphers */ +- al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); +- goto f_err; +-#else +- decryption_failed_or_bad_record_mac = 1; +-#endif ++ rr->length -= mac_size; ++ mac = &rr->data[rr->length]; + } +- rr->length-=mac_size; ++ else ++ rr->length = 0; + i=s->method->ssl3_enc->mac(s,md,0); +- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) ++ if (mac == NULL || memcmp(md, mac, mac_size) != 0) + { + decryption_failed_or_bad_record_mac = 1; + } --- openssl-0.9.8k.orig/debian/patches/CVE-2011-1945.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-1945.patch @@ -0,0 +1,23 @@ +Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes + it easier to determine private keys. +Origin: http://cvs.openssl.org/chngview?cn=20892 + +Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c ++++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c +@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke + } + while (BN_is_zero(k)); + ++ /* We do not want timing information to leak the length of k, ++ * so we compute G*k using an equivalent scalar of fixed ++ * bit-length. */ ++ ++ if (!BN_add(k, k, order)) goto err; ++ if (BN_num_bits(k) <= BN_num_bits(order)) ++ if (!BN_add(k, k, order)) goto err; ++ + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) + { --- openssl-0.9.8k.orig/debian/patches/kfreebsd-pipe.patch +++ openssl-0.9.8k/debian/patches/kfreebsd-pipe.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8k/crypto/perlasm/x86_64-xlate.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/perlasm/x86_64-xlate.pl 2008-02-13 21:01:48.000000000 +0100 ++++ openssl-0.9.8k/crypto/perlasm/x86_64-xlate.pl 2009-07-19 11:37:23.000000000 +0200 +@@ -62,7 +62,7 @@ + my ($outdev,$outino,@junk)=stat($output); + + open STDOUT,">$output" || die "can't open $output: $!" +- if ($stddev!=$outdev || $stdino!=$outino); ++# if ($stddev!=$outdev || $stdino!=$outino); + } + + my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005 --- openssl-0.9.8k.orig/debian/patches/rehash_pod.patch +++ openssl-0.9.8k/debian/patches/rehash_pod.patch @@ -0,0 +1,60 @@ +Index: openssl-0.9.8k/doc/apps/c_rehash.pod +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200 +@@ -0,0 +1,55 @@ ++ ++=pod ++ ++=head1 NAME ++ ++c_rehash - Create symbolic links to files named by the hash values ++ ++=head1 SYNOPSIS ++ ++B ++[directory] ... ++ ++=head1 DESCRIPTION ++ ++c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. ++ ++If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed. ++ ++For each directory that is to be processed he user must have write permissions on the directory, if they do not then nothing will be printed for that directory. ++ ++Note that this program deletes all the symbolic links that look like ones that it creates before processing a directory. Beware that if you run the program on a directory that contains symbolic links for other purposes that are named in the same format as those created by this program they will be lost. ++ ++The hashes for certificate files are of the form . where n is an integer. If the hash value already exists then n will be incremented, unless the file is a duplicate. Duplicates are detected using the fingerprint of the certificate. A warning will be printed if a duplicate is detected. The hashes for CRL files are of the form .r and have the same behavior. ++ ++The program will also warn if there are files with extension .pem which are not certificate or CRL files. ++ ++The program uses the openssl program to compute the hashes and fingerprints. It expects the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment variable is defined then this is used instead as the executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash -fingerprint -noout -in $file it must output the hash of $file on the first line followed by the fingerprint on the second line, optionally prefixed with some text and an equals sign (=). ++ ++=head1 OPTIONS ++ ++None ++ ++=head1 ENVIRONMENT ++ ++=over 4 ++ ++=item B ++ ++The name (and path) of an executable to use to generate hashes and fingerprints (see above). ++ ++=item B ++ ++Colon separated list of directories to operate on. Ignored if directories are listed on the command line. ++ ++=head1 SEE ALSO ++ ++L, L ++ ++=back ++ ++=head1 BUGS ++ ++No known bugs ++ ++=cut --- openssl-0.9.8k.orig/debian/patches/CVE-2012-2131.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-2131.patch @@ -0,0 +1,33 @@ +Origin: http://cvs.openssl.org/chngview?cn=22479 +Description: The fix for CVE-2012-2110 did not take into account that the 'len' + argument to BUF_MEM_grow and BUF_MEM_grow_clean is an int in OpenSSL 0.9.8, + making it still vulnerable. Fix by rejecting negative len parameter. + +Index: openssl-0.9.8o/crypto/buffer/buffer.c +=================================================================== +--- openssl-0.9.8o.orig/crypto/buffer/buffer.c 2012-04-24 08:00:21.000000000 -0500 ++++ openssl-0.9.8o/crypto/buffer/buffer.c 2012-04-24 08:01:27.000000000 -0500 +@@ -99,6 +99,11 @@ + char *ret; + unsigned int n; + ++ if (len < 0) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + if (str->length >= len) + { + str->length=len; +@@ -141,6 +146,11 @@ + char *ret; + unsigned int n; + ++ if (len < 0) ++ { ++ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } + if (str->length >= len) + { + memset(&str->data[len],0,str->length-len); --- openssl-0.9.8k.orig/debian/patches/valgrind.patch +++ openssl-0.9.8k/debian/patches/valgrind.patch @@ -0,0 +1,15 @@ +Index: openssl-0.9.8k/crypto/rand/md_rand.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/rand/md_rand.c 2008-09-16 13:50:05.000000000 +0200 ++++ openssl-0.9.8k/crypto/rand/md_rand.c 2009-07-19 11:36:05.000000000 +0200 +@@ -477,8 +477,10 @@ + MD_Update(&m,local_md,MD_DIGEST_LENGTH); + MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); + #ifndef PURIFY ++#if 0 /* Don't add uninitialised data. */ + MD_Update(&m,buf,j); /* purify complains */ + #endif ++#endif + k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; + if (k > 0) + { --- openssl-0.9.8k.orig/debian/patches/openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch +++ openssl-0.9.8k/debian/patches/openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch @@ -0,0 +1,91 @@ +Subject: fix TLS extension parsing +Origin: other, http://openssl.org/news/secadv_20101116.txt + +OpenSSL Security Advisory [16 November 2010] + +TLS extension parsing race condition. +===================================== + +A flaw has been found in the OpenSSL TLS server extension code parsing which +on affected servers can be exploited in a buffer overrun attack. + +The OpenSSL security team would like to thank Rob Hulswit for reporting this +issue. + +The fix was developed by Dr Stephen Henson of the OpenSSL core team. + +This vulnerability is tracked as CVE-2010-3864 + +Who is affected? +================= + +All versions of OpenSSL supporting TLS extensions contain this vulnerability +including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. + +Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses +OpenSSL's internal caching mechanism. Servers that are multi-process and/or +disable internal session caching are NOT affected. + +In particular the Apache HTTP server (which never uses OpenSSL internal +caching) and Stunnel (which includes its own workaround) are NOT affected. + +Recommendations for users of OpenSSL +===================================== + +Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update +to the OpenSSL 0.9.8p release which contains a patch to correct this issue. + +Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release +which contains a patch to correct this issue. + +If upgrading is not immediately possible, the relevant source code patch +provided in this advisory should be applied. + +Patch for OpenSSL 0.9.8 releases +================================ + +Index: openssl-0.9.8o/ssl/t1_lib.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v +retrieving revision 1.13.2.27 +diff -u -r1.13.2.27 t1_lib.c +--- openssl-0.9.8o.orig/ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27 ++++ openssl-0.9.8o/ssl/t1_lib.c 15 Nov 2010 15:20:14 -0000 +@@ -432,14 +432,23 @@ + switch (servname_type) + { + case TLSEXT_NAMETYPE_host_name: +- if (s->session->tlsext_hostname == NULL) ++ if (!s->hit) + { +- if (len > TLSEXT_MAXLEN_host_name || +- ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) ++ if(s->session->tlsext_hostname) ++ { ++ *al = SSL_AD_DECODE_ERROR; ++ return 0; ++ } ++ if (len > TLSEXT_MAXLEN_host_name) + { + *al = TLS1_AD_UNRECOGNIZED_NAME; + return 0; + } ++ if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) ++ { ++ *al = TLS1_AD_INTERNAL_ERROR; ++ return 0; ++ } + memcpy(s->session->tlsext_hostname, sdata, len); + s->session->tlsext_hostname[len]='\0'; + if (strlen(s->session->tlsext_hostname) != len) { +@@ -452,7 +461,8 @@ + + } + else +- s->servername_done = strlen(s->session->tlsext_hostname) == len ++ s->servername_done = s->session->tlsext_hostname ++ && strlen(s->session->tlsext_hostname) == len + && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; + + break; + --- openssl-0.9.8k.orig/debian/patches/Bsymbolic-functions.patch +++ openssl-0.9.8k/debian/patches/Bsymbolic-functions.patch @@ -0,0 +1,50 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-12-07 14:29:03.263485078 -0500 ++++ openssl-0.9.8k/Configure 2009-12-07 14:33:31.160984203 -0500 +@@ -331,19 +331,20 @@ + "debian-armeb","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-armel","gcc:-DL_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #"debian-amd64","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm_linux}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm_linux}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-avr32", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #"debian-freebsd-alpha","gcc:-DTERMIOS -O -Wa,--noexecstack -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-hppa","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG MD2_CHAR RC4_INDEX::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-ia64","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC", +-"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i486 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i486 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-lpia","gcc:-DL_ENDIAN -DTERMIO -O3 -march=i686 -mtune=i586 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-m68k","gcc:-DB_ENDIAN -DTERMIO -O2 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -353,7 +354,7 @@ + "debian-openbsd-alpha","gcc:-DTERMIOS -O3 -Wa,--noexecstack -g::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-openbsd-mips","gcc:-O2 -Wa,--noexecstack -g -DL_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_UNROLL DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG DES_UNROLL DES_RISC2 DES_PTR MD2_CHAR RC4_INDEX::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-s390","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sh3", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -361,7 +362,7 @@ + "debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-m32r","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debian-sparc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall::-D_REENTRANT::-ldl -Wl,-Bsymbolic-functions:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -mcpu=v8 -g -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO -O3 -mcpu=v9 -Wa,--noexecstack -Wa,-Av8plus -g -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + --- openssl-0.9.8k.orig/debian/patches/CVE-2009-1387.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-1387.patch @@ -0,0 +1,51 @@ +Index: openssl-0.9.8k/ssl/d1_both.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/d1_both.c 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/ssl/d1_both.c 2009-07-19 11:32:41.000000000 +0200 +@@ -585,30 +585,31 @@ + } + } + +- frag = dtls1_hm_fragment_new(frag_len); +- if ( frag == NULL) +- goto err; ++ if (frag_len) ++ { ++ frag = dtls1_hm_fragment_new(frag_len); ++ if ( frag == NULL) ++ goto err; + +- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); ++ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + +- if (frag_len) +- { +- /* read the body of the fragment (header has already been read */ ++ /* read the body of the fragment (header has already been read) */ + i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, + frag->fragment,frag_len,0); + if (i<=0 || (unsigned long)i!=frag_len) + goto err; +- } + +- pq_64bit_init(&seq64); +- pq_64bit_assign_word(&seq64, msg_hdr->seq); ++ pq_64bit_init(&seq64); ++ pq_64bit_assign_word(&seq64, msg_hdr->seq); + +- item = pitem_new(seq64, frag); +- pq_64bit_free(&seq64); +- if ( item == NULL) +- goto err; ++ item = pitem_new(seq64, frag); ++ pq_64bit_free(&seq64); ++ if ( item == NULL) ++ goto err; ++ ++ pqueue_insert(s->d1->buffered_messages, item); ++ } + +- pqueue_insert(s->d1->buffered_messages, item); + return DTLS1_HM_FRAGMENT_RETRY; + + err: --- openssl-0.9.8k.orig/debian/patches/openssl-forward-interop.patch +++ openssl-0.9.8k/debian/patches/openssl-forward-interop.patch @@ -0,0 +1,45 @@ +Subject: longterm interoperability patch with future TLS versions +Origin: upstream, http://cvs.openssl.org/chngview?cn=19073 + +Handle TLS versions 2.0 and later properly and correctly use the +highest version of TLS/SSL supported. Although TLS >= 2.0 is some way +off ancient servers have a habit of sticking around for a while... +[Steve Henson] + +See detailed discussion at +http://my.opera.com/yngve/blog/2010/06/02/renego-patched-servers-a-long-term-interoperability-time-bomb-brewing + +[Patch differs from upstream commit in that the diff to the CHANGES file + has been pulled out and incorporated into the patch header here.] + +--- + ssl/s23_srvr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +Index: b/ssl/s23_srvr.c +=================================================================== +--- a/ssl/s23_srvr.c ++++ b/ssl/s23_srvr.c +@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s) + (p[1] == SSL3_VERSION_MAJOR) && + (p[5] == SSL3_MT_CLIENT_HELLO) && + ((p[3] == 0 && p[4] < 5 /* silly record length? */) +- || (p[9] == p[1]))) ++ || (p[9] >= p[1]))) + { + /* + * SSLv3 or tls1 header +@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s) + v[1] = TLS1_VERSION_MINOR; + #endif + } ++ /* if major version number > 3 set minor to a value ++ * which will use the highest version 3 we support. ++ * If TLS 2.0 ever appears we will need to revise ++ * this.... ++ */ ++ else if (p[9] > SSL3_VERSION_MAJOR) ++ v[1]=0xff; + else + v[1]=p[10]; /* minor version according to client_version */ + if (v[1] >= TLS1_VERSION_MINOR) --- openssl-0.9.8k.orig/debian/patches/no-rpath.patch +++ openssl-0.9.8k/debian/patches/no-rpath.patch @@ -0,0 +1,13 @@ +Index: openssl-0.9.8k/Makefile.shared +=================================================================== +--- openssl-0.9.8k.orig/Makefile.shared 2008-09-17 17:56:40.000000000 +0200 ++++ openssl-0.9.8k/Makefile.shared 2009-07-19 11:37:25.000000000 +0200 +@@ -151,7 +151,7 @@ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to --- openssl-0.9.8k.orig/debian/patches/stddef.patch +++ openssl-0.9.8k/debian/patches/stddef.patch @@ -0,0 +1,12 @@ +Index: openssl-0.9.8k/crypto/sha/sha.h +=================================================================== +--- openssl-0.9.8k.orig/crypto/sha/sha.h 2008-09-16 12:47:28.000000000 +0200 ++++ openssl-0.9.8k/crypto/sha/sha.h 2009-07-19 11:36:28.000000000 +0200 +@@ -59,6 +59,7 @@ + #ifndef HEADER_SHA_H + #define HEADER_SHA_H + ++#include + #include + #include + --- openssl-0.9.8k.orig/debian/patches/openssl-CVE-2011-0014-secadv_20110208.patch +++ openssl-0.9.8k/debian/patches/openssl-CVE-2011-0014-secadv_20110208.patch @@ -0,0 +1,76 @@ +Subject: OCSP stapling vulnerability in OpenSSL +Origin: upstream, http://www.openssl.org/news/secadv_20110208.txt + +OpenSSL Security Advisory [8 February 2011] + +OCSP stapling vulnerability in OpenSSL +====================================== + +Incorrectly formatted ClientHello handshake messages could cause OpenSSL +to parse past the end of the message. + +This issue applies to the following versions: + 1) OpenSSL 0.9.8h through 0.9.8q + 2) OpenSSL 1.0.0 through 1.0.0c + +The parsing function in question is already used on arbitary data so no +additional vulnerabilities are expected to be uncovered by this. +However, an attacker may be able to cause a crash (denial of service) by +triggering invalid memory accesses. + +The results of the parse are only availible to the application using +OpenSSL so do not directly cause an information leak. However, some +applications may expose the contents of parsed OCSP extensions, +specifically an OCSP nonce extension. An attacker could use this to read +the contents of memory following the ClientHello. + +Users of OpenSSL should update to the OpenSSL 1.0.0d (or 0.9.8r) release, +which contains a patch to correct this issue. If upgrading is not +immediately possible, the source code patch provided in this advisory +should be applied. + +Neel Mehta (Google) identified the vulnerability. Adam Langley and +Bodo Moeller (Google) prepared the fix. + +Which applications are affected +------------------------------- + +Applications are only affected if they act as a server and call +SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes +Apache httpd >= 2.3.3, if configured with "SSLUseStapling On". + +Patch +----- + +--- + ssl/t1_lib.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +Index: b/ssl/t1_lib.c +=================================================================== +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + n2s(data, idsize); + dsize -= 2 + idsize; ++ size -= 2 + idsize; + if (dsize < 0) + { + *al = SSL_AD_DECODE_ERROR; +@@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + + /* Read in request_extensions */ ++ if (size < 2) ++ { ++ *al = SSL_AD_DECODE_ERROR; ++ return 0; ++ } + n2s(data,dsize); + size -= 2; +- if (dsize > size) ++ if (dsize != size) + { + *al = SSL_AD_DECODE_ERROR; + return 0; --- openssl-0.9.8k.orig/debian/patches/CVE-2009-1379.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-1379.patch @@ -0,0 +1,20 @@ +Index: openssl-0.9.8k/ssl/d1_both.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/d1_both.c 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/ssl/d1_both.c 2009-07-19 11:37:42.000000000 +0200 +@@ -530,13 +530,14 @@ + frag->fragment,frag->msg_header.frag_len); + } + ++ unsigned long frag_len = frag->msg_header.frag_len; + dtls1_hm_fragment_free(frag); + pitem_free(item); + + if (al==0) + { + *ok = 1; +- return frag->msg_header.frag_len; ++ return frag_len; + } + + ssl3_send_alert(s,SSL3_AL_FATAL,al); --- openssl-0.9.8k.orig/debian/patches/config-hurd.patch +++ openssl-0.9.8k/debian/patches/config-hurd.patch @@ -0,0 +1,15 @@ +Index: openssl-0.9.8k/config +=================================================================== +--- openssl-0.9.8k.orig/config 2009-02-16 09:43:41.000000000 +0100 ++++ openssl-0.9.8k/config 2009-07-19 11:32:41.000000000 +0200 +@@ -162,8 +162,8 @@ + echo "${MACHINE}-whatever-linux1"; exit 0 + ;; + +- GNU*) +- echo "hurd-x86"; exit 0; ++ GNU:*|GNU/*:*) ++ echo "${MACHINE}-gnuish"; exit 0; + ;; + + LynxOS:*) --- openssl-0.9.8k.orig/debian/patches/CVE-2011-4619.patch +++ openssl-0.9.8k/debian/patches/CVE-2011-4619.patch @@ -0,0 +1,119 @@ +Origin: http://cvs.openssl.org/chngview?cn=21939 +Subject: Only allow one SGC handshake restart for SSL/TLS. + +CVE-2011-4619 + +[Ubuntu note: dropped CHANGES file modifications to reduce patch conflicts.] + +--- + ssl/s3_srvr.c | 10 ++++++++++ + ssl/ssl.h | 2 ++ + ssl/ssl3.h | 11 +++++++++++ + ssl/ssl_err.c | 4 +++- + 4 files changed, 26 insertions(+), 1 deletion(-) + +Index: b/ssl/s3_srvr.c +=================================================================== +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -235,6 +235,7 @@ int ssl3_accept(SSL *s) + } + + s->init_num=0; ++ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; + + if (s->state != SSL_ST_RENEGOTIATE) + { +@@ -697,6 +698,14 @@ int ssl3_check_client_hello(SSL *s) + int ok; + long n; + ++ /* We only allow the client to restart the handshake once per ++ * negotiation. */ ++ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) ++ { ++ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); ++ return -1; ++ } ++ + /* this function is called when we really expect a Certificate message, + * so permit appropriate message length */ + n=s->method->ssl_get_message(s, +@@ -725,6 +734,7 @@ int ssl3_check_client_hello(SSL *s) + s->s3->tmp.ecdh = NULL; + } + #endif ++ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; + return 2; + } + return 1; +Index: b/ssl/ssl.h +=================================================================== +--- a/ssl/ssl.h ++++ b/ssl/ssl.h +@@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL3_CALLBACK_CTRL 233 + #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 + #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 ++#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 + #define SSL_F_SSL3_CLIENT_HELLO 131 + #define SSL_F_SSL3_CONNECT 132 + #define SSL_F_SSL3_CTRL 213 +@@ -1974,6 +1975,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_MISSING_TMP_RSA_KEY 172 + #define SSL_R_MISSING_TMP_RSA_PKEY 173 + #define SSL_R_MISSING_VERIFY_MESSAGE 174 ++#define SSL_R_MULTIPLE_SGC_RESTARTS 325 + #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 + #define SSL_R_NO_CERTIFICATES_RETURNED 176 + #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +Index: b/ssl/ssl3.h +=================================================================== +--- a/ssl/ssl3.h ++++ b/ssl/ssl3.h +@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st + #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 + #define SSL3_FLAGS_POP_BUFFER 0x0004 + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++ ++/* SSL3_FLAGS_SGC_RESTART_DONE is set when we ++ * restart a handshake because of MS SGC and so prevents us ++ * from restarting the handshake in a loop. It's reset on a ++ * renegotiation, so effectively limits the client to one restart ++ * per negotiation. This limits the possibility of a DDoS ++ * attack where the client handshakes in a loop using SGC to ++ * restart. Servers which permit renegotiation can still be ++ * effected, but we can't prevent that. ++ */ ++#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 + + typedef struct ssl3_state_st + { +Index: b/ssl/ssl_err.c +=================================================================== +--- a/ssl/ssl_err.c ++++ b/ssl/ssl_err.c +@@ -1,6 +1,6 @@ + /* ssl/ssl_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, + {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, ++{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, + {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, + {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, +@@ -375,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, + {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, + {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, ++{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, + {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, + {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, + {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, --- openssl-0.9.8k.orig/debian/patches/rehash-crt.patch +++ openssl-0.9.8k/debian/patches/rehash-crt.patch @@ -0,0 +1,33 @@ +Index: openssl-0.9.8k/tools/c_rehash.in +=================================================================== +--- openssl-0.9.8k.orig/tools/c_rehash.in 2002-10-11 22:31:27.000000000 +0200 ++++ openssl-0.9.8k/tools/c_rehash.in 2009-07-19 11:36:26.000000000 +0200 +@@ -59,12 +59,15 @@ + } + } + closedir DIR; +- FILE: foreach $fname (grep {/\.pem$/} @flist) { ++ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { +- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; +- next; ++ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); ++ if(!$cert && !$crl) { ++ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; ++ next; ++ } + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); +@@ -102,6 +105,9 @@ + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; ++ if(!$hash || !fprint) { ++ ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`; ++ } + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; --- openssl-0.9.8k.orig/debian/patches/ca.patch +++ openssl-0.9.8k/debian/patches/ca.patch @@ -0,0 +1,32 @@ +Index: openssl-0.9.8k/apps/CA.sh +=================================================================== +--- openssl-0.9.8k.orig/apps/CA.sh 2005-07-04 23:44:22.000000000 +0200 ++++ openssl-0.9.8k/apps/CA.sh 2009-07-19 11:32:41.000000000 +0200 +@@ -91,6 +91,7 @@ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ ++ -extensions v3_ca \ + -infiles ${CATOP}/$CAREQ + RET=$? + fi +Index: openssl-0.9.8k/apps/CA.pl.in +=================================================================== +--- openssl-0.9.8k.orig/apps/CA.pl.in 2006-04-28 02:28:51.000000000 +0200 ++++ openssl-0.9.8k/apps/CA.pl.in 2009-07-19 11:32:41.000000000 +0200 +@@ -65,6 +65,7 @@ + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } --- openssl-0.9.8k.orig/debian/patches/CVE-2009-3245.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-3245.patch @@ -0,0 +1,106 @@ +Description: fix denial of service and possible arbitrary code + execution via unchecked return values +Bug: http://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest +Origin: upstream, http://cvs.openssl.org/chngview?cn=18936 +Origin: upstream, http://cvs.openssl.org/chngview?cn=19309 + +diff -Nur openssl-0.9.8k/crypto/bn/bn_div.c openssl-0.9.8k.new/crypto/bn/bn_div.c +--- openssl-0.9.8k/crypto/bn/bn_div.c 2008-09-14 09:42:40.000000000 -0400 ++++ openssl-0.9.8k.new/crypto/bn/bn_div.c 2010-03-30 08:56:10.000000000 -0400 +@@ -102,7 +102,7 @@ + /* The next 2 are needed so we can do a dv->d[0]|=1 later + * since BN_lshift1 will only work once there is a value :-) */ + BN_zero(dv); +- bn_wexpand(dv,1); ++ if(bn_wexpand(dv,1) == NULL) goto end; + dv->top=1; + + if (!BN_lshift(D,D,nm-nd)) goto end; +diff -Nur openssl-0.9.8k/crypto/bn/bn_gf2m.c openssl-0.9.8k.new/crypto/bn/bn_gf2m.c +--- openssl-0.9.8k/crypto/bn/bn_gf2m.c 2008-06-23 16:46:28.000000000 -0400 ++++ openssl-0.9.8k.new/crypto/bn/bn_gf2m.c 2010-03-30 08:56:10.000000000 -0400 +@@ -294,7 +294,8 @@ + if (a->top < b->top) { at = b; bt = a; } + else { at = a; bt = b; } + +- bn_wexpand(r, at->top); ++ if(bn_wexpand(r, at->top) == NULL) ++ return 0; + + for (i = 0; i < bt->top; i++) + { +diff -Nur openssl-0.9.8k/crypto/bn/bn_mul.c openssl-0.9.8k.new/crypto/bn/bn_mul.c +--- openssl-0.9.8k/crypto/bn/bn_mul.c 2007-11-03 16:09:29.000000000 -0400 ++++ openssl-0.9.8k.new/crypto/bn/bn_mul.c 2010-03-30 08:56:06.000000000 -0400 +@@ -1030,15 +1030,15 @@ + t = BN_CTX_get(ctx); + if (al > j || bl > j) + { +- bn_wexpand(t,k*4); +- bn_wexpand(rr,k*4); ++ if (bn_wexpand(t,k*4) == NULL) goto err; ++ if (bn_wexpand(rr,k*4) == NULL) goto err; + bn_mul_part_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } + else /* al <= j || bl <= j */ + { +- bn_wexpand(t,k*2); +- bn_wexpand(rr,k*2); ++ if (bn_wexpand(t,k*2) == NULL) goto err; ++ if (bn_wexpand(rr,k*2) == NULL) goto err; + bn_mul_recursive(rr->d,a->d,b->d, + j,al-j,bl-j,t->d); + } +diff -Nur openssl-0.9.8k/crypto/ec/ec2_smpl.c openssl-0.9.8k.new/crypto/ec/ec2_smpl.c +--- openssl-0.9.8k/crypto/ec/ec2_smpl.c 2006-03-13 18:12:07.000000000 -0500 ++++ openssl-0.9.8k.new/crypto/ec/ec2_smpl.c 2010-03-30 08:56:10.000000000 -0400 +@@ -174,8 +174,10 @@ + dest->poly[2] = src->poly[2]; + dest->poly[3] = src->poly[3]; + dest->poly[4] = src->poly[4]; +- bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); +- bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); ++ if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) ++ return 0; ++ if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) ++ return 0; + for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; + for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; + return 1; +@@ -199,12 +201,12 @@ + + /* group->a */ + if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; +- bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); ++ if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; + for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; + + /* group->b */ + if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; +- bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); ++ if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; + for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; + + ret = 1; +diff -Nur openssl-0.9.8k/engines/e_ubsec.c openssl-0.9.8k.new/engines/e_ubsec.c +--- openssl-0.9.8k/engines/e_ubsec.c 2007-09-06 08:43:53.000000000 -0400 ++++ openssl-0.9.8k.new/engines/e_ubsec.c 2010-03-30 08:56:10.000000000 -0400 +@@ -934,7 +934,7 @@ + priv_key = BN_new(); + if (priv_key == NULL) goto err; + priv_key_len = BN_num_bits(dh->p); +- bn_wexpand(priv_key, dh->p->top); ++ if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; + do + if (!BN_rand_range(priv_key, dh->p)) goto err; + while (BN_is_zero(priv_key)); +@@ -949,7 +949,7 @@ + { + pub_key = BN_new(); + pub_key_len = BN_num_bits(dh->p); +- bn_wexpand(pub_key, dh->p->top); ++ if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; + if(pub_key == NULL) goto err; + } + else --- openssl-0.9.8k.orig/debian/patches/CVE-2010-0740.patch +++ openssl-0.9.8k/debian/patches/CVE-2010-0740.patch @@ -0,0 +1,20 @@ +Description: fix denial of service via "record of death" +Origin: upstream, http://www.openssl.org/news/secadv_20100324.txt +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575607 + +diff -Nur openssl-0.9.8k/ssl/s3_pkt.c openssl-0.9.8k.new/ssl/s3_pkt.c +--- openssl-0.9.8k/ssl/s3_pkt.c 2008-10-10 06:41:32.000000000 -0400 ++++ openssl-0.9.8k.new/ssl/s3_pkt.c 2010-03-30 08:57:12.000000000 -0400 +@@ -282,9 +282,9 @@ + if (version != s->version) + { + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); +- /* Send back error using their +- * version number :-) */ +- s->version=version; ++ if ((s->version & 0xFF00) == (version & 0xFF00)) ++ /* Send back error using their minor version number :-) */ ++ s->version = (unsigned short)version; + al=SSL_AD_PROTOCOL_VERSION; + goto f_err; + } --- openssl-0.9.8k.orig/debian/patches/engines-path.patch +++ openssl-0.9.8k/debian/patches/engines-path.patch @@ -0,0 +1,47 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/Configure 2009-07-19 11:37:18.000000000 +0200 +@@ -1687,7 +1687,7 @@ + if (/^#define\s+OPENSSLDIR/) + { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + elsif (/^#define\s+ENGINESDIR/) +- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } ++ { print OUT "#define ENGINESDIR \"$prefix/lib/ssl/engines\"\n"; } + elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) + { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" + if $export_var_as_fn; +Index: openssl-0.9.8k/Makefile.org +=================================================================== +--- openssl-0.9.8k.orig/Makefile.org 2009-03-03 23:40:29.000000000 +0100 ++++ openssl-0.9.8k/Makefile.org 2009-07-19 11:37:33.000000000 +0200 +@@ -616,7 +616,7 @@ + install_sw: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ +- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ +Index: openssl-0.9.8k/engines/Makefile +=================================================================== +--- openssl-0.9.8k.orig/engines/Makefile 2008-09-17 19:11:07.000000000 +0200 ++++ openssl-0.9.8k/engines/Makefile 2009-07-19 11:32:41.000000000 +0200 +@@ -100,13 +100,13 @@ + *DSO_DL*) sfx="sl";; \ + *) sfx="bad";; \ + esac; \ +- cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \ ++ cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines/lib$$l.$$sfx.new; \ + else \ + sfx="so"; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines/lib$$l.$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines/lib$$l.$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/ssl/engines/lib$$l.$$sfx ); \ + done; \ + fi + --- openssl-0.9.8k.orig/debian/patches/CVE-2013-0169.patch +++ openssl-0.9.8k/debian/patches/CVE-2013-0169.patch @@ -0,0 +1,1912 @@ +Description: fix "Lucky Thirteen" timing side-channel TLS attack +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=270881316664396326c461ec7a124aec2c6cc081 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=35a65e814beb899fa1c69a7673a8956c6059dce7 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a33e6702a0db1b9f4648d247b8b28a5c0e42ca13 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2928cb4c82d6516d9e65ede4901a5957d8c39c32 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3a959a337b8083bc855623f24cebaf43a477350 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=be88529753897c29c677d1becb321f0072c0659c +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=99f5093347c65eecbd05f0668aea94b32fcf20d7 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=24b28060975c01b749391778d13ec2ea1323a1aa +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=924b11742296c13816a9f301e76fea023003920c +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c23a7458209e773ffcd42bdcfa5cf2564df86bd7 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1909df070fb5c5b87246a2de19c17588deba5818 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=33ccde59a1ece0f68cc4b64e930001ab230725b1 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5f9345a2f0b592457fc4a619ac98ea59ffd394ba +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40e0de03955e218f45a7979cb46fba193f4e7fc2 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1213e6c3c2d7abeeb886d911a3c6c06c5da2e3a4 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca3b81c8580a609edac1f13a3f62d4348d66c3a8 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6351adecb4726476def5f5ad904a7d2e63480d53 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb092ef4fca897344daf7189526f5f26be6487ce +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=59b1129e0a50fdf7e4e58d7c355783a7bfc1f44c +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4ea7019165db53b92b4284461c5c88bfe7c6e57d +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=76c61a5d1adb92388f39e585e4af860a20feb9bb +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ff58eaa4b645a38f3a226cf566d969fffa64ef94 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5864fd2061f43dc8f89b5755f19bd2a35dec636c +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fbe621d08f2026926c91c1c5f386b27605e39a43 +Origin: backport, http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8655eb21a7f9a313db18daa6ccaed928fb6027c +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889 + +Index: openssl-0.9.8k/crypto/bn/bn_word.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/bn/bn_word.c 2005-07-25 18:55:47.000000000 -0400 ++++ openssl-0.9.8k/crypto/bn/bn_word.c 2013-02-18 15:22:07.510047237 -0500 +@@ -144,26 +144,17 @@ + a->neg=!(a->neg); + return(i); + } +- /* Only expand (and risk failing) if it's possibly necessary */ +- if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && +- (bn_wexpand(a,a->top+1) == NULL)) +- return(0); +- i=0; +- for (;;) ++ for (i=0;w!=0 && itop;i++) + { +- if (i >= a->top) +- l=w; +- else +- l=(a->d[i]+w)&BN_MASK2; +- a->d[i]=l; +- if (w > l) +- w=1; +- else +- break; +- i++; ++ a->d[i] = l = (a->d[i]+w)&BN_MASK2; ++ w = (w>l)?1:0; + } +- if (i >= a->top) ++ if (w && i==a->top) ++ { ++ if (bn_wexpand(a,a->top+1) == NULL) return 0; + a->top++; ++ a->d[i]=w; ++ } + bn_check_top(a); + return(1); + } +Index: openssl-0.9.8k/crypto/cryptlib.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/cryptlib.c 2008-09-16 11:11:50.000000000 -0400 ++++ openssl-0.9.8k/crypto/cryptlib.c 2013-02-18 15:21:47.566046726 -0500 +@@ -543,3 +543,19 @@ + } + + void *OPENSSL_stderr(void) { return stderr; } ++ ++#ifndef OPENSSL_FIPS ++ ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; ++ ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +Index: openssl-0.9.8k/crypto/crypto.h +=================================================================== +--- openssl-0.9.8k.orig/crypto/crypto.h 2008-10-26 14:42:00.000000000 -0400 ++++ openssl-0.9.8k/crypto/crypto.h 2013-02-18 15:10:09.586028854 -0500 +@@ -588,6 +588,13 @@ + + #endif /* def OPENSSL_FIPS */ + ++/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It ++ * takes an amount of time dependent on |len|, but independent of the contents ++ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a ++ * defined order as the return value when a != b is undefined, other than to be ++ * non-zero. */ ++int CRYPTO_memcmp(const void *a, const void *b, size_t len); ++ + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. +Index: openssl-0.9.8k/crypto/o_init.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/o_init.c 2008-11-05 13:36:36.000000000 -0500 ++++ openssl-0.9.8k/crypto/o_init.c 2013-02-18 15:21:47.570046726 -0500 +@@ -83,4 +83,18 @@ + #endif + } + ++#ifdef OPENSSL_FIPS + ++int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) ++ { ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; ++ ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; ++ ++ return x; ++ } ++#endif +Index: openssl-0.9.8k/crypto/rsa/rsa_oaep.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/rsa/rsa_oaep.c 2008-09-17 11:53:59.000000000 -0400 ++++ openssl-0.9.8k/crypto/rsa/rsa_oaep.c 2013-02-18 15:10:09.586028854 -0500 +@@ -143,7 +143,7 @@ + + EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + +- if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) ++ if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + goto decoding_err; + else + { +Index: openssl-0.9.8k/ssl/Makefile +=================================================================== +--- openssl-0.9.8k.orig/ssl/Makefile 2013-02-18 15:09:34.690027961 -0500 ++++ openssl-0.9.8k/ssl/Makefile 2013-02-18 15:10:13.338028950 -0500 +@@ -22,7 +22,7 @@ + SHARED_LIB= libssl$(SHLIB_EXT) + LIBSRC= \ + s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \ +- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \ ++ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \ + s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ + t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \ + d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \ +@@ -33,7 +33,7 @@ + bio_ssl.c ssl_err.c kssl.c t1_reneg.c + LIBOBJ= \ + s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ +- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ ++ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ + s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ + t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \ + d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \ +Index: openssl-0.9.8k/ssl/d1_enc.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/d1_enc.c 2013-02-18 15:09:35.170027973 -0500 ++++ openssl-0.9.8k/ssl/d1_enc.c 2013-02-18 15:17:23.574039966 -0500 +@@ -126,18 +126,30 @@ + #include + #endif + ++/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. ++ * ++ * Returns: ++ * 0: (in non-constant time) if the record is publically invalid (i.e. too ++ * short etc). ++ * 1: if the record's padding is valid / the encryption was successful. ++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, ++ * an internal error occured. */ + int dtls1_enc(SSL *s, int send) + { + SSL3_RECORD *rec; + EVP_CIPHER_CTX *ds; + unsigned long l; +- int bs,i,ii,j,k,n=0; ++ int bs,i,j,k,n=0; + const EVP_CIPHER *enc; + + if (send) + { + if (s->write_hash != NULL) ++ { + n=EVP_MD_size(s->write_hash); ++ if (n < 0) ++ return -1; ++ } + ds=s->enc_write_ctx; + rec= &(s->s3->wrec); + if (s->enc_write_ctx == NULL) +@@ -159,7 +171,10 @@ + else + { + if (s->read_hash != NULL) ++ { + n=EVP_MD_size(s->read_hash); ++ OPENSSL_assert(n >= 0); ++ } + ds=s->enc_read_ctx; + rec= &(s->s3->rrec); + if (s->enc_read_ctx == NULL) +@@ -243,43 +258,7 @@ + #endif /* KSSL_DEBUG */ + + if ((bs != 1) && !send) +- { +- ii=i=rec->data[l-1]; /* padding_length */ +- i++; +- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) +- { +- /* First packet is even in size, so check */ +- if ((memcmp(s->s3->read_sequence, +- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) +- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; +- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) +- i--; +- } +- /* TLS 1.0 does not bound the number of padding bytes by the block size. +- * All of them must have value 'padding_length'. */ +- if (i + bs > (int)rec->length) +- { +- /* Incorrect padding. SSLerr() and ssl3_alert are done +- * by caller: we don't want to reveal whether this is +- * a decryption error or a MAC verification failure +- * (see http://www.openssl.org/~bodo/tls-cbc.txt) +- */ +- return -1; +- } +- for (j=(int)(l-i); j<(int)l; j++) +- { +- if (rec->data[j] != ii) +- { +- /* Incorrect padding */ +- return -1; +- } +- } +- rec->length-=i; +- +- rec->data += bs; /* skip the implicit IV */ +- rec->input += bs; +- rec->length -= bs; +- } ++ return tls1_cbc_remove_padding(s, rec, bs, n); + } + return(1); + } +Index: openssl-0.9.8k/ssl/d1_pkt.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/d1_pkt.c 2013-02-18 15:09:35.026027969 -0500 ++++ openssl-0.9.8k/ssl/d1_pkt.c 2013-02-18 15:22:27.662047753 -0500 +@@ -329,15 +329,11 @@ + dtls1_process_record(SSL *s) + { + int i,al; +- int clear=0; + int enc_err; + SSL_SESSION *sess; +- SSL3_RECORD *rr; +- unsigned int mac_size; ++ SSL3_RECORD *rr; ++ unsigned int mac_size, orig_len; + unsigned char md[EVP_MAX_MD_SIZE]; +- int decryption_failed_or_bad_record_mac = 0; +- unsigned char *mac = NULL; +- + + rr= &(s->s3->rrec); + sess = s->session; +@@ -369,12 +365,16 @@ + rr->data=rr->input; + + enc_err = s->method->ssl3_enc->enc(s,0); +- if (enc_err <= 0) ++ /* enc_err is: ++ * 0: (in non-constant time) if the record is publically invalid. ++ * 1: if the padding is valid ++ * -1: if the padding is invalid */ ++ if (enc_err == 0) + { +- /* To minimize information leaked via timing, we will always +- * perform all computations before discarding the message. +- */ +- decryption_failed_or_bad_record_mac = 1; ++ /* For DTLS we simply ignore bad packets. */ ++ rr->length = 0; ++ s->packet_length = 0; ++ goto err; + } + + #ifdef TLS_DEBUG +@@ -384,41 +384,62 @@ + #endif + + /* r->length is now the compressed data plus mac */ +-if ( (sess == NULL) || +- (s->enc_read_ctx == NULL) || +- (s->read_hash == NULL)) +- clear=1; +- +- if (!clear) ++ if ((sess != NULL) && ++ (s->enc_read_ctx != NULL) && ++ (s->read_hash != NULL)) + { ++ /* s->read_hash != NULL => mac_size != -1 */ ++ unsigned char *mac = NULL; ++ unsigned char mac_tmp[EVP_MAX_MD_SIZE]; + mac_size=EVP_MD_size(s->read_hash); ++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + +- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) ++ /* kludge: *_cbc_remove_padding passes padding length in rr->type */ ++ orig_len = rr->length+((unsigned int)rr->type>>8); ++ ++ /* orig_len is the length of the record before any padding was ++ * removed. This is public information, as is the MAC in use, ++ * therefore we can safely process the record in a different ++ * amount of time if it's too short to possibly contain a MAC. ++ */ ++ if (orig_len < mac_size || ++ /* CBC records must have a padding length byte too. */ ++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && ++ orig_len < mac_size+1)) + { +-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ +- al=SSL_AD_RECORD_OVERFLOW; +- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); ++ al=SSL_AD_DECODE_ERROR; ++ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); + goto f_err; +-#else +- decryption_failed_or_bad_record_mac = 1; +-#endif + } +- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +- if (rr->length >= mac_size) ++ ++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) + { ++ /* We update the length so that the TLS header bytes ++ * can be constructed correctly but we need to extract ++ * the MAC in constant time from within the record, ++ * without leaking the contents of the padding bytes. ++ * */ ++ mac = mac_tmp; ++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); + rr->length -= mac_size; +- mac = &rr->data[rr->length]; + } + else +- rr->length = 0; +- i=s->method->ssl3_enc->mac(s,md,0); +- if (mac == NULL || memcmp(md, mac, mac_size) != 0) + { +- decryption_failed_or_bad_record_mac = 1; ++ /* In this case there's no padding, so |orig_len| ++ * equals |rec->length| and we checked that there's ++ * enough bytes for |mac_size| above. */ ++ rr->length -= mac_size; ++ mac = &rr->data[rr->length]; + } ++ ++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */); ++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) ++ enc_err = -1; ++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) ++ enc_err = -1; + } + +- if (decryption_failed_or_bad_record_mac) ++ if (enc_err < 0) + { + /* decryption failed, silently discard message */ + rr->length = 0; +Index: openssl-0.9.8k/ssl/s2_clnt.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/s2_clnt.c 2009-01-07 05:48:23.000000000 -0500 ++++ openssl-0.9.8k/ssl/s2_clnt.c 2013-02-18 15:10:09.590028854 -0500 +@@ -935,7 +935,7 @@ + s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ + p += 1; + +- if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) ++ if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); +Index: openssl-0.9.8k/ssl/s2_pkt.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/s2_pkt.c 2003-12-27 11:10:30.000000000 -0500 ++++ openssl-0.9.8k/ssl/s2_pkt.c 2013-02-18 15:10:09.590028854 -0500 +@@ -267,8 +267,7 @@ + s->s2->ract_data_length-=mac_size; + ssl2_mac(s,mac,0); + s->s2->ract_data_length-=s->s2->padding; +- if ( (memcmp(mac,s->s2->mac_data, +- (unsigned int)mac_size) != 0) || ++ if ( (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) || + (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE); +Index: openssl-0.9.8k/ssl/s3_both.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/s3_both.c 2013-02-18 15:09:34.690027961 -0500 ++++ openssl-0.9.8k/ssl/s3_both.c 2013-02-18 15:10:09.590028854 -0500 +@@ -242,7 +242,7 @@ + goto f_err; + } + +- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) ++ if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) + { + al=SSL_AD_DECRYPT_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); +Index: openssl-0.9.8k/ssl/s3_cbc.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-0.9.8k/ssl/s3_cbc.c 2013-02-18 15:22:41.694048112 -0500 +@@ -0,0 +1,783 @@ ++/* ssl/s3_cbc.c */ ++/* ==================================================================== ++ * Copyright (c) 2012 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include "ssl_locl.h" ++ ++#include ++#include ++ ++/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length ++ * field. (SHA-384/512 have 128-bit length.) */ ++#define MAX_HASH_BIT_COUNT_BYTES 16 ++ ++/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. ++ * Currently SHA-384/512 has a 128-byte block size and that's the largest ++ * supported by TLS.) */ ++#define MAX_HASH_BLOCK_SIZE 128 ++ ++/* Some utility functions are needed: ++ * ++ * These macros return the given value with the MSB copied to all the other ++ * bits. They use the fact that arithmetic shift shifts-in the sign bit. ++ * However, this is not ensured by the C standard so you may need to replace ++ * them with something else on odd CPUs. */ ++#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) ++#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) ++ ++/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ ++static unsigned constant_time_ge(unsigned a, unsigned b) ++ { ++ a -= b; ++ return DUPLICATE_MSB_TO_ALL(~a); ++ } ++ ++/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ ++static unsigned char constant_time_eq_8(unsigned a, unsigned b) ++ { ++ unsigned c = a ^ b; ++ c--; ++ return DUPLICATE_MSB_TO_ALL_8(c); ++ } ++ ++/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC ++ * record in |rec| by updating |rec->length| in constant time. ++ * ++ * block_size: the block size of the cipher used to encrypt the record. ++ * returns: ++ * 0: (in non-constant time) if the record is publicly invalid. ++ * 1: if the padding was valid ++ * -1: otherwise. */ ++int ssl3_cbc_remove_padding(const SSL* s, ++ SSL3_RECORD *rec, ++ unsigned block_size, ++ unsigned mac_size) ++ { ++ unsigned padding_length, good; ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ ++ /* These lengths are all public so we can test them in non-constant ++ * time. */ ++ if (overhead > rec->length) ++ return 0; ++ ++ padding_length = rec->data[rec->length-1]; ++ good = constant_time_ge(rec->length, padding_length+overhead); ++ /* SSLv3 requires that the padding is minimal. */ ++ good &= constant_time_ge(block_size, padding_length+1); ++ padding_length = good & (padding_length+1); ++ rec->length -= padding_length; ++ rec->type |= padding_length<<8; /* kludge: pass padding length */ ++ return (int)((good & 1) | (~good & -1)); ++} ++ ++/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC ++ * record in |rec| in constant time and returns 1 if the padding is valid and ++ * -1 otherwise. It also removes any explicit IV from the start of the record ++ * without leaking any timing about whether there was enough space after the ++ * padding was removed. ++ * ++ * block_size: the block size of the cipher used to encrypt the record. ++ * returns: ++ * 0: (in non-constant time) if the record is publicly invalid. ++ * 1: if the padding was valid ++ * -1: otherwise. */ ++int tls1_cbc_remove_padding(const SSL* s, ++ SSL3_RECORD *rec, ++ unsigned block_size, ++ unsigned mac_size) ++ { ++ unsigned padding_length, good, to_check, i; ++ const unsigned overhead = 1 /* padding length byte */ + mac_size; ++ /* Check if version requires explicit IV */ ++ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) ++ { ++ /* These lengths are all public so we can test them in ++ * non-constant time. ++ */ ++ if (overhead + block_size > rec->length) ++ return 0; ++ /* We can now safely skip explicit IV */ ++ rec->data += block_size; ++ rec->input += block_size; ++ rec->length -= block_size; ++ } ++ else if (overhead > rec->length) ++ return 0; ++ ++ padding_length = rec->data[rec->length-1]; ++ ++ /* NB: if compression is in operation the first packet may not be of ++ * even length so the padding bug check cannot be performed. This bug ++ * workaround has been around since SSLeay so hopefully it is either ++ * fixed now or no buggy implementation supports compression [steve] ++ */ ++ if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) ++ { ++ /* First packet is even in size, so check */ ++ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && ++ !(padding_length & 1)) ++ { ++ s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; ++ } ++ if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && ++ padding_length > 0) ++ { ++ padding_length--; ++ } ++ } ++ ++ good = constant_time_ge(rec->length, overhead+padding_length); ++ /* The padding consists of a length byte at the end of the record and ++ * then that many bytes of padding, all with the same value as the ++ * length byte. Thus, with the length byte included, there are i+1 ++ * bytes of padding. ++ * ++ * We can't check just |padding_length+1| bytes because that leaks ++ * decrypted information. Therefore we always have to check the maximum ++ * amount of padding possible. (Again, the length of the record is ++ * public information so we can use it.) */ ++ to_check = 255; /* maximum amount of padding. */ ++ if (to_check > rec->length-1) ++ to_check = rec->length-1; ++ ++ for (i = 0; i < to_check; i++) ++ { ++ unsigned char mask = constant_time_ge(padding_length, i); ++ unsigned char b = rec->data[rec->length-1-i]; ++ /* The final |padding_length+1| bytes should all have the value ++ * |padding_length|. Therefore the XOR should be zero. */ ++ good &= ~(mask&(padding_length ^ b)); ++ } ++ ++ /* If any of the final |padding_length+1| bytes had the wrong value, ++ * one or more of the lower eight bits of |good| will be cleared. We ++ * AND the bottom 8 bits together and duplicate the result to all the ++ * bits. */ ++ good &= good >> 4; ++ good &= good >> 2; ++ good &= good >> 1; ++ good <<= sizeof(good)*8-1; ++ good = DUPLICATE_MSB_TO_ALL(good); ++ ++ padding_length = good & (padding_length+1); ++ rec->length -= padding_length; ++ rec->type |= padding_length<<8; /* kludge: pass padding length */ ++ ++ return (int)((good & 1) | (~good & -1)); ++ } ++ ++/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in ++ * constant time (independent of the concrete value of rec->length, which may ++ * vary within a 256-byte window). ++ * ++ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to ++ * this function. ++ * ++ * On entry: ++ * rec->orig_len >= md_size ++ * md_size <= EVP_MAX_MD_SIZE ++ * ++ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with ++ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into ++ * a single or pair of cache-lines, then the variable memory accesses don't ++ * actually affect the timing. CPUs with smaller cache-lines [if any] are ++ * not multi-core and are not considered vulnerable to cache-timing attacks. ++ */ ++#define CBC_MAC_ROTATE_IN_PLACE ++ ++void ssl3_cbc_copy_mac(unsigned char* out, ++ const SSL3_RECORD *rec, ++ unsigned md_size,unsigned orig_len) ++ { ++#if defined(CBC_MAC_ROTATE_IN_PLACE) ++ unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE]; ++ unsigned char *rotated_mac; ++#else ++ unsigned char rotated_mac[EVP_MAX_MD_SIZE]; ++#endif ++ ++ /* mac_end is the index of |rec->data| just after the end of the MAC. */ ++ unsigned mac_end = rec->length; ++ unsigned mac_start = mac_end - md_size; ++ /* scan_start contains the number of bytes that we can ignore because ++ * the MAC's position can only vary by 255 bytes. */ ++ unsigned scan_start = 0; ++ unsigned i, j; ++ unsigned div_spoiler; ++ unsigned rotate_offset; ++ ++ OPENSSL_assert(orig_len >= md_size); ++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); ++ ++#if defined(CBC_MAC_ROTATE_IN_PLACE) ++ rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63); ++#endif ++ ++ /* This information is public so it's safe to branch based on it. */ ++ if (orig_len > md_size + 255 + 1) ++ scan_start = orig_len - (md_size + 255 + 1); ++ /* div_spoiler contains a multiple of md_size that is used to cause the ++ * modulo operation to be constant time. Without this, the time varies ++ * based on the amount of padding when running on Intel chips at least. ++ * ++ * The aim of right-shifting md_size is so that the compiler doesn't ++ * figure out that it can remove div_spoiler as that would require it ++ * to prove that md_size is always even, which I hope is beyond it. */ ++ div_spoiler = md_size >> 1; ++ div_spoiler <<= (sizeof(div_spoiler)-1)*8; ++ rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; ++ ++ memset(rotated_mac, 0, md_size); ++ for (i = scan_start, j = 0; i < orig_len; i++) ++ { ++ unsigned char mac_started = constant_time_ge(i, mac_start); ++ unsigned char mac_ended = constant_time_ge(i, mac_end); ++ unsigned char b = rec->data[i]; ++ rotated_mac[j++] |= b & mac_started & ~mac_ended; ++ j &= constant_time_lt(j,md_size); ++ } ++ ++ /* Now rotate the MAC */ ++#if defined(CBC_MAC_ROTATE_IN_PLACE) ++ j = 0; ++ for (i = 0; i < md_size; i++) ++ { ++ /* in case cache-line is 32 bytes, touch second line */ ++ ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; ++ out[j++] = rotated_mac[rotate_offset++]; ++ rotate_offset &= constant_time_lt(rotate_offset,md_size); ++ } ++#else ++ memset(out, 0, md_size); ++ rotate_offset = md_size - rotate_offset; ++ rotate_offset &= constant_time_lt(rotate_offset,md_size); ++ for (i = 0; i < md_size; i++) ++ { ++ for (j = 0; j < md_size; j++) ++ out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); ++ rotate_offset++; ++ rotate_offset &= constant_time_lt(rotate_offset,md_size); ++ } ++#endif ++ } ++ ++/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in ++ * little-endian order. The value of p is advanced by four. */ ++#define u32toLE(n, p) \ ++ (*((p)++)=(unsigned char)(n), \ ++ *((p)++)=(unsigned char)(n>>8), \ ++ *((p)++)=(unsigned char)(n>>16), \ ++ *((p)++)=(unsigned char)(n>>24)) ++ ++/* These functions serialize the state of a hash and thus perform the standard ++ * "final" operation without adding the padding and length that such a function ++ * typically does. */ ++static void tls1_md5_final_raw(void* ctx, unsigned char *md_out) ++ { ++ MD5_CTX *md5 = ctx; ++ u32toLE(md5->A, md_out); ++ u32toLE(md5->B, md_out); ++ u32toLE(md5->C, md_out); ++ u32toLE(md5->D, md_out); ++ } ++ ++static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out) ++ { ++ SHA_CTX *sha1 = ctx; ++ l2n(sha1->h0, md_out); ++ l2n(sha1->h1, md_out); ++ l2n(sha1->h2, md_out); ++ l2n(sha1->h3, md_out); ++ l2n(sha1->h4, md_out); ++ } ++#define LARGEST_DIGEST_CTX SHA_CTX ++ ++#ifndef OPENSSL_NO_SHA256 ++static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out) ++ { ++ SHA256_CTX *sha256 = ctx; ++ unsigned i; ++ ++ for (i = 0; i < 8; i++) ++ { ++ l2n(sha256->h[i], md_out); ++ } ++ } ++#undef LARGEST_DIGEST_CTX ++#define LARGEST_DIGEST_CTX SHA256_CTX ++#endif ++ ++#ifndef OPENSSL_NO_SHA512 ++static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out) ++ { ++ SHA512_CTX *sha512 = ctx; ++ unsigned i; ++ ++ for (i = 0; i < 8; i++) ++ { ++ l2n8(sha512->h[i], md_out); ++ } ++ } ++#undef LARGEST_DIGEST_CTX ++#define LARGEST_DIGEST_CTX SHA512_CTX ++#endif ++ ++/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function ++ * which ssl3_cbc_digest_record supports. */ ++char ssl3_cbc_record_digest_supported(const EVP_MD *digest) ++ { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return 0; ++#endif ++ switch (EVP_MD_type(digest)) ++ { ++ case NID_md5: ++ case NID_sha1: ++#ifndef OPENSSL_NO_SHA256 ++ case NID_sha224: ++ case NID_sha256: ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ case NID_sha384: ++ case NID_sha512: ++#endif ++ return 1; ++ default: ++ return 0; ++ } ++ } ++ ++/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS ++ * record. ++ * ++ * ctx: the EVP_MD_CTX from which we take the hash function. ++ * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. ++ * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. ++ * md_out_size: if non-NULL, the number of output bytes is written here. ++ * header: the 13-byte, TLS record header. ++ * data: the record data itself, less any preceeding explicit IV. ++ * data_plus_mac_size: the secret, reported length of the data and MAC ++ * once the padding has been removed. ++ * data_plus_mac_plus_padding_size: the public length of the whole ++ * record, including padding. ++ * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. ++ * ++ * On entry: by virtue of having been through one of the remove_padding ++ * functions, above, we know that data_plus_mac_size is large enough to contain ++ * a padding byte and MAC. (If the padding was invalid, it might contain the ++ * padding too. ) */ ++void ssl3_cbc_digest_record( ++ const EVP_MD *digest, ++ unsigned char* md_out, ++ size_t* md_out_size, ++ const unsigned char header[13], ++ const unsigned char *data, ++ size_t data_plus_mac_size, ++ size_t data_plus_mac_plus_padding_size, ++ const unsigned char *mac_secret, ++ unsigned mac_secret_length, ++ char is_sslv3) ++ { ++ union { double align; ++ unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state; ++ void (*md_final_raw)(void *ctx, unsigned char *md_out); ++ void (*md_transform)(void *ctx, const unsigned char *block); ++ unsigned md_size, md_block_size = 64; ++ unsigned sslv3_pad_length = 40, header_length, variance_blocks, ++ len, max_mac_bytes, num_blocks, ++ num_starting_blocks, k, mac_end_offset, c, index_a, index_b; ++ unsigned int bits; /* at most 18 bits */ ++ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; ++ /* hmac_pad is the masked HMAC key. */ ++ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; ++ unsigned char first_block[MAX_HASH_BLOCK_SIZE]; ++ unsigned char mac_out[EVP_MAX_MD_SIZE]; ++ unsigned i, j, md_out_size_u; ++ EVP_MD_CTX md_ctx; ++ /* mdLengthSize is the number of bytes in the length field that terminates ++ * the hash. */ ++ unsigned md_length_size = 8; ++ char length_is_big_endian = 1; ++ ++ /* This is a, hopefully redundant, check that allows us to forget about ++ * many possible overflows later in this function. */ ++ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); ++ ++ switch (EVP_MD_type(digest)) ++ { ++ case NID_md5: ++ MD5_Init((MD5_CTX*)md_state.c); ++ md_final_raw = tls1_md5_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; ++ md_size = 16; ++ sslv3_pad_length = 48; ++ length_is_big_endian = 0; ++ break; ++ case NID_sha1: ++ SHA1_Init((SHA_CTX*)md_state.c); ++ md_final_raw = tls1_sha1_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; ++ md_size = 20; ++ break; ++#ifndef OPENSSL_NO_SHA256 ++ case NID_sha224: ++ SHA224_Init((SHA256_CTX*)md_state.c); ++ md_final_raw = tls1_sha256_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; ++ md_size = 224/8; ++ break; ++ case NID_sha256: ++ SHA256_Init((SHA256_CTX*)md_state.c); ++ md_final_raw = tls1_sha256_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; ++ md_size = 32; ++ break; ++#endif ++#ifndef OPENSSL_NO_SHA512 ++ case NID_sha384: ++ SHA384_Init((SHA512_CTX*)md_state.c); ++ md_final_raw = tls1_sha512_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; ++ md_size = 384/8; ++ md_block_size = 128; ++ md_length_size = 16; ++ break; ++ case NID_sha512: ++ SHA512_Init((SHA512_CTX*)md_state.c); ++ md_final_raw = tls1_sha512_final_raw; ++ md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; ++ md_size = 64; ++ md_block_size = 128; ++ md_length_size = 16; ++ break; ++#endif ++ default: ++ /* ssl3_cbc_record_digest_supported should have been ++ * called first to check that the hash function is ++ * supported. */ ++ OPENSSL_assert(0); ++ if (md_out_size) ++ *md_out_size = -1; ++ return; ++ } ++ ++ OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); ++ OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); ++ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); ++ ++ header_length = 13; ++ if (is_sslv3) ++ { ++ header_length = ++ mac_secret_length + ++ sslv3_pad_length + ++ 8 /* sequence number */ + ++ 1 /* record type */ + ++ 2 /* record length */; ++ } ++ ++ /* variance_blocks is the number of blocks of the hash that we have to ++ * calculate in constant time because they could be altered by the ++ * padding value. ++ * ++ * In SSLv3, the padding must be minimal so the end of the plaintext ++ * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that ++ * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash ++ * termination (0x80 + 64-bit length) don't fit in the final block, we ++ * say that the final two blocks can vary based on the padding. ++ * ++ * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not ++ * required to be minimal. Therefore we say that the final six blocks ++ * can vary based on the padding. ++ * ++ * Later in the function, if the message is short and there obviously ++ * cannot be this many blocks then variance_blocks can be reduced. */ ++ variance_blocks = is_sslv3 ? 2 : 6; ++ /* From now on we're dealing with the MAC, which conceptually has 13 ++ * bytes of `header' before the start of the data (TLS) or 71/75 bytes ++ * (SSLv3) */ ++ len = data_plus_mac_plus_padding_size + header_length; ++ /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including ++ * |header|, assuming that there's no padding. */ ++ max_mac_bytes = len - md_size - 1; ++ /* num_blocks is the maximum number of hash blocks. */ ++ num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; ++ /* In order to calculate the MAC in constant time we have to handle ++ * the final blocks specially because the padding value could cause the ++ * end to appear somewhere in the final |variance_blocks| blocks and we ++ * can't leak where. However, |num_starting_blocks| worth of data can ++ * be hashed right away because no padding value can affect whether ++ * they are plaintext. */ ++ num_starting_blocks = 0; ++ /* k is the starting byte offset into the conceptual header||data where ++ * we start processing. */ ++ k = 0; ++ /* mac_end_offset is the index just past the end of the data to be ++ * MACed. */ ++ mac_end_offset = data_plus_mac_size + header_length - md_size; ++ /* c is the index of the 0x80 byte in the final hash block that ++ * contains application data. */ ++ c = mac_end_offset % md_block_size; ++ /* index_a is the hash block number that contains the 0x80 terminating ++ * value. */ ++ index_a = mac_end_offset / md_block_size; ++ /* index_b is the hash block number that contains the 64-bit hash ++ * length, in bits. */ ++ index_b = (mac_end_offset + md_length_size) / md_block_size; ++ /* bits is the hash-length in bits. It includes the additional hash ++ * block for the masked HMAC key, or whole of |header| in the case of ++ * SSLv3. */ ++ ++ /* For SSLv3, if we're going to have any starting blocks then we need ++ * at least two because the header is larger than a single block. */ ++ if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) ++ { ++ num_starting_blocks = num_blocks - variance_blocks; ++ k = md_block_size*num_starting_blocks; ++ } ++ ++ bits = 8*mac_end_offset; ++ if (!is_sslv3) ++ { ++ /* Compute the initial HMAC block. For SSLv3, the padding and ++ * secret bytes are included in |header| because they take more ++ * than a single block. */ ++ bits += 8*md_block_size; ++ memset(hmac_pad, 0, md_block_size); ++ OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); ++ memcpy(hmac_pad, mac_secret, mac_secret_length); ++ for (i = 0; i < md_block_size; i++) ++ hmac_pad[i] ^= 0x36; ++ ++ md_transform(md_state.c, hmac_pad); ++ } ++ ++ if (length_is_big_endian) ++ { ++ memset(length_bytes,0,md_length_size-4); ++ length_bytes[md_length_size-4] = (unsigned char)(bits>>24); ++ length_bytes[md_length_size-3] = (unsigned char)(bits>>16); ++ length_bytes[md_length_size-2] = (unsigned char)(bits>>8); ++ length_bytes[md_length_size-1] = (unsigned char)bits; ++ } ++ else ++ { ++ memset(length_bytes,0,md_length_size); ++ length_bytes[md_length_size-5] = (unsigned char)(bits>>24); ++ length_bytes[md_length_size-6] = (unsigned char)(bits>>16); ++ length_bytes[md_length_size-7] = (unsigned char)(bits>>8); ++ length_bytes[md_length_size-8] = (unsigned char)bits; ++ } ++ ++ if (k > 0) ++ { ++ if (is_sslv3) ++ { ++ /* The SSLv3 header is larger than a single block. ++ * overhang is the number of bytes beyond a single ++ * block that the header consumes: either 7 bytes ++ * (SHA1) or 11 bytes (MD5). */ ++ unsigned overhang = header_length-md_block_size; ++ md_transform(md_state.c, header); ++ memcpy(first_block, header + md_block_size, overhang); ++ memcpy(first_block + overhang, data, md_block_size-overhang); ++ md_transform(md_state.c, first_block); ++ for (i = 1; i < k/md_block_size - 1; i++) ++ md_transform(md_state.c, data + md_block_size*i - overhang); ++ } ++ else ++ { ++ /* k is a multiple of md_block_size. */ ++ memcpy(first_block, header, 13); ++ memcpy(first_block+13, data, md_block_size-13); ++ md_transform(md_state.c, first_block); ++ for (i = 1; i < k/md_block_size; i++) ++ md_transform(md_state.c, data + md_block_size*i - 13); ++ } ++ } ++ ++ memset(mac_out, 0, sizeof(mac_out)); ++ ++ /* We now process the final hash blocks. For each block, we construct ++ * it in constant time. If the |i==index_a| then we'll include the 0x80 ++ * bytes and zero pad etc. For each block we selectively copy it, in ++ * constant time, to |mac_out|. */ ++ for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++) ++ { ++ unsigned char block[MAX_HASH_BLOCK_SIZE]; ++ unsigned char is_block_a = constant_time_eq_8(i, index_a); ++ unsigned char is_block_b = constant_time_eq_8(i, index_b); ++ for (j = 0; j < md_block_size; j++) ++ { ++ unsigned char b = 0, is_past_c, is_past_cp1; ++ if (k < header_length) ++ b = header[k]; ++ else if (k < data_plus_mac_plus_padding_size + header_length) ++ b = data[k-header_length]; ++ k++; ++ ++ is_past_c = is_block_a & constant_time_ge(j, c); ++ is_past_cp1 = is_block_a & constant_time_ge(j, c+1); ++ /* If this is the block containing the end of the ++ * application data, and we are at the offset for the ++ * 0x80 value, then overwrite b with 0x80. */ ++ b = (b&~is_past_c) | (0x80&is_past_c); ++ /* If this the the block containing the end of the ++ * application data and we're past the 0x80 value then ++ * just write zero. */ ++ b = b&~is_past_cp1; ++ /* If this is index_b (the final block), but not ++ * index_a (the end of the data), then the 64-bit ++ * length didn't fit into index_a and we're having to ++ * add an extra block of zeros. */ ++ b &= ~is_block_b | is_block_a; ++ ++ /* The final bytes of one of the blocks contains the ++ * length. */ ++ if (j >= md_block_size - md_length_size) ++ { ++ /* If this is index_b, write a length byte. */ ++ b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); ++ } ++ block[j] = b; ++ } ++ ++ md_transform(md_state.c, block); ++ md_final_raw(md_state.c, block); ++ /* If this is index_b, copy the hash value to |mac_out|. */ ++ for (j = 0; j < md_size; j++) ++ mac_out[j] |= block[j]&is_block_b; ++ } ++ ++ EVP_MD_CTX_init(&md_ctx); ++ EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */); ++ if (is_sslv3) ++ { ++ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ ++ memset(hmac_pad, 0x5c, sslv3_pad_length); ++ ++ EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); ++ EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); ++ EVP_DigestUpdate(&md_ctx, mac_out, md_size); ++ } ++ else ++ { ++ /* Complete the HMAC in the standard manner. */ ++ for (i = 0; i < md_block_size; i++) ++ hmac_pad[i] ^= 0x6a; ++ ++ EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); ++ EVP_DigestUpdate(&md_ctx, mac_out, md_size); ++ } ++ EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); ++ if (md_out_size) ++ *md_out_size = md_out_size_u; ++ EVP_MD_CTX_cleanup(&md_ctx); ++ } ++ ++#ifdef OPENSSL_FIPS ++ ++/* Due to the need to use EVP in FIPS mode we can't reimplement digests but ++ * we can ensure the number of blocks processed is equal for all cases ++ * by digesting additional data. ++ */ ++ ++void tls_fips_digest_extra( ++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx, ++ const unsigned char *data, size_t data_len, size_t orig_len) ++ { ++ size_t block_size, digest_pad, blocks_data, blocks_orig; ++ if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) ++ return; ++ block_size = EVP_MD_block_size(hash); ++ /* We are in FIPS mode if we get this far so we know we have only SHA* ++ * digests and TLS to deal with. ++ * Minimum digest padding length is 17 for SHA384/SHA512 and 9 ++ * otherwise. ++ * Additional header is 13 bytes. To get the number of digest blocks ++ * processed round up the amount of data plus padding to the nearest ++ * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise. ++ * So we have: ++ * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size ++ * equivalently: ++ * blocks = (payload_len + digest_pad + 12)/block_size + 1 ++ * HMAC adds a constant overhead. ++ * We're ultimately only interested in differences so this becomes ++ * blocks = (payload_len + 29)/128 ++ * for SHA384/SHA512 and ++ * blocks = (payload_len + 21)/64 ++ * otherwise. ++ */ ++ digest_pad = block_size == 64 ? 21 : 29; ++ blocks_orig = (orig_len + digest_pad)/block_size; ++ blocks_data = (data_len + digest_pad)/block_size; ++ /* MAC enough blocks to make up the difference between the original ++ * and actual lengths plus one extra block to ensure this is never a ++ * no op. The "data" pointer should always have enough space to ++ * perform this operation as it is large enough for a maximum ++ * length TLS buffer. ++ */ ++ HMAC_Update(hctx, data, ++ (blocks_orig - blocks_data + 1) * block_size); ++ } ++#endif +Index: openssl-0.9.8k/ssl/s3_enc.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/s3_enc.c 2013-02-18 15:09:34.946027967 -0500 ++++ openssl-0.9.8k/ssl/s3_enc.c 2013-02-18 15:22:30.330047821 -0500 +@@ -434,12 +434,21 @@ + s->s3->tmp.key_block_length=0; + } + ++/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. ++ * ++ * Returns: ++ * 0: (in non-constant time) if the record is publically invalid (i.e. too ++ * short etc). ++ * 1: if the record's padding is valid / the encryption was successful. ++ * -1: if the record's padding is invalid or, if sending, an internal error ++ * occured. ++ */ + int ssl3_enc(SSL *s, int send) + { + SSL3_RECORD *rec; + EVP_CIPHER_CTX *ds; + unsigned long l; +- int bs,i; ++ int bs,i,mac_size=0; + const EVP_CIPHER *enc; + + if (send) +@@ -490,32 +499,17 @@ + if (!send) + { + if (l == 0 || l%bs != 0) +- { +- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); +- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; +- } + /* otherwise, rec->length >= bs */ + } + + EVP_Cipher(ds,rec->data,rec->input,l); + ++ if (s->read_hash != NULL) ++ mac_size = EVP_MD_size(s->read_hash); ++ + if ((bs != 1) && !send) +- { +- i=rec->data[l-1]+1; +- /* SSL 3.0 bounds the number of padding bytes by the block size; +- * padding bytes (except the last one) are arbitrary */ +- if (i > bs) +- { +- /* Incorrect padding. SSLerr() and ssl3_alert are done +- * by caller: we don't want to reveal whether this is +- * a decryption error or a MAC verification failure +- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ +- return -1; +- } +- /* now i <= bs <= rec->length */ +- rec->length-=i; +- } ++ return ssl3_cbc_remove_padding(s, rec, bs, mac_size); + } + return(1); + } +@@ -592,7 +586,7 @@ + EVP_MD_CTX md_ctx; + const EVP_MD *hash; + unsigned char *p,rec_char; +- unsigned int md_size; ++ size_t md_size, orig_len; + int npad; + + if (send) +@@ -613,28 +607,72 @@ + md_size=EVP_MD_size(hash); + npad=(48/md_size)*md_size; + +- /* Chop the digest off the end :-) */ +- EVP_MD_CTX_init(&md_ctx); +- +- EVP_DigestInit_ex( &md_ctx,hash, NULL); +- EVP_DigestUpdate(&md_ctx,mac_sec,md_size); +- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); +- EVP_DigestUpdate(&md_ctx,seq,8); +- rec_char=rec->type; +- EVP_DigestUpdate(&md_ctx,&rec_char,1); +- p=md; +- s2n(rec->length,p); +- EVP_DigestUpdate(&md_ctx,md,2); +- EVP_DigestUpdate(&md_ctx,rec->input,rec->length); +- EVP_DigestFinal_ex( &md_ctx,md,NULL); +- +- EVP_DigestInit_ex( &md_ctx,hash, NULL); +- EVP_DigestUpdate(&md_ctx,mac_sec,md_size); +- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); +- EVP_DigestUpdate(&md_ctx,md,md_size); +- EVP_DigestFinal_ex( &md_ctx,md,&md_size); ++ /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */ ++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8); ++ rec->type &= 0xff; ++ ++ if (!send && ++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ++ ssl3_cbc_record_digest_supported(hash)) ++ { ++ /* This is a CBC-encrypted record. We must avoid leaking any ++ * timing-side channel information about how many blocks of ++ * data we are hashing because that gives an attacker a ++ * timing-oracle. */ ++ ++ /* npad is, at most, 48 bytes and that's with MD5: ++ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. ++ * ++ * With SHA-1 (the largest hash speced for SSLv3) the hash size ++ * goes up 4, but npad goes down by 8, resulting in a smaller ++ * total size. */ ++ unsigned char header[75]; ++ unsigned j = 0; ++ memcpy(header+j, mac_sec, md_size); ++ j += md_size; ++ memcpy(header+j, ssl3_pad_1, npad); ++ j += npad; ++ memcpy(header+j, seq, 8); ++ j += 8; ++ header[j++] = rec->type; ++ header[j++] = rec->length >> 8; ++ header[j++] = rec->length & 0xff; ++ ++ ssl3_cbc_digest_record( ++ hash, ++ md, &md_size, ++ header, rec->input, ++ rec->length + md_size, orig_len, ++ mac_sec, md_size, ++ 1 /* is SSLv3 */); ++ } ++ else ++ { ++ unsigned int md_size_u; ++ /* Chop the digest off the end :-) */ ++ EVP_MD_CTX_init(&md_ctx); ++ ++ EVP_DigestInit_ex( &md_ctx,hash, NULL); ++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size); ++ EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad); ++ EVP_DigestUpdate(&md_ctx,seq,8); ++ rec_char=rec->type; ++ EVP_DigestUpdate(&md_ctx,&rec_char,1); ++ p=md; ++ s2n(rec->length,p); ++ EVP_DigestUpdate(&md_ctx,md,2); ++ EVP_DigestUpdate(&md_ctx,rec->input,rec->length); ++ EVP_DigestFinal_ex( &md_ctx,md,NULL); ++ ++ EVP_DigestInit_ex( &md_ctx,hash, NULL); ++ EVP_DigestUpdate(&md_ctx,mac_sec,md_size); ++ EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad); ++ EVP_DigestUpdate(&md_ctx,md,md_size); ++ EVP_DigestFinal_ex( &md_ctx,md,&md_size_u); ++ md_size = md_size_u; + +- EVP_MD_CTX_cleanup(&md_ctx); ++ EVP_MD_CTX_cleanup(&md_ctx); ++ } + + ssl3_record_sequence_update(seq); + return(md_size); +Index: openssl-0.9.8k/ssl/s3_pkt.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/s3_pkt.c 2013-02-18 15:09:34.690027961 -0500 ++++ openssl-0.9.8k/ssl/s3_pkt.c 2013-02-18 15:22:27.662047753 -0500 +@@ -237,11 +237,8 @@ + unsigned char *p; + unsigned char md[EVP_MAX_MD_SIZE]; + short version; +- unsigned int mac_size; +- int clear=0; ++ unsigned mac_size, orig_len; + size_t extra; +- int decryption_failed_or_bad_record_mac = 0; +- unsigned char *mac = NULL; + + rr= &(s->s3->rrec); + sess=s->session; +@@ -347,17 +344,15 @@ + rr->data=rr->input; + + enc_err = s->method->ssl3_enc->enc(s,0); +- if (enc_err <= 0) ++ /* enc_err is: ++ * 0: (in non-constant time) if the record is publically invalid. ++ * 1: if the padding is valid ++ * -1: if the padding is invalid */ ++ if (enc_err == 0) + { +- if (enc_err == 0) +- /* SSLerr() and ssl3_send_alert() have been called */ +- goto err; +- +- /* Otherwise enc_err == -1, which indicates bad padding +- * (rec->length has not been changed in this case). +- * To minimize information leaked via timing, we will perform +- * the MAC computation anyway. */ +- decryption_failed_or_bad_record_mac = 1; ++ al=SSL_AD_DECRYPTION_FAILED; ++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); ++ goto f_err; + } + + #ifdef TLS_DEBUG +@@ -367,51 +362,62 @@ + #endif + + /* r->length is now the compressed data plus mac */ +- if ( (sess == NULL) || +- (s->enc_read_ctx == NULL) || +- (s->read_hash == NULL)) +- clear=1; +- +- if (!clear) +- { ++ if ((sess != NULL) && ++ (s->enc_read_ctx != NULL) && ++ (s->read_hash != NULL)) ++ { ++ /* s->read_hash != NULL => mac_size != -1 */ ++ unsigned char *mac = NULL; ++ unsigned char mac_tmp[EVP_MAX_MD_SIZE]; + mac_size=EVP_MD_size(s->read_hash); ++ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + +- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) ++ /* kludge: *_cbc_remove_padding passes padding length in rr->type */ ++ orig_len = rr->length+((unsigned int)rr->type>>8); ++ ++ /* orig_len is the length of the record before any padding was ++ * removed. This is public information, as is the MAC in use, ++ * therefore we can safely process the record in a different ++ * amount of time if it's too short to possibly contain a MAC. ++ */ ++ if (orig_len < mac_size || ++ /* CBC records must have a padding length byte too. */ ++ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && ++ orig_len < mac_size+1)) + { +-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ +- al=SSL_AD_RECORD_OVERFLOW; +- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); ++ al=SSL_AD_DECODE_ERROR; ++ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); + goto f_err; +-#else +- decryption_failed_or_bad_record_mac = 1; +-#endif + } +- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ +- if (rr->length >= mac_size) ++ ++ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) + { ++ /* We update the length so that the TLS header bytes ++ * can be constructed correctly but we need to extract ++ * the MAC in constant time from within the record, ++ * without leaking the contents of the padding bytes. ++ * */ ++ mac = mac_tmp; ++ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); + rr->length -= mac_size; +- mac = &rr->data[rr->length]; + } + else + { +- /* record (minus padding) is too short to contain a MAC */ +-#if 0 /* OK only for stream ciphers */ +- al=SSL_AD_DECODE_ERROR; +- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); +- goto f_err; +-#else +- decryption_failed_or_bad_record_mac = 1; +- rr->length = 0; +-#endif +- } +- i=s->method->ssl3_enc->mac(s,md,0); +- if (mac == NULL || memcmp(md, mac, mac_size) != 0) +- { +- decryption_failed_or_bad_record_mac = 1; ++ /* In this case there's no padding, so |orig_len| ++ * equals |rec->length| and we checked that there's ++ * enough bytes for |mac_size| above. */ ++ rr->length -= mac_size; ++ mac = &rr->data[rr->length]; + } ++ ++ i=s->method->ssl3_enc->mac(s,md,0 /* not send */); ++ if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) ++ enc_err = -1; ++ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) ++ enc_err = -1; + } + +- if (decryption_failed_or_bad_record_mac) ++ if (enc_err < 0) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption +Index: openssl-0.9.8k/ssl/ssl.h +=================================================================== +--- openssl-0.9.8k.orig/ssl/ssl.h 2013-02-18 15:09:34.998027969 -0500 ++++ openssl-0.9.8k/ssl/ssl.h 2013-02-18 15:22:10.074047302 -0500 +@@ -1805,6 +1805,7 @@ + #define SSL_F_SSL_GET_NEW_SESSION 181 + #define SSL_F_SSL_GET_PREV_SESSION 217 + #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 ++#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 + #define SSL_F_SSL_GET_SIGN_PKEY 183 + #define SSL_F_SSL_INIT_WBIO_BUFFER 184 + #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +Index: openssl-0.9.8k/ssl/ssl_err.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/ssl_err.c 2013-02-18 15:09:34.998027969 -0500 ++++ openssl-0.9.8k/ssl/ssl_err.c 2013-02-18 15:22:10.074047302 -0500 +@@ -214,6 +214,7 @@ + {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, ++{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, + {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, + {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, + {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, +Index: openssl-0.9.8k/ssl/ssl_lib.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/ssl_lib.c 2013-02-18 15:09:34.694027961 -0500 ++++ openssl-0.9.8k/ssl/ssl_lib.c 2013-02-18 15:22:10.074047302 -0500 +@@ -1989,7 +1989,7 @@ + } + else /* if (kalg & SSL_aNULL) */ + { +- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); ++ SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); + return(NULL); + } + if (c->pkeys[i].x509 == NULL) return(NULL); +Index: openssl-0.9.8k/ssl/ssl_locl.h +=================================================================== +--- openssl-0.9.8k.orig/ssl/ssl_locl.h 2013-02-18 15:09:34.694027961 -0500 ++++ openssl-0.9.8k/ssl/ssl_locl.h 2013-02-18 15:22:16.898047477 -0500 +@@ -189,6 +189,15 @@ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + ++#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>48)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>40)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>32)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ ++ *((c)++)=(unsigned char)(((l) )&0xff)) ++ + #define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \ + l|=((BN_ULLONG)(*((c)++)))<<32, \ + l|=((BN_ULLONG)(*((c)++)))<<24, \ +@@ -991,5 +1000,33 @@ + int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, + int *al); + #endif ++/* s3_cbc.c */ ++void ssl3_cbc_copy_mac(unsigned char* out, ++ const SSL3_RECORD *rec, ++ unsigned md_size,unsigned orig_len); ++int ssl3_cbc_remove_padding(const SSL* s, ++ SSL3_RECORD *rec, ++ unsigned block_size, ++ unsigned mac_size); ++int tls1_cbc_remove_padding(const SSL* s, ++ SSL3_RECORD *rec, ++ unsigned block_size, ++ unsigned mac_size); ++char ssl3_cbc_record_digest_supported(const EVP_MD *hash); ++void ssl3_cbc_digest_record( ++ const EVP_MD *hash, ++ unsigned char* md_out, ++ size_t* md_out_size, ++ const unsigned char header[13], ++ const unsigned char *data, ++ size_t data_plus_mac_size, ++ size_t data_plus_mac_plus_padding_size, ++ const unsigned char *mac_secret, ++ unsigned mac_secret_length, ++ char is_sslv3); ++ ++void tls_fips_digest_extra( ++ const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx, ++ const unsigned char *data, size_t data_len, size_t orig_len); + + #endif +Index: openssl-0.9.8k/ssl/ssltest.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/ssltest.c 2009-01-07 05:48:23.000000000 -0500 ++++ openssl-0.9.8k/ssl/ssltest.c 2013-02-18 15:22:38.718048036 -0500 +@@ -735,7 +735,13 @@ + meth=SSLv23_method(); + #else + #ifdef OPENSSL_NO_SSL2 +- meth=SSLv3_method(); ++ if (tls1) ++ meth=TLSv1_method(); ++ else ++ if (ssl3) ++ meth=SSLv3_method(); ++ else ++ meth=SSLv23_method(); + #else + meth=SSLv2_method(); + #endif +Index: openssl-0.9.8k/ssl/t1_enc.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/t1_enc.c 2013-02-18 15:09:34.602027958 -0500 ++++ openssl-0.9.8k/ssl/t1_enc.c 2013-02-18 15:22:16.898047477 -0500 +@@ -530,12 +530,21 @@ + return(0); + } + ++/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. ++ * ++ * Returns: ++ * 0: (in non-constant time) if the record is publically invalid (i.e. too ++ * short etc). ++ * 1: if the record's padding is valid / the encryption was successful. ++ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, ++ * an internal error occured. ++ */ + int tls1_enc(SSL *s, int send) + { + SSL3_RECORD *rec; + EVP_CIPHER_CTX *ds; + unsigned long l; +- int bs,i,ii,j,k,n=0; ++ int bs,i,ii,j,k,n=0,pad=0,ret,mac_size=0; + const EVP_CIPHER *enc; + + if (send) +@@ -565,11 +574,11 @@ + printf("tls1_enc(%d)\n", send); + #endif /* KSSL_DEBUG */ + +- if ((s->session == NULL) || (ds == NULL) || +- (enc == NULL)) ++ if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) + { + memmove(rec->data,rec->input,rec->length); + rec->input=rec->data; ++ ret = 1; + } + else + { +@@ -597,14 +606,13 @@ + + #ifdef KSSL_DEBUG + { +- unsigned long ui; ++ unsigned long ui; + printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", +- (void *)ds,rec->data,rec->input,l); +- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", +- ds->buf_len, ds->cipher->key_len, +- (unsigned long)DES_KEY_SZ, +- (unsigned long)DES_SCHEDULE_SZ, +- ds->cipher->iv_len); ++ ds,rec->data,rec->input,l); ++ printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", ++ ds->buf_len, ds->cipher->key_len, ++ DES_KEY_SZ, DES_SCHEDULE_SZ, ++ ds->cipher->iv_len); + printf("\t\tIV: "); + for (i=0; icipher->iv_len; i++) printf("%02X", ds->iv[i]); + printf("\n"); +@@ -617,11 +625,7 @@ + if (!send) + { + if (l == 0 || l%bs != 0) +- { +- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); +- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; +- } + } + + EVP_Cipher(ds,rec->data,rec->input,l); +@@ -635,49 +639,15 @@ + } + #endif /* KSSL_DEBUG */ + ++ ret = 1; ++ if (s->read_hash != NULL) ++ mac_size = EVP_MD_size(s->read_hash); + if ((bs != 1) && !send) +- { +- ii=i=rec->data[l-1]; /* padding_length */ +- i++; +- /* NB: if compression is in operation the first packet +- * may not be of even length so the padding bug check +- * cannot be performed. This bug workaround has been +- * around since SSLeay so hopefully it is either fixed +- * now or no buggy implementation supports compression +- * [steve] +- */ +- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) +- && !s->expand) +- { +- /* First packet is even in size, so check */ +- if ((memcmp(s->s3->read_sequence, +- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) +- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; +- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) +- i--; +- } +- /* TLS 1.0 does not bound the number of padding bytes by the block size. +- * All of them must have value 'padding_length'. */ +- if (i > (int)rec->length) +- { +- /* Incorrect padding. SSLerr() and ssl3_alert are done +- * by caller: we don't want to reveal whether this is +- * a decryption error or a MAC verification failure +- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ +- return -1; +- } +- for (j=(int)(l-i); j<(int)l; j++) +- { +- if (rec->data[j] != ii) +- { +- /* Incorrect padding */ +- return -1; +- } +- } +- rec->length-=i; +- } ++ ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); ++ if (pad && !send) ++ rec->length -= pad; + } +- return(1); ++ return ret; + } + + int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) +@@ -725,10 +695,10 @@ + SSL3_RECORD *rec; + unsigned char *mac_sec,*seq; + const EVP_MD *hash; +- unsigned int md_size; ++ size_t md_size, orig_len; + int i; + HMAC_CTX hmac; +- unsigned char buf[5]; ++ unsigned char header[13]; + + if (send) + { +@@ -747,20 +717,6 @@ + + md_size=EVP_MD_size(hash); + +- buf[0]=rec->type; +- if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) +- { +- buf[1]=TLS1_VERSION_MAJOR; +- buf[2]=TLS1_VERSION_MINOR; +- } +- else { +- buf[1]=(unsigned char)(ssl->version>>8); +- buf[2]=(unsigned char)(ssl->version); +- } +- +- buf[3]=rec->length>>8; +- buf[4]=rec->length&0xff; +- + /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ + HMAC_CTX_init(&hmac); + HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); +@@ -772,16 +728,57 @@ + s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); + memcpy (p,&seq[2],6); + +- HMAC_Update(&hmac,dtlsseq,8); ++ memcpy(header, dtlsseq, 8); + } + else +- HMAC_Update(&hmac,seq,8); ++ memcpy(header, seq, 8); + +- HMAC_Update(&hmac,buf,5); +- HMAC_Update(&hmac,rec->input,rec->length); +- HMAC_Final(&hmac,md,&md_size); +- HMAC_CTX_cleanup(&hmac); ++ /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ ++ orig_len = rec->length+md_size+((unsigned int)rec->type>>8); ++ rec->type &= 0xff; ++ ++ header[8]=rec->type; ++ header[9]=(unsigned char)(ssl->version>>8); ++ header[10]=(unsigned char)(ssl->version); ++ header[11]=(rec->length)>>8; ++ header[12]=(rec->length)&0xff; ++ ++ if (!send && ++ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && ++ ssl3_cbc_record_digest_supported(hash)) ++ { ++ /* This is a CBC-encrypted record. We must avoid leaking any ++ * timing-side channel information about how many blocks of ++ * data we are hashing because that gives an attacker a ++ * timing-oracle. */ ++ ssl3_cbc_digest_record( ++ hash, ++ md, &md_size, ++ header, rec->input, ++ rec->length + md_size, orig_len, ++ ssl->s3->read_mac_secret, ++ EVP_MD_size(ssl->read_hash), ++ 0 /* not SSLv3 */); ++ } ++ else ++ { ++ unsigned mds; + ++ HMAC_Update(&hmac,header,sizeof(header)); ++ HMAC_Update(&hmac,rec->input,rec->length); ++ HMAC_Final(&hmac,md,&mds); ++ md_size = mds; ++#ifdef OPENSSL_FIPS ++ if (!send && FIPS_mode()) ++ tls_fips_digest_extra( ++ ssl->enc_read_ctx, ++ hash, ++ &hmac, rec->input, ++ rec->length, rec->orig_len); ++#endif ++ } ++ ++ HMAC_CTX_cleanup(&hmac); + #ifdef TLS_DEBUG + printf("sec="); + {unsigned int z; for (z=0; zfrag_off+frag_len) > msg_hdr->msg_len) + goto err; + +- if (msg_hdr->seq <= s->d1->handshake_read_seq) ++ /* Try to find item in queue, to prevent duplicate entries */ ++ pq_64bit_init(&seq64); ++ pq_64bit_assign_word(&seq64, msg_hdr->seq); ++ item = pqueue_find(s->d1->buffered_messages, seq64); ++ pq_64bit_free(&seq64); ++ ++ /* Discard the message if sequence number was already there, is ++ * too far in the future or the fragment is already in the queue */ ++ if (msg_hdr->seq <= s->d1->handshake_read_seq || ++ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) + { + unsigned char devnull [256]; + --- openssl-0.9.8k.orig/debian/patches/tls_ext_v3.patch +++ openssl-0.9.8k/debian/patches/tls_ext_v3.patch @@ -0,0 +1,31 @@ +r290 | kroeckx | 2008-03-23 18:52:37 +0100 (Sun, 23 Mar 2008) | 3 lines + +Don't add extentions to ssl v3 connections. It breaks with some +other software. (Closes: #471681, #471896) + +Index: openssl-0.9.8k/ssl/t1_lib.c +=================================================================== +--- openssl-0.9.8k.orig/ssl/t1_lib.c 2008-09-04 00:13:04.000000000 +0200 ++++ openssl-0.9.8k/ssl/t1_lib.c 2009-07-19 17:15:14.000000000 +0200 +@@ -133,6 +133,10 @@ + int extdatalen=0; + unsigned char *ret = p; + ++ /* don't add extensions for SSLv3 */ ++ if (s->client_version == SSL3_VERSION) ++ return p; ++ + ret+=2; + + if (ret>=limit) return NULL; /* this really never occurs, but ... */ +@@ -251,6 +255,10 @@ + int extdatalen=0; + unsigned char *ret = p; + ++ /* don't add extensions for SSLv3 */ ++ if (s->version == SSL3_VERSION) ++ return p; ++ + ret+=2; + if (ret>=limit) return NULL; /* this really never occurs, but ... */ + --- openssl-0.9.8k.orig/debian/patches/openssl-fix_ECDSA_tests.patch +++ openssl-0.9.8k/debian/patches/openssl-fix_ECDSA_tests.patch @@ -0,0 +1,145 @@ +Origin: http://cvs.openssl.org/chngview?cn=21777 + http://cvs.openssl.org/chngview?cn=21995 +Subject: fix ecdsa tests + +--- + crypto/ecdsa/ecdsatest.c | 86 +++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 79 insertions(+), 7 deletions(-) + +Index: b/crypto/ecdsa/ecdsatest.c +=================================================================== +--- a/crypto/ecdsa/ecdsatest.c ++++ b/crypto/ecdsa/ecdsatest.c +@@ -287,9 +287,13 @@ int test_builtin(BIO *out) + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + EC_GROUP *group; ++ ECDSA_SIG *ecdsa_sig = NULL; + unsigned char digest[20], wrong_digest[20]; +- unsigned char *signature = NULL; +- unsigned int sig_len; ++ unsigned char *signature = NULL; ++ const unsigned char *sig_ptr; ++ unsigned char *sig_ptr2; ++ unsigned char *raw_buf = NULL; ++ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; + int nid, ret = 0; + + /* fill digest values with some random data */ +@@ -339,7 +343,8 @@ int test_builtin(BIO *out) + if (EC_KEY_set_group(eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); +- if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) ++ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); ++ if (degree < 160) + /* drop the curve */ + { + EC_KEY_free(eckey); +@@ -415,26 +420,89 @@ int test_builtin(BIO *out) + } + BIO_printf(out, "."); + (void)BIO_flush(out); +- /* modify a single byte of the signature */ +- offset = signature[10] % sig_len; +- dirt = signature[11]; +- signature[offset] ^= dirt ? dirt : 1; ++ /* wrong length */ ++ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, ++ eckey) == 1) ++ { ++ BIO_printf(out, " failed\n"); ++ goto builtin_err; ++ } ++ BIO_printf(out, "."); ++ (void)BIO_flush(out); ++ ++ /* Modify a single byte of the signature: to ensure we don't ++ * garble the ASN1 structure, we read the raw signature and ++ * modify a byte in one of the bignums directly. */ ++ sig_ptr = signature; ++ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) ++ { ++ BIO_printf(out, " failed\n"); ++ goto builtin_err; ++ } ++ ++ /* Store the two BIGNUMs in raw_buf. */ ++ r_len = BN_num_bytes(ecdsa_sig->r); ++ s_len = BN_num_bytes(ecdsa_sig->s); ++ bn_len = (degree + 7) / 8; ++ if ((r_len > bn_len) || (s_len > bn_len)) ++ { ++ BIO_printf(out, " failed\n"); ++ goto builtin_err; ++ } ++ buf_len = 2 * bn_len; ++ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) ++ goto builtin_err; ++ /* Pad the bignums with leading zeroes. */ ++ memset(raw_buf, 0, buf_len); ++ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); ++ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); ++ ++ /* Modify a single byte in the buffer. */ ++ offset = raw_buf[10] % buf_len; ++ dirt = raw_buf[11] ? raw_buf[11] : 1; ++ raw_buf[offset] ^= dirt; ++ /* Now read the BIGNUMs back in from raw_buf. */ ++ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || ++ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) ++ goto builtin_err; ++ ++ sig_ptr2 = signature; ++ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) + { + BIO_printf(out, " failed\n"); + goto builtin_err; + } ++ /* Sanity check: undo the modification and verify signature. */ ++ raw_buf[offset] ^= dirt; ++ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || ++ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) ++ goto builtin_err; ++ ++ sig_ptr2 = signature; ++ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); ++ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) ++ { ++ BIO_printf(out, " failed\n"); ++ goto builtin_err; ++ } + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ ++ /* clean bogus errors */ ++ ERR_clear_error(); + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; ++ ECDSA_SIG_free(ecdsa_sig); ++ ecdsa_sig = NULL; ++ OPENSSL_free(raw_buf); ++ raw_buf = NULL; + } + + ret = 1; +@@ -443,8 +511,12 @@ builtin_err: + EC_KEY_free(eckey); + if (wrong_eckey) + EC_KEY_free(wrong_eckey); ++ if (ecdsa_sig) ++ ECDSA_SIG_free(ecdsa_sig); + if (signature) + OPENSSL_free(signature); ++ if (raw_buf) ++ OPENSSL_free(raw_buf); + if (curves) + OPENSSL_free(curves); + --- openssl-0.9.8k.orig/debian/patches/CVE-2009-3555.patch +++ openssl-0.9.8k/debian/patches/CVE-2009-3555.patch @@ -0,0 +1,118 @@ +diff -ur openssl-0.9.8k/crypto/asn1/asn1_err.c openssl-0.9.8l/crypto/asn1/asn1_err.c +--- openssl-0.9.8k/crypto/asn1/asn1_err.c 2009-03-25 11:35:57.000000000 +0100 ++++ openssl-0.9.8l/crypto/asn1/asn1_err.c 2009-11-05 14:52:55.000000000 +0100 +@@ -132,6 +132,7 @@ + {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, + {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, + {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, ++{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_NEW_NDEF"}, + {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, +diff -ur openssl-0.9.8k/crypto/asn1/asn1.h openssl-0.9.8l/crypto/asn1/asn1.h +--- openssl-0.9.8k/crypto/asn1/asn1.h 2009-03-25 11:35:57.000000000 +0100 ++++ openssl-0.9.8l/crypto/asn1/asn1.h 2009-11-05 14:52:55.000000000 +0100 +@@ -1158,6 +1158,7 @@ + #define ASN1_F_ASN1_VERIFY 137 + #define ASN1_F_B64_READ_ASN1 208 + #define ASN1_F_B64_WRITE_ASN1 209 ++#define ASN1_F_BIO_NEW_NDEF 212 + #define ASN1_F_BITSTR_CB 180 + #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 + #define ASN1_F_BN_TO_ASN1_INTEGER 139 +diff -ur openssl-0.9.8k/ssl/s3_lib.c openssl-0.9.8l/ssl/s3_lib.c +--- openssl-0.9.8k/ssl/s3_lib.c 2008-06-16 18:56:41.000000000 +0200 ++++ openssl-0.9.8l/ssl/s3_lib.c 2009-11-05 16:51:53.000000000 +0100 +@@ -2592,6 +2592,9 @@ + if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) + return(0); + ++ if (!(s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ return(0); ++ + s->s3->renegotiate=1; + return(1); + } +diff -ur openssl-0.9.8k/ssl/s3_pkt.c openssl-0.9.8l/ssl/s3_pkt.c +--- openssl-0.9.8k/ssl/s3_pkt.c 2008-10-10 12:41:32.000000000 +0200 ++++ openssl-0.9.8l/ssl/s3_pkt.c 2009-11-05 16:52:53.000000000 +0100 +@@ -985,6 +985,7 @@ + + if (SSL_is_init_finished(s) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && ++ (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && + !s->s3->renegotiate) + { + ssl3_renegotiate(s); +@@ -1117,7 +1118,8 @@ + if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) + { + if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && +- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) ++ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && ++ (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + #if 0 /* worked only because C operator preferences are not as expected (and + * because this is not really needed for clients except for detecting +Only in openssl-0.9.8l/ssl: s3_pkt.c.~1.57.2.4.~ +diff -ur openssl-0.9.8k/ssl/s3_srvr.c openssl-0.9.8l/ssl/s3_srvr.c +--- openssl-0.9.8k/ssl/s3_srvr.c 2009-01-07 11:48:23.000000000 +0100 ++++ openssl-0.9.8l/ssl/s3_srvr.c 2009-11-05 16:52:11.000000000 +0100 +@@ -718,6 +718,14 @@ + #endif + STACK_OF(SSL_CIPHER) *ciphers=NULL; + ++ if (s->new_session ++ && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) ++ { ++ al=SSL_AD_HANDSHAKE_FAILURE; ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); ++ goto f_err; ++ } ++ + /* We do this so that we will respond with our native type. + * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, + * This down switching should be handled by a different method. +diff -ur openssl-0.9.8k/ssl/ssl3.h openssl-0.9.8l/ssl/ssl3.h +--- openssl-0.9.8k/ssl/ssl3.h 2007-10-12 02:00:30.000000000 +0200 ++++ openssl-0.9.8l/ssl/ssl3.h 2009-11-05 16:52:03.000000000 +0100 +@@ -326,10 +326,11 @@ + #define SSL3_CT_NUMBER 7 + + +-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +-#define SSL3_FLAGS_POP_BUFFER 0x0004 +-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 ++#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 ++#define SSL3_FLAGS_POP_BUFFER 0x0004 ++#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 + + typedef struct ssl3_state_st + { +diff -ur openssl-0.9.8k/ssl/ssl_err.c openssl-0.9.8l/ssl/ssl_err.c +--- openssl-0.9.8k/ssl/ssl_err.c 2008-08-13 21:44:44.000000000 +0200 ++++ openssl-0.9.8l/ssl/ssl_err.c 2009-11-05 13:15:05.000000000 +0100 +@@ -384,6 +384,7 @@ + {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, + {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, + {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, ++{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, + {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, + {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, + {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, +Only in openssl-0.9.8l/ssl: ssl_err.c.orig +diff -ur openssl-0.9.8k/ssl/ssl.h openssl-0.9.8l/ssl/ssl.h +--- openssl-0.9.8k/ssl/ssl.h 2008-08-13 21:44:44.000000000 +0200 ++++ openssl-0.9.8l/ssl/ssl.h 2009-11-05 13:15:41.000000000 +0100 +@@ -1952,6 +1952,7 @@ + #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 + #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 + #define SSL_R_NO_PUBLICKEY 192 ++#define SSL_R_NO_RENEGOTIATION 318 + #define SSL_R_NO_SHARED_CIPHER 193 + #define SSL_R_NO_VERIFY_CALLBACK 194 + #define SSL_R_NULL_SSL_CTX 195 + --- openssl-0.9.8k.orig/debian/patches/series +++ openssl-0.9.8k/debian/patches/series @@ -0,0 +1,60 @@ +ca.patch +config-hurd.patch +debian-targets.patch +engines-path.patch +kfreebsd-pipe.patch +make-targets.patch +man-dir.patch +man-section.patch +no-rpath.patch +no-symbolic.patch +pic.patch +pkg-config.patch +valgrind.patch +rc4-amd64.patch +rehash-crt.patch +rehash_pod.patch +shared-lib-ext.patch +stddef.patch +version-script.patch +pk7_mime_free.patch +tls_ext_v3.patch +CVE-2009-1377.patch +CVE-2009-1378.patch +CVE-2009-1379.patch +CVE-2009-1387.patch +CVE-2009-2409.patch +no_check_self_signed.patch +# Disable this until openssl 0.9.8m is available, as compiling out +# SSL renegotiation breaks various IMAP, mod_ssl, and other configurations. +#CVE-2009-3555.patch +CVE-2009-4355.patch +Bsymbolic-functions.patch +aesni.patch +dtls-compatibility.patch +CVE-2009-3245.patch +CVE-2010-0740.patch +CVE-2009-3555-RFC5746.patch +CVE-2010-2939.patch +openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch +openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch +openssl-CVE-2011-0014-secadv_20110208.patch +openssl-forward-interop.patch +CVE-2011-1945.patch +CVE-2011-3210.patch +CVE-2011-4108.patch +CVE-2011-4109.patch +CVE-2011-4576.patch +CVE-2011-4577.patch +CVE-2011-4619.patch +CVE-2012-0050.patch +openssl-fix_ECDSA_tests.patch +CVE-2006-7250+2012-1165.patch +CVE-2012-2110.patch +CVE-2012-2110b.patch +CVE-2012-2131.patch +CVE-2012-2333.patch +CVE-2012-0884.patch +CVE-2012-0884-extra.patch +CVE-2013-0166.patch +CVE-2013-0169.patch --- openssl-0.9.8k.orig/debian/patches/pkg-config.patch +++ openssl-0.9.8k/debian/patches/pkg-config.patch @@ -0,0 +1,34 @@ +Index: openssl-0.9.8k/Makefile.org +=================================================================== +--- openssl-0.9.8k.orig/Makefile.org 2009-07-19 11:34:56.000000000 +0200 ++++ openssl-0.9.8k/Makefile.org 2009-07-19 11:36:02.000000000 +0200 +@@ -444,7 +444,8 @@ + echo 'Description: OpenSSL cryptography library'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ +- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \ ++ echo 'Libs: -L$${libdir} -lcrypto'; \ ++ echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc + + libssl.pc: Makefile +@@ -457,7 +458,8 @@ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ +- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ ++ echo 'Libs: -L$${libdir} -lssl'; \ ++ echo 'Libs.private: -lcrypto $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc + + openssl.pc: Makefile +@@ -470,7 +472,8 @@ + echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ +- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ ++ echo 'Libs: -L$${libdir} -lssl -lcrypto'; \ ++ echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc + + Makefile: Makefile.org Configure config --- openssl-0.9.8k.orig/debian/patches/pk7_mime_free.patch +++ openssl-0.9.8k/debian/patches/pk7_mime_free.patch @@ -0,0 +1,20 @@ +r21 | chrism | 2005-09-07 15:34:00 +0200 (Wed, 07 Sep 2005) | 3 lines + +fix pk7_mime.c to prevent garbled messages because of to early memory + free (closes: #310184) + +Index: openssl-0.9.8k/crypto/pkcs7/pk7_mime.c +=================================================================== +--- openssl-0.9.8k.orig/crypto/pkcs7/pk7_mime.c 2008-11-05 19:36:48.000000000 +0100 ++++ openssl-0.9.8k/crypto/pkcs7/pk7_mime.c 2009-07-19 17:13:53.000000000 +0200 +@@ -335,9 +335,9 @@ + + if(strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } --- openssl-0.9.8k.orig/debian/patches/aesni.patch +++ openssl-0.9.8k/debian/patches/aesni.patch @@ -0,0 +1,3514 @@ +Ubuntu: Intel AES-NI support +Upstream: http://rt.openssl.org/Ticket/Display.html?id=2067 + +Index: b/Configure +=================================================================== +--- a/Configure ++++ b/Configure +@@ -123,14 +123,14 @@ + my $bits1="THIRTY_TWO_BIT "; + my $bits2="SIXTY_FOUR_BIT "; + +-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; +-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; +-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; ++my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o nx86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; ++my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o nx86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; ++my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o nx86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; + +-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; ++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; + # rc4 asm is disabled on amd64 because we configured it with RC4_CHAR while + # the assembler only works with int +-my $x86_64_asm_linux="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::::"; ++my $x86_64_asm_linux="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::::"; + my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; + + my $no_asm="::::::::::"; +@@ -1439,6 +1439,7 @@ + if ($aes_obj =~ /\.o$/) + { + $cflags.=" -DAES_ASM"; ++ $aes_obj =~ s/\s*aesni\-x86\.o// if ($no_sse2); + } + else { + $aes_obj=$aes_enc; +Index: b/crypto/aes/Makefile +=================================================================== +--- a/crypto/aes/Makefile ++++ b/crypto/aes/Makefile +@@ -57,8 +57,17 @@ + ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) + ++nx86-elf.s: asm/aesni-x86.pl ../perlasm/x86asm.pl ++ (cd asm; $(PERL) aesni-x86.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) ++nx86-cof.s: asm/aesni-x86.pl ../perlasm/x86asm.pl ++ (cd asm; $(PERL) aesni-x86.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) ++nx86-out.s: asm/aesni-x86.pl ../perlasm/x86asm.pl ++ (cd asm; $(PERL) aesni-x86.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) ++ + aes-x86_64.S: asm/aes-x86_64.pl + $(PERL) asm/aes-x86_64.pl $@ ++aesni-x86_64.s: asm/aesni-x86_64.pl ++ $(PERL) asm/aesni-x86_64.pl $@ + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +Index: b/crypto/aes/asm/aesni-x86.pl +=================================================================== +--- /dev/null ++++ b/crypto/aes/asm/aesni-x86.pl +@@ -0,0 +1,765 @@ ++#!/usr/local/bin/perl ++ ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# This module implements support for Intel AES-NI extension. In ++# OpenSSL context it's used with Intel engine, but can also be used as ++# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for ++# details]. ++ ++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script ++ # generates drop-in replacement for ++ # crypto/aes/asm/aes-586.pl:-) ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++push(@INC,"${dir}","${dir}../../perlasm/aesni"); ++require "nx86asm.pl"; ++ ++&asm_init($ARGV[0],$0); ++ ++$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups"); ++ ++$len="eax"; ++$rounds="ecx"; ++$key="edx"; ++$inp="esi"; ++$out="edi"; ++$rounds_="ebx"; # backup copy for $rounds ++$key_="ebp"; # backup copy for $key ++ ++$inout0="xmm0"; ++$inout1="xmm1"; ++$inout2="xmm2"; ++$rndkey0="xmm3"; ++$rndkey1="xmm4"; ++$ivec="xmm5"; ++$in0="xmm6"; ++$in1="xmm7"; $inout3="xmm7"; ++ ++# Inline version of internal aesni_[en|de]crypt1 ++sub aesni_inline_generate1 ++{ my $p=shift; ++ ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &set_label("${p}1_loop"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &dec ($rounds); ++ &$movekey ($rndkey1,&QWP(0,$key)); ++ &lea ($key,&DWP(16,$key)); ++ &jnz (&label("${p}1_loop")); ++ eval"&aes${p}last ($inout0,$rndkey1)"; ++} ++ ++sub aesni_generate1 # fully unrolled loop ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt1"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(0x10,$key)); ++ &cmp ($rounds,11); ++ &pxor ($inout0,$rndkey0); ++ &$movekey ($rndkey0,&QWP(0x20,$key)); ++ &lea ($key,&DWP(0x30,$key)); ++ &jb (&label("${p}128")); ++ &lea ($key,&DWP(0x20,$key)); ++ &je (&label("${p}192")); ++ &lea ($key,&DWP(0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(-0x40,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(-0x30,$key)); ++ &set_label("${p}192"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(-0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(-0x10,$key)); ++ &set_label("${p}128"); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x10,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x20,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x30,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x40,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x50,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(0x60,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &$movekey ($rndkey0,&QWP(0x70,$key)); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt1"); ++} ++ ++# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); ++# &aesni_generate1("dec"); ++&function_begin_B("${PREFIX}_encrypt"); ++ &mov ("eax",&wparam(0)); ++ &mov ($key,&wparam(2)); ++ &movups ($inout0,&QWP(0,"eax")); ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ("eax",&wparam(1)); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); ++ &movups (&QWP(0,"eax"),$inout0); ++ &ret (); ++&function_end_B("${PREFIX}_encrypt"); ++ ++# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key); ++# &aesni_generate1("dec"); ++&function_begin_B("${PREFIX}_decrypt"); ++ &mov ("eax",&wparam(0)); ++ &mov ($key,&wparam(2)); ++ &movups ($inout0,&QWP(0,"eax")); ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ("eax",&wparam(1)); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt1"); ++ &movups (&QWP(0,"eax"),$inout0); ++ &ret (); ++&function_end_B("${PREFIX}_decrypt"); ++ ++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave ++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] ++# latency is 6, it turned out that it can be scheduled only every ++# *second* cycle. Thus 3x interleave is the one providing optimal ++# utilization, i.e. when subroutine's throughput is virtually same as ++# of non-interleaved subroutine [for number of input blocks up to 3]. ++# This is why it makes no sense to implement 2x subroutine. As soon ++# as/if Intel improves throughput by making it possible to schedule ++# the instructions in question *every* cycles I would have to ++# implement 6x interleave and use it in loop... ++sub aesni_generate3 ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt3"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &shr ($rounds,1); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &pxor ($inout1,$rndkey0); ++ &pxor ($inout2,$rndkey0); ++ &jmp (&label("${p}3_loop")); ++ &set_label("${p}3_loop",16); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ &dec ($rounds); ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &lea ($key,&DWP(32,$key)); ++ eval"&aes${p} ($inout1,$rndkey0)"; ++ eval"&aes${p} ($inout2,$rndkey0)"; ++ &jnz (&label("${p}3_loop")); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ eval"&aes${p}last ($inout1,$rndkey0)"; ++ eval"&aes${p}last ($inout2,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt3"); ++} ++ ++# 4x interleave is implemented to improve small block performance, ++# most notably [and naturally] 4 block by ~30%. One can argue that one ++# should have implemented 5x as well, but improvement would be <20%, ++# so it's not worth it... ++sub aesni_generate4 ++{ my $p=shift; ++ ++ &function_begin_B("_aesni_${p}rypt4"); ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ &shr ($rounds,1); ++ &lea ($key,&DWP(32,$key)); ++ &pxor ($inout0,$rndkey0); ++ &pxor ($inout1,$rndkey0); ++ &pxor ($inout2,$rndkey0); ++ &pxor ($inout3,$rndkey0); ++ &jmp (&label("${p}3_loop")); ++ &set_label("${p}3_loop",16); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ &dec ($rounds); ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p} ($inout3,$rndkey1)"; ++ &$movekey ($rndkey1,&QWP(16,$key)); ++ eval"&aes${p} ($inout0,$rndkey0)"; ++ &lea ($key,&DWP(32,$key)); ++ eval"&aes${p} ($inout1,$rndkey0)"; ++ eval"&aes${p} ($inout2,$rndkey0)"; ++ eval"&aes${p} ($inout3,$rndkey0)"; ++ &jnz (&label("${p}3_loop")); ++ eval"&aes${p} ($inout0,$rndkey1)"; ++ &$movekey ($rndkey0,&QWP(0,$key)); ++ eval"&aes${p} ($inout1,$rndkey1)"; ++ eval"&aes${p} ($inout2,$rndkey1)"; ++ eval"&aes${p} ($inout3,$rndkey1)"; ++ eval"&aes${p}last ($inout0,$rndkey0)"; ++ eval"&aes${p}last ($inout1,$rndkey0)"; ++ eval"&aes${p}last ($inout2,$rndkey0)"; ++ eval"&aes${p}last ($inout3,$rndkey0)"; ++ &ret(); ++ &function_end_B("_aesni_${p}rypt4"); ++} ++&aesni_generate3("enc") if ($PREFIX eq "aesni"); ++&aesni_generate3("dec"); ++&aesni_generate4("enc") if ($PREFIX eq "aesni"); ++&aesni_generate4("dec"); ++ ++if ($PREFIX eq "aesni") { ++# void aesni_ecb_encrypt (const void *in, void *out, ++# size_t length, const AES_KEY *key, ++# int enc); ++&function_begin("aesni_ecb_encrypt"); ++ &mov ($inp,&wparam(0)); ++ &mov ($out,&wparam(1)); ++ &mov ($len,&wparam(2)); ++ &mov ($key,&wparam(3)); ++ &mov ($rounds,&wparam(4)); ++ &cmp ($len,16); ++ &jb (&label("ecb_ret")); ++ &and ($len,-16); ++ &test ($rounds,$rounds) ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ($key_,$key); # backup $key ++ &mov ($rounds_,$rounds); # backup $rounds ++ &jz (&label("ecb_decrypt")); ++ ++ &sub ($len,0x40); ++ &jbe (&label("ecb_enc_tail")); ++ &jmp (&label("ecb_enc_loop3")); ++ ++&set_label("ecb_enc_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &call ("_aesni_encrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("ecb_enc_loop3")); ++ ++&set_label("ecb_enc_tail"); ++ &add ($len,0x40); ++ &jz (&label("ecb_ret")); ++ ++ &cmp ($len,0x10); ++ &movups ($inout0,&QWP(0,$inp)); ++ &je (&label("ecb_enc_one")); ++ &cmp ($len,0x20); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &je (&label("ecb_enc_two")); ++ &cmp ($len,0x30); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &je (&label("ecb_enc_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_encrypt4"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movups (&QWP(0x30,$out),$inout3); ++ jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_one",16); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_two",16); ++ &call ("_aesni_encrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_enc_three",16); ++ &call ("_aesni_encrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_decrypt",16); ++ &sub ($len,0x40); ++ &jbe (&label("ecb_dec_tail")); ++ &jmp (&label("ecb_dec_loop3")); ++ ++&set_label("ecb_dec_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &call ("_aesni_decrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("ecb_dec_loop3")); ++ ++&set_label("ecb_dec_tail"); ++ &add ($len,0x40); ++ &jz (&label("ecb_ret")); ++ ++ &cmp ($len,0x10); ++ &movups ($inout0,&QWP(0,$inp)); ++ &je (&label("ecb_dec_one")); ++ &cmp ($len,0x20); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &je (&label("ecb_dec_two")); ++ &cmp ($len,0x30); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &je (&label("ecb_dec_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_decrypt4"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movups (&QWP(0x30,$out),$inout3); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_one",16); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_two",16); ++ &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &jmp (&label("ecb_ret")); ++ ++&set_label("ecb_dec_three",16); ++ &call ("_aesni_decrypt3"); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ ++&set_label("ecb_ret"); ++&function_end("aesni_ecb_encrypt"); ++} ++ ++# void $PREFIX_cbc_encrypt (const void *inp, void *out, ++# size_t length, const AES_KEY *key, ++# unsigned char *ivp,const int enc); ++&function_begin("${PREFIX}_cbc_encrypt"); ++ &mov ($inp,&wparam(0)); ++ &mov ($out,&wparam(1)); ++ &mov ($len,&wparam(2)); ++ &mov ($key,&wparam(3)); ++ &test ($len,$len); ++ &mov ($key_,&wparam(4)); ++ &jz (&label("cbc_ret")); ++ ++ &cmp (&wparam(5),0); ++ &movups ($ivec,&QWP(0,$key_)); # load IV ++ &mov ($rounds,&DWP(240,$key)); ++ &mov ($key_,$key); # backup $key ++ &mov ($rounds_,$rounds); # backup $rounds ++ &je (&label("cbc_decrypt")); ++ ++ &movaps ($inout0,$ivec); ++ &cmp ($len,16); ++ &jb (&label("cbc_enc_tail")); ++ &sub ($len,16); ++ &jmp (&label("cbc_enc_loop")); ++ ++&set_label("cbc_enc_loop",16); ++ &movups ($ivec,&QWP(0,$inp)); ++ &lea ($inp,&DWP(16,$inp)); ++ &pxor ($inout0,$ivec); ++ &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt3"); ++ &sub ($len,16); ++ &lea ($out,&DWP(16,$out)); ++ &mov ($rounds,$rounds_); # restore $rounds ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-16,$out),$inout0); ++ &jnc (&label("cbc_enc_loop")); ++ &add ($len,16); ++ &jnz (&label("cbc_enc_tail")); ++ &movaps ($ivec,$inout0); ++ &jmp (&label("cbc_ret")); ++ ++&set_label("cbc_enc_tail"); ++ &mov ("ecx",$len); # zaps $rounds ++ &data_word(0xA4F3F689); # rep movsb ++ &mov ("ecx",16); # zero tail ++ &sub ("ecx",$len); ++ &xor ("eax","eax"); # zaps $len ++ &data_word(0xAAF3F689); # rep stosb ++ &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block ++ &mov ($rounds,$rounds_); # restore $rounds ++ &mov ($inp,$out); # $inp and $out are the same ++ &mov ($key,$key_); # restore $key ++ &jmp (&label("cbc_enc_loop")); ++ ++&set_label("cbc_decrypt",16); ++ &sub ($len,0x40); ++ &jbe (&label("cbc_dec_tail")); ++ &jmp (&label("cbc_dec_loop3")); ++ ++&set_label("cbc_dec_loop3",16); ++ &movups ($inout0,&QWP(0,$inp)); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &movaps ($in0,$inout0); ++ &movaps ($in1,$inout1); ++ &call ("_aesni_decrypt3"); ++ &sub ($len,0x30); ++ &lea ($inp,&DWP(0x30,$inp)); ++ &lea ($out,&DWP(0x30,$out)); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups ($ivec,&QWP(-0x10,$inp)); ++ &pxor ($inout2,$in1); ++ &movups (&QWP(-0x30,$out),$inout0); ++ &mov ($rounds,$rounds_) # restore $rounds ++ &movups (&QWP(-0x20,$out),$inout1); ++ &mov ($key,$key_); # restore $key ++ &movups (&QWP(-0x10,$out),$inout2); ++ &ja (&label("cbc_dec_loop3")); ++ ++&set_label("cbc_dec_tail"); ++ &add ($len,0x40); ++ &jz (&label("cbc_ret")); ++ ++ &movups ($inout0,&QWP(0,$inp)); ++ &cmp ($len,0x10); ++ &movaps ($in0,$inout0); ++ &jbe (&label("cbc_dec_one")); ++ &movups ($inout1,&QWP(0x10,$inp)); ++ &cmp ($len,0x20); ++ &movaps ($in1,$inout1); ++ &jbe (&label("cbc_dec_two")); ++ &movups ($inout2,&QWP(0x20,$inp)); ++ &cmp ($len,0x30); ++ &jbe (&label("cbc_dec_three")); ++ &movups ($inout3,&QWP(0x30,$inp)); ++ &call ("_aesni_decrypt4"); ++ &movups ($rndkey0,&QWP(0x10,$inp)); ++ &movups ($rndkey1,&QWP(0x20,$inp)); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups ($ivec,&QWP(0x30,$inp)); ++ &movups (&QWP(0,$out),$inout0); ++ &pxor ($inout2,$rndkey0); ++ &pxor ($inout3,$rndkey1); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movups (&QWP(0x20,$out),$inout2); ++ &movaps ($inout0,$inout3); ++ &lea ($out,&DWP(0x30,$out)); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_one"); ++ &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &movaps ($ivec,$in0); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_two"); ++ &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &movups (&QWP(0,$out),$inout0); ++ &movaps ($inout0,$inout1); ++ &movaps ($ivec,$in1); ++ &lea ($out,&DWP(0x10,$out)); ++ &jmp (&label("cbc_dec_tail_collected")); ++ ++&set_label("cbc_dec_three"); ++ &call ("_aesni_decrypt3"); ++ &pxor ($inout0,$ivec); ++ &pxor ($inout1,$in0); ++ &pxor ($inout2,$in1); ++ &movups (&QWP(0,$out),$inout0); ++ &movups (&QWP(0x10,$out),$inout1); ++ &movaps ($inout0,$inout2); ++ &movups ($ivec,&QWP(0x20,$inp)); ++ &lea ($out,&DWP(0x20,$out)); ++ ++&set_label("cbc_dec_tail_collected"); ++ &and ($len,15); ++ &jnz (&label("cbc_dec_tail_partial")); ++ &movups (&QWP(0,$out),$inout0); ++ &jmp (&label("cbc_ret")); ++ ++&set_label("cbc_dec_tail_partial"); ++ &mov ($key_,"esp"); ++ &sub ("esp",16); ++ &and ("esp",-16); ++ &movaps (&QWP(0,"esp"),$inout0); ++ &mov ($inp,"esp"); ++ &mov ("ecx",$len); ++ &data_word(0xA4F3F689); # rep movsb ++ &mov ("esp",$key_); ++ ++&set_label("cbc_ret"); ++ &mov ($key_,&wparam(4)); ++ &movups (&QWP(0,$key_),$ivec); # output IV ++&function_end("${PREFIX}_cbc_encrypt"); ++ ++# Mechanical port from aesni-x86_64.pl. ++# ++# _aesni_set_encrypt_key is private interface, ++# input: ++# "eax" const unsigned char *userKey ++# $rounds int bits ++# $key AES_KEY *key ++# output: ++# "eax" return code ++# $round rounds ++ ++&function_begin_B("_aesni_set_encrypt_key"); ++ &test ("eax","eax"); ++ &jz (&label("bad_pointer")); ++ &test ($key,$key); ++ &jz (&label("bad_pointer")); ++ ++ &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey ++ &pxor ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 ++ &lea ($key,&DWP(16,$key)); ++ &cmp ($rounds,256); ++ &je (&label("14rounds")); ++ &cmp ($rounds,192); ++ &je (&label("12rounds")); ++ &cmp ($rounds,128); ++ &jne (&label("bad_keybits")); ++ ++&set_label("10rounds",16); ++ &mov ($rounds,9); ++ &$movekey (&QWP(-16,$key),"xmm0"); # round 0 ++ &aeskeygenassist("xmm1","xmm0",0x01); # round 1 ++ &call (&label("key_128_cold")); ++ &aeskeygenassist("xmm1","xmm0",0x2); # round 2 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x04); # round 3 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x08); # round 4 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x10); # round 5 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x20); # round 6 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x40); # round 7 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x80); # round 8 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x1b); # round 9 ++ &call (&label("key_128")); ++ &aeskeygenassist("xmm1","xmm0",0x36); # round 10 ++ &call (&label("key_128")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(80,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_128",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_128_cold"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100,); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b11111111); # critical path ++ &pxor ("xmm0","xmm1"); ++ &ret(); ++ ++&set_label("12rounds",16); ++ &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey ++ &mov ($rounds,11); ++ &$movekey (&QWP(-16,$key),"xmm0") # round 0 ++ &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 ++ &call (&label("key_192a_cold")); ++ &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9 ++ &call (&label("key_192b")); ++ &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11 ++ &call (&label("key_192a")); ++ &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12 ++ &call (&label("key_192b")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(48,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_192a",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_192a_cold",16); ++ &movaps ("xmm5","xmm2"); ++&set_label("key_192b_warm"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &movaps ("xmm3","xmm2"); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100); ++ &pslldq ("xmm3",4); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b01010101); # critical path ++ &pxor ("xmm2","xmm3"); ++ &pxor ("xmm0","xmm1"); ++ &pshufd ("xmm3","xmm0",0b11111111); ++ &pxor ("xmm2","xmm3"); ++ &ret(); ++ ++&set_label("key_192b",16); ++ &movaps ("xmm3","xmm0"); ++ &shufps ("xmm5","xmm0",0b01000100); ++ &$movekey (&QWP(0,$key),"xmm5"); ++ &shufps ("xmm3","xmm2",0b01001110); ++ &$movekey (&QWP(16,$key),"xmm3"); ++ &lea ($key,&DWP(32,$key)); ++ &jmp (&label("key_192b_warm")); ++ ++&set_label("14rounds",16); ++ &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey ++ &mov ($rounds,13); ++ &lea ($key,&DWP(16,$key)); ++ &$movekey (&QWP(-32,$key),"xmm0"); # round 0 ++ &$movekey (&QWP(-16,$key),"xmm2"); # round 1 ++ &aeskeygenassist("xmm1","xmm2",0x01); # round 2 ++ &call (&label("key_256a_cold")); ++ &aeskeygenassist("xmm1","xmm0",0x01); # round 3 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x02); # round 4 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x02); # round 5 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x04); # round 6 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x04); # round 7 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x08); # round 8 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x08); # round 9 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x10); # round 10 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x10); # round 11 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x20); # round 12 ++ &call (&label("key_256a")); ++ &aeskeygenassist("xmm1","xmm0",0x20); # round 13 ++ &call (&label("key_256b")); ++ &aeskeygenassist("xmm1","xmm2",0x40); # round 14 ++ &call (&label("key_256a")); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &mov (&DWP(16,$key),$rounds); ++ &xor ("eax","eax"); ++ &ret(); ++ ++&set_label("key_256a",16); ++ &$movekey (&QWP(0,$key),"xmm2"); ++ &lea ($key,&DWP(16,$key)); ++&set_label("key_256a_cold"); ++ &shufps ("xmm4","xmm0",0b00010000); ++ &pxor ("xmm0","xmm4"); ++ &shufps ("xmm4","xmm0",0b10001100); ++ &pxor ("xmm0","xmm4"); ++ &pshufd ("xmm1","xmm1",0b11111111); # critical path ++ &pxor ("xmm0","xmm1"); ++ &ret(); ++ ++&set_label("key_256b",16); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ &lea ($key,&DWP(16,$key)); ++ ++ &shufps ("xmm4","xmm2",0b00010000); ++ &pxor ("xmm2","xmm4"); ++ &shufps ("xmm4","xmm2",0b10001100); ++ &pxor ("xmm2","xmm4"); ++ &pshufd ("xmm1","xmm1",0b10101010); # critical path ++ &pxor ("xmm2","xmm1"); ++ &ret(); ++ ++&set_label("bad_pointer",4); ++ &mov ("eax",-1); ++ &ret (); ++&set_label("bad_keybits",4); ++ &mov ("eax",-2); ++ &ret (); ++&function_end_B("_aesni_set_encrypt_key"); ++ ++# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, ++# AES_KEY *key) ++&function_begin_B("${PREFIX}_set_encrypt_key"); ++ &mov ("eax",&wparam(0)); ++ &mov ($rounds,&wparam(1)); ++ &mov ($key,&wparam(2)); ++ &call ("_aesni_set_encrypt_key"); ++ &ret (); ++&function_end_B("${PREFIX}_set_encrypt_key"); ++ ++# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits, ++# AES_KEY *key) ++&function_begin_B("${PREFIX}_set_decrypt_key"); ++ &mov ("eax",&wparam(0)); ++ &mov ($rounds,&wparam(1)); ++ &mov ($key,&wparam(2)); ++ &call ("_aesni_set_encrypt_key"); ++ &mov ($key,&wparam(2)); ++ &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key ++ &test ("eax","eax"); ++ &jnz (&label("dec_key_ret")); ++ &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule ++ ++ &$movekey ("xmm0",&QWP(0,$key)); # just swap ++ &$movekey ("xmm1",&QWP(0,"eax")); ++ &$movekey (&QWP(0,"eax"),"xmm0"); ++ &$movekey (&QWP(0,$key),"xmm1"); ++ &lea ($key,&DWP(16,$key)); ++ &lea ("eax",&DWP(-16,"eax")); ++ ++&set_label("dec_key_inverse"); ++ &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse ++ &$movekey ("xmm1",&QWP(0,"eax")); ++ &aesimc ("xmm0","xmm0"); ++ &aesimc ("xmm1","xmm1"); ++ &lea ($key,&DWP(16,$key)); ++ &lea ("eax",&DWP(-16,"eax")); ++ &cmp ("eax",$key); ++ &$movekey (&QWP(16,"eax"),"xmm0"); ++ &$movekey (&QWP(-16,$key),"xmm1"); ++ &ja (&label("dec_key_inverse")); ++ ++ &$movekey ("xmm0",&QWP(0,$key)); # inverse middle ++ &aesimc ("xmm0","xmm0"); ++ &$movekey (&QWP(0,$key),"xmm0"); ++ ++ &xor ("eax","eax"); # return success ++&set_label("dec_key_ret"); ++ &ret (); ++&function_end_B("${PREFIX}_set_decrypt_key"); ++&asciz("AES for Intel AES-NI, CRYPTOGAMS by "); ++ ++&asm_finish(); +Index: b/crypto/aes/asm/aesni-x86_64.pl +=================================================================== +--- /dev/null ++++ b/crypto/aes/asm/aesni-x86_64.pl +@@ -0,0 +1,991 @@ ++#!/usr/local/bin/perl ++# ++# ==================================================================== ++# Written by Andy Polyakov for the OpenSSL ++# project. The module is, however, dual licensed under OpenSSL and ++# CRYPTOGAMS licenses depending on where you obtain it. For further ++# details see http://www.openssl.org/~appro/cryptogams/. ++# ==================================================================== ++# ++# This module implements support for Intel AES-NI extension. In ++# OpenSSL context it's used with Intel engine, but can also be used as ++# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for ++# details]. ++ ++$PREFIX="aesni"; # if $PREFIX is set to "AES", the script ++ # generates drop-in replacement for ++ # crypto/aes/asm/aes-x86_64.pl:-) ++ ++$flavour = shift; ++$output = shift; ++if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } ++ ++$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or ++die "can't locate x86_64-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour $output"; ++ ++$movkey = $PREFIX eq "aesni" ? "movaps" : "movups"; ++@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order ++ ("%rdi","%rsi","%rdx","%rcx"); # Unix order ++ ++$code=".text\n"; ++ ++$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! ++# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... ++$inp="%rdi"; ++$out="%rsi"; ++$len="%rdx"; ++$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!! ++$ivp="%r8"; # cbc ++ ++$rnds_="%r10d"; # backup copy for $rounds ++$key_="%r11"; # backup copy for $key ++ ++# %xmm register layout ++$inout0="%xmm0"; $inout1="%xmm1"; ++$inout2="%xmm2"; $inout3="%xmm3"; ++$rndkey0="%xmm4"; $rndkey1="%xmm5"; ++ ++$iv="%xmm6"; $in0="%xmm7"; # used in CBC decrypt ++$in1="%xmm8"; $in2="%xmm9"; ++ ++# Inline version of internal aesni_[en|de]crypt1. ++# ++# Why folded loop? Because aes[enc|dec] is slow enough to accommodate ++# cycles which take care of loop variables... ++{ my $sn; ++sub aesni_generate1 { ++my ($p,$key,$rounds)=@_; ++++$sn; ++$code.=<<___; ++ $movkey ($key),$rndkey0 ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++.Loop_${p}1_$sn: ++ aes${p} $rndkey1,$inout0 ++ dec $rounds ++ $movkey ($key),$rndkey1 ++ lea 16($key),$key ++ jnz .Loop_${p}1_$sn # loop body is 16 bytes ++ aes${p}last $rndkey1,$inout0 ++___ ++}} ++# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key); ++# ++{ my ($inp,$out,$key) = @_4args; ++ ++$code.=<<___; ++.globl ${PREFIX}_encrypt ++.type ${PREFIX}_encrypt,\@abi-omnipotent ++.align 16 ++${PREFIX}_encrypt: ++ movups ($inp),$inout0 # load input ++ mov 240($key),$rounds # pull $rounds ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) # output ++ ret ++.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt ++ ++.globl ${PREFIX}_decrypt ++.type ${PREFIX}_decrypt,\@abi-omnipotent ++.align 16 ++${PREFIX}_decrypt: ++ movups ($inp),$inout0 # load input ++ mov 240($key),$rounds # pull $rounds ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) # output ++ ret ++.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt ++___ ++} ++ ++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave ++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] ++# latency is 6, it turned out that it can be scheduled only every ++# *second* cycle. Thus 3x interleave is the one providing optimal ++# utilization, i.e. when subroutine's throughput is virtually same as ++# of non-interleaved subroutine [for number of input blocks up to 3]. ++# This is why it makes no sense to implement 2x subroutine. As soon ++# as/if Intel improves throughput by making it possible to schedule ++# the instructions in question *every* cycles I would have to ++# implement 6x interleave and use it in loop... ++sub aesni_generate3 { ++my $dir=shift; ++# As already mentioned it takes in $key and $rounds, which are *not* ++# preserved. $inout[0-2] is cipher/clear text... ++$code.=<<___; ++.type _aesni_${dir}rypt3,\@abi-omnipotent ++.align 16 ++_aesni_${dir}rypt3: ++ $movkey ($key),$rndkey0 ++ shr \$1,$rounds ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++ pxor $rndkey0,$inout1 ++ pxor $rndkey0,$inout2 ++ ++.L${dir}_loop3: ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ dec $rounds ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey0,$inout0 ++ $movkey 16($key),$rndkey1 ++ aes${dir} $rndkey0,$inout1 ++ lea 32($key),$key ++ aes${dir} $rndkey0,$inout2 ++ jnz .L${dir}_loop3 ++ ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ aes${dir} $rndkey1,$inout2 ++ aes${dir}last $rndkey0,$inout0 ++ aes${dir}last $rndkey0,$inout1 ++ aes${dir}last $rndkey0,$inout2 ++ ret ++.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 ++___ ++} ++# 4x interleave is implemented to improve small block performance, ++# most notably [and naturally] 4 block by ~30%. One can argue that one ++# should have implemented 5x as well, but improvement would be <20%, ++# so it's not worth it... ++sub aesni_generate4 { ++my $dir=shift; ++# As already mentioned it takes in $key and $rounds, which are *not* ++# preserved. $inout[0-3] is cipher/clear text... ++$code.=<<___; ++.type _aesni_${dir}rypt4,\@abi-omnipotent ++.align 16 ++_aesni_${dir}rypt4: ++ $movkey ($key),$rndkey0 ++ shr \$1,$rounds ++ $movkey 16($key),$rndkey1 ++ lea 32($key),$key ++ pxor $rndkey0,$inout0 ++ pxor $rndkey0,$inout1 ++ pxor $rndkey0,$inout2 ++ pxor $rndkey0,$inout3 ++ ++.L${dir}_loop4: ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ dec $rounds ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey1,$inout3 ++ aes${dir} $rndkey0,$inout0 ++ $movkey 16($key),$rndkey1 ++ aes${dir} $rndkey0,$inout1 ++ lea 32($key),$key ++ aes${dir} $rndkey0,$inout2 ++ aes${dir} $rndkey0,$inout3 ++ jnz .L${dir}_loop4 ++ ++ aes${dir} $rndkey1,$inout0 ++ $movkey ($key),$rndkey0 ++ aes${dir} $rndkey1,$inout1 ++ aes${dir} $rndkey1,$inout2 ++ aes${dir} $rndkey1,$inout3 ++ aes${dir}last $rndkey0,$inout0 ++ aes${dir}last $rndkey0,$inout1 ++ aes${dir}last $rndkey0,$inout2 ++ aes${dir}last $rndkey0,$inout3 ++ ret ++.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 ++___ ++} ++&aesni_generate3("enc") if ($PREFIX eq "aesni"); ++&aesni_generate3("dec"); ++&aesni_generate4("enc") if ($PREFIX eq "aesni"); ++&aesni_generate4("dec"); ++ ++if ($PREFIX eq "aesni") { ++# void aesni_ecb_encrypt (const void *in, void *out, ++# size_t length, const AES_KEY *key, ++# int enc); ++$code.=<<___; ++.globl aesni_ecb_encrypt ++.type aesni_ecb_encrypt,\@function,5 ++.align 16 ++aesni_ecb_encrypt: ++ cmp \$16,$len # check length ++ jb .Lecb_ret ++ ++ mov 240($key),$rounds # pull $rounds ++ and \$-16,$len ++ mov $key,$key_ # backup $key ++ test %r8d,%r8d # 5th argument ++ mov $rounds,$rnds_ # backup $rounds ++ jz .Lecb_decrypt ++#--------------------------- ECB ENCRYPT ------------------------------# ++ sub \$0x40,$len ++ jbe .Lecb_enc_tail ++ jmp .Lecb_enc_loop3 ++.align 16 ++.Lecb_enc_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ call _aesni_encrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lecb_enc_loop3 ++ ++.Lecb_enc_tail: ++ add \$0x40,$len ++ jz .Lecb_ret ++ ++ cmp \$0x10,$len ++ movups ($inp),$inout0 ++ je .Lecb_enc_one ++ cmp \$0x20,$len ++ movups 0x10($inp),$inout1 ++ je .Lecb_enc_two ++ cmp \$0x30,$len ++ movups 0x20($inp),$inout2 ++ je .Lecb_enc_three ++ movups 0x30($inp),$inout3 ++ call _aesni_encrypt4 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ movups $inout3,0x30($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_one: ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_two: ++ call _aesni_encrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_enc_three: ++ call _aesni_encrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ jmp .Lecb_ret ++ #--------------------------- ECB DECRYPT ------------------------------# ++.align 16 ++.Lecb_decrypt: ++ sub \$0x40,$len ++ jbe .Lecb_dec_tail ++ jmp .Lecb_dec_loop3 ++.align 16 ++.Lecb_dec_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ call _aesni_decrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lecb_dec_loop3 ++ ++.Lecb_dec_tail: ++ add \$0x40,$len ++ jz .Lecb_ret ++ ++ cmp \$0x10,$len ++ movups ($inp),$inout0 ++ je .Lecb_dec_one ++ cmp \$0x20,$len ++ movups 0x10($inp),$inout1 ++ je .Lecb_dec_two ++ cmp \$0x30,$len ++ movups 0x20($inp),$inout2 ++ je .Lecb_dec_three ++ movups 0x30($inp),$inout3 ++ call _aesni_decrypt4 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ movups $inout3,0x30($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_one: ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ movups $inout0,($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_two: ++ call _aesni_decrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ jmp .Lecb_ret ++.align 16 ++.Lecb_dec_three: ++ call _aesni_decrypt3 ++ movups $inout0,($out) ++ movups $inout1,0x10($out) ++ movups $inout2,0x20($out) ++ ++.Lecb_ret: ++ ret ++.size aesni_ecb_encrypt,.-aesni_ecb_encrypt ++___ ++} ++ ++# void $PREFIX_cbc_encrypt (const void *inp, void *out, ++# size_t length, const AES_KEY *key, ++# unsigned char *ivp,const int enc); ++$reserved = $win64?0x40:-0x18; # used in decrypt ++$code.=<<___; ++.globl ${PREFIX}_cbc_encrypt ++.type ${PREFIX}_cbc_encrypt,\@function,6 ++.align 16 ++${PREFIX}_cbc_encrypt: ++ test $len,$len # check length ++ jz .Lcbc_ret ++ ++ mov 240($key),$rnds_ # pull $rounds ++ mov $key,$key_ # backup $key ++ test %r9d,%r9d # 6th argument ++ jz .Lcbc_decrypt ++#--------------------------- CBC ENCRYPT ------------------------------# ++ movups ($ivp),$inout0 # load iv as initial state ++ cmp \$16,$len ++ mov $rnds_,$rounds ++ jb .Lcbc_enc_tail ++ sub \$16,$len ++ jmp .Lcbc_enc_loop ++.align 16 ++.Lcbc_enc_loop: ++ movups ($inp),$inout1 # load input ++ lea 16($inp),$inp ++ pxor $inout1,$inout0 ++___ ++ &aesni_generate1("enc",$key,$rounds); ++$code.=<<___; ++ sub \$16,$len ++ lea 16($out),$out ++ mov $rnds_,$rounds # restore $rounds ++ mov $key_,$key # restore $key ++ movups $inout0,-16($out) # store output ++ jnc .Lcbc_enc_loop ++ add \$16,$len ++ jnz .Lcbc_enc_tail ++ movups $inout0,($ivp) ++ jmp .Lcbc_ret ++ ++.Lcbc_enc_tail: ++ mov $len,%rcx # zaps $key ++ xchg $inp,$out # $inp is %rsi and $out is %rdi now ++ .long 0x9066A4F3 # rep movsb ++ mov \$16,%ecx # zero tail ++ sub $len,%rcx ++ xor %eax,%eax ++ .long 0x9066AAF3 # rep stosb ++ lea -16(%rdi),%rdi # rewind $out by 1 block ++ mov $rnds_,$rounds # restore $rounds ++ mov %rdi,%rsi # $inp and $out are the same ++ mov $key_,$key # restore $key ++ xor $len,$len # len=16 ++ jmp .Lcbc_enc_loop # one more spin ++ #--------------------------- CBC DECRYPT ------------------------------# ++.align 16 ++.Lcbc_decrypt: ++___ ++$code.=<<___ if ($win64); ++ lea -0x58(%rsp),%rsp ++ movaps %xmm6,(%rsp) ++ movaps %xmm7,0x10(%rsp) ++ movaps %xmm8,0x20(%rsp) ++ movaps %xmm9,0x30(%rsp) ++.Lcbc_decrypt_body: ++___ ++$code.=<<___; ++ movups ($ivp),$iv ++ sub \$0x40,$len ++ mov $rnds_,$rounds ++ jbe .Lcbc_dec_tail ++ jmp .Lcbc_dec_loop3 ++.align 16 ++.Lcbc_dec_loop3: ++ movups ($inp),$inout0 ++ movups 0x10($inp),$inout1 ++ movups 0x20($inp),$inout2 ++ movaps $inout0,$in0 ++ movaps $inout1,$in1 ++ movaps $inout2,$in2 ++ call _aesni_decrypt3 ++ sub \$0x30,$len ++ lea 0x30($inp),$inp ++ lea 0x30($out),$out ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movaps $in2,$iv ++ pxor $in1,$inout2 ++ movups $inout0,-0x30($out) ++ mov $rnds_,$rounds # restore $rounds ++ movups $inout1,-0x20($out) ++ mov $key_,$key # restore $key ++ movups $inout2,-0x10($out) ++ ja .Lcbc_dec_loop3 ++ ++.Lcbc_dec_tail: ++ add \$0x40,$len ++ movups $iv,($ivp) ++ jz .Lcbc_dec_ret ++ ++ movups ($inp),$inout0 ++ cmp \$0x10,$len ++ movaps $inout0,$in0 ++ jbe .Lcbc_dec_one ++ movups 0x10($inp),$inout1 ++ cmp \$0x20,$len ++ movaps $inout1,$in1 ++ jbe .Lcbc_dec_two ++ movups 0x20($inp),$inout2 ++ cmp \$0x30,$len ++ movaps $inout2,$in2 ++ jbe .Lcbc_dec_three ++ movups 0x30($inp),$inout3 ++ call _aesni_decrypt4 ++ pxor $iv,$inout0 ++ movups 0x30($inp),$iv ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ pxor $in1,$inout2 ++ movups $inout1,0x10($out) ++ pxor $in2,$inout3 ++ movups $inout2,0x20($out) ++ movaps $inout3,$inout0 ++ lea 0x30($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_one: ++___ ++ &aesni_generate1("dec",$key,$rounds); ++$code.=<<___; ++ pxor $iv,$inout0 ++ movaps $in0,$iv ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_two: ++ call _aesni_decrypt3 ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ movaps $in1,$iv ++ movaps $inout1,$inout0 ++ lea 0x10($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_three: ++ call _aesni_decrypt3 ++ pxor $iv,$inout0 ++ pxor $in0,$inout1 ++ movups $inout0,($out) ++ pxor $in1,$inout2 ++ movups $inout1,0x10($out) ++ movaps $in2,$iv ++ movaps $inout2,$inout0 ++ lea 0x20($out),$out ++ jmp .Lcbc_dec_tail_collected ++.align 16 ++.Lcbc_dec_tail_collected: ++ and \$15,$len ++ movups $iv,($ivp) ++ jnz .Lcbc_dec_tail_partial ++ movups $inout0,($out) ++ jmp .Lcbc_dec_ret ++.Lcbc_dec_tail_partial: ++ movaps $inout0,$reserved(%rsp) ++ mov $out,%rdi ++ mov $len,%rcx ++ lea $reserved(%rsp),%rsi ++ .long 0x9066A4F3 # rep movsb ++ ++.Lcbc_dec_ret: ++___ ++$code.=<<___ if ($win64); ++ movaps (%rsp),%xmm6 ++ movaps 0x10(%rsp),%xmm7 ++ movaps 0x20(%rsp),%xmm8 ++ movaps 0x30(%rsp),%xmm9 ++ lea 0x58(%rsp),%rsp ++___ ++$code.=<<___; ++.Lcbc_ret: ++ ret ++.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ++___ ++ ++# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, ++# int bits, AES_KEY *key) ++{ my ($inp,$bits,$key) = @_4args; ++ $bits =~ s/%r/%e/; ++ ++$code.=<<___; ++.globl ${PREFIX}_set_decrypt_key ++.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent ++.align 16 ++${PREFIX}_set_decrypt_key: ++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 ++ call _aesni_set_encrypt_key ++ shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key ++ test %eax,%eax ++ jnz .Ldec_key_ret ++ lea 16($key,$bits),$inp # points at the end of key schedule ++ ++ $movkey ($key),%xmm0 # just swap ++ $movkey ($inp),%xmm1 ++ $movkey %xmm0,($inp) ++ $movkey %xmm1,($key) ++ lea 16($key),$key ++ lea -16($inp),$inp ++ ++.Ldec_key_inverse: ++ $movkey ($key),%xmm0 # swap and inverse ++ $movkey ($inp),%xmm1 ++ aesimc %xmm0,%xmm0 ++ aesimc %xmm1,%xmm1 ++ lea 16($key),$key ++ lea -16($inp),$inp ++ cmp $key,$inp ++ $movkey %xmm0,16($inp) ++ $movkey %xmm1,-16($key) ++ ja .Ldec_key_inverse ++ ++ $movkey ($key),%xmm0 # inverse middle ++ aesimc %xmm0,%xmm0 ++ $movkey %xmm0,($inp) ++.Ldec_key_ret: ++ add \$8,%rsp ++ ret ++.LSEH_end_set_decrypt_key: ++.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key ++___ ++ ++# This is based on submission by ++# ++# Huang Ying ++# Vinodh Gopal ++# Kahraman Akdemir ++# ++# Agressively optimized in respect to aeskeygenassist's critical path ++# and is contained in %xmm0-5 to meet Win64 ABI requirement. ++# ++$code.=<<___; ++.globl ${PREFIX}_set_encrypt_key ++.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent ++.align 16 ++${PREFIX}_set_encrypt_key: ++_aesni_set_encrypt_key: ++ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 ++ test $inp,$inp ++ mov \$-1,%rax ++ jz .Lenc_key_ret ++ test $key,$key ++ jz .Lenc_key_ret ++ ++ movups ($inp),%xmm0 # pull first 128 bits of *userKey ++ pxor %xmm4,%xmm4 # low dword of xmm4 is assumed 0 ++ lea 16($key),%rax ++ cmp \$256,$bits ++ je .L14rounds ++ cmp \$192,$bits ++ je .L12rounds ++ cmp \$128,$bits ++ jne .Lbad_keybits ++ ++.L10rounds: ++ mov \$9,$bits # 10 rounds for 128-bit key ++ $movkey %xmm0,($key) # round 0 ++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 ++ call .Lkey_expansion_128_cold ++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9 ++ call .Lkey_expansion_128 ++ aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10 ++ call .Lkey_expansion_128 ++ $movkey %xmm0,(%rax) ++ mov $bits,80(%rax) # 240(%rdx) ++ xor %eax,%eax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.L12rounds: ++ movq 16($inp),%xmm2 # remaining 1/3 of *userKey ++ mov \$11,$bits # 12 rounds for 192 ++ $movkey %xmm0,($key) # round 0 ++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 ++ call .Lkey_expansion_192a_cold ++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9 ++ call .Lkey_expansion_192b ++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11 ++ call .Lkey_expansion_192a ++ aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12 ++ call .Lkey_expansion_192b ++ $movkey %xmm0,(%rax) ++ mov $bits,48(%rax) # 240(%rdx) ++ xor %rax, %rax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.L14rounds: ++ movups 16($inp),%xmm2 # remaning half of *userKey ++ mov \$13,$bits # 14 rounds for 256 ++ lea 16(%rax),%rax ++ $movkey %xmm0,($key) # round 0 ++ $movkey %xmm2,16($key) # round 1 ++ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 ++ call .Lkey_expansion_256a_cold ++ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12 ++ call .Lkey_expansion_256a ++ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13 ++ call .Lkey_expansion_256b ++ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14 ++ call .Lkey_expansion_256a ++ $movkey %xmm0,(%rax) ++ mov $bits,16(%rax) # 240(%rdx) ++ xor %rax,%rax ++ jmp .Lenc_key_ret ++ ++.align 16 ++.Lbad_keybits: ++ mov \$-2,%rax ++.Lenc_key_ret: ++ add \$8,%rsp ++ ret ++.LSEH_end_set_encrypt_key: ++ ++.align 16 ++.Lkey_expansion_128: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_128_cold: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ pxor %xmm4, %xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pxor %xmm4, %xmm0 ++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm0 ++ ret ++ ++.align 16 ++.Lkey_expansion_192a: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_192a_cold: ++ movaps %xmm2, %xmm5 ++.Lkey_expansion_192b_warm: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ movaps %xmm2,%xmm3 ++ pxor %xmm4,%xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pslldq \$4,%xmm3 ++ pxor %xmm4,%xmm0 ++ pshufd \$0b01010101,%xmm1,%xmm1 # critical path ++ pxor %xmm3,%xmm2 ++ pxor %xmm1,%xmm0 ++ pshufd \$0b11111111,%xmm0,%xmm3 ++ pxor %xmm3,%xmm2 ++ ret ++ ++.align 16 ++.Lkey_expansion_192b: ++ movaps %xmm0,%xmm3 ++ shufps \$0b01000100,%xmm0,%xmm5 ++ $movkey %xmm5,(%rax) ++ shufps \$0b01001110,%xmm2,%xmm3 ++ $movkey %xmm3,16(%rax) ++ lea 32(%rax),%rax ++ jmp .Lkey_expansion_192b_warm ++ ++.align 16 ++.Lkey_expansion_256a: ++ $movkey %xmm2,(%rax) ++ lea 16(%rax),%rax ++.Lkey_expansion_256a_cold: ++ shufps \$0b00010000,%xmm0,%xmm4 ++ pxor %xmm4,%xmm0 ++ shufps \$0b10001100,%xmm0,%xmm4 ++ pxor %xmm4,%xmm0 ++ pshufd \$0b11111111,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm0 ++ ret ++ ++.align 16 ++.Lkey_expansion_256b: ++ $movkey %xmm0,(%rax) ++ lea 16(%rax),%rax ++ ++ shufps \$0b00010000,%xmm2,%xmm4 ++ pxor %xmm4,%xmm2 ++ shufps \$0b10001100,%xmm2,%xmm4 ++ pxor %xmm4,%xmm2 ++ pshufd \$0b10101010,%xmm1,%xmm1 # critical path ++ pxor %xmm1,%xmm2 ++ ret ++.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key ++___ ++} ++ ++$code.=<<___; ++.asciz "AES for Intel AES-NI, CRYPTOGAMS by " ++.align 64 ++___ ++ ++# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, ++# CONTEXT *context,DISPATCHER_CONTEXT *disp) ++if ($win64) { ++$rec="%rcx"; ++$frame="%rdx"; ++$context="%r8"; ++$disp="%r9"; ++ ++$code.=<<___; ++.extern __imp_RtlVirtualUnwind ++.type cbc_se_handler,\@abi-omnipotent ++.align 16 ++cbc_se_handler: ++ push %rsi ++ push %rdi ++ push %rbx ++ push %rbp ++ push %r12 ++ push %r13 ++ push %r14 ++ push %r15 ++ pushfq ++ sub \$64,%rsp ++ ++ mov 152($context),%rax # pull context->Rsp ++ mov 248($context),%rbx # pull context->Rip ++ ++ lea .Lcbc_decrypt(%rip),%r10 ++ cmp %r10,%rbx # context->Rip<"prologue" label ++ jb .Lin_prologue ++ ++ lea .Lcbc_decrypt_body(%rip),%r10 ++ cmp %r10,%rbx # context->RipRip>="epilogue" label ++ jae .Lin_prologue ++ ++ lea 0(%rax),%rsi # top of stack ++ lea 512($context),%rdi # &context.Xmm6 ++ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) ++ .long 0xa548f3fc # cld; rep movsq ++ lea 0x58(%rax),%rax # adjust stack pointer ++ jmp .Lin_prologue ++ ++.Lrestore_rax: ++ mov 120($context),%rax ++.Lin_prologue: ++ mov 8(%rax),%rdi ++ mov 16(%rax),%rsi ++ mov %rax,152($context) # restore context->Rsp ++ mov %rsi,168($context) # restore context->Rsi ++ mov %rdi,176($context) # restore context->Rdi ++ ++ jmp .Lcommon_seh_exit ++.size cbc_se_handler,.-cbc_se_handler ++ ++.type ecb_se_handler,\@abi-omnipotent ++.align 16 ++ecb_se_handler: ++ push %rsi ++ push %rdi ++ push %rbx ++ push %rbp ++ push %r12 ++ push %r13 ++ push %r14 ++ push %r15 ++ pushfq ++ sub \$64,%rsp ++ ++ mov 152($context),%rax # pull context->Rsp ++ mov 8(%rax),%rdi ++ mov 16(%rax),%rsi ++ mov %rsi,168($context) # restore context->Rsi ++ mov %rdi,176($context) # restore context->Rdi ++ ++.Lcommon_seh_exit: ++ ++ mov 40($disp),%rdi # disp->ContextRecord ++ mov $context,%rsi # context ++ mov \$154,%ecx # sizeof(CONTEXT) ++ .long 0xa548f3fc # cld; rep movsq ++ ++ mov $disp,%rsi ++ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER ++ mov 8(%rsi),%rdx # arg2, disp->ImageBase ++ mov 0(%rsi),%r8 # arg3, disp->ControlPc ++ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry ++ mov 40(%rsi),%r10 # disp->ContextRecord ++ lea 56(%rsi),%r11 # &disp->HandlerData ++ lea 24(%rsi),%r12 # &disp->EstablisherFrame ++ mov %r10,32(%rsp) # arg5 ++ mov %r11,40(%rsp) # arg6 ++ mov %r12,48(%rsp) # arg7 ++ mov %rcx,56(%rsp) # arg8, (NULL) ++ call *__imp_RtlVirtualUnwind(%rip) ++ ++ mov \$1,%eax # ExceptionContinueSearch ++ add \$64,%rsp ++ popfq ++ pop %r15 ++ pop %r14 ++ pop %r13 ++ pop %r12 ++ pop %rbp ++ pop %rbx ++ pop %rdi ++ pop %rsi ++ ret ++.size cbc_se_handler,.-cbc_se_handler ++ ++.section .pdata ++.align 4 ++ .rva .LSEH_begin_${PREFIX}_ecb_encrypt ++ .rva .LSEH_end_${PREFIX}_ecb_encrypt ++ .rva .LSEH_info_ecb ++ ++ .rva .LSEH_begin_${PREFIX}_cbc_encrypt ++ .rva .LSEH_end_${PREFIX}_cbc_encrypt ++ .rva .LSEH_info_cbc ++ ++ .rva ${PREFIX}_set_decrypt_key ++ .rva .LSEH_end_set_decrypt_key ++ .rva .LSEH_info_key ++ ++ .rva ${PREFIX}_set_encrypt_key ++ .rva .LSEH_end_set_encrypt_key ++ .rva .LSEH_info_key ++.section .xdata ++.align 8 ++.LSEH_info_ecb: ++ .byte 9,0,0,0 ++ .rva ecb_se_handler ++.LSEH_info_cbc: ++ .byte 9,0,0,0 ++ .rva cbc_se_handler ++.LSEH_info_key: ++ .byte 0x01,0x04,0x01,0x00 ++ .byte 0x04,0x02,0x00,0x00 ++___ ++} ++ ++sub rex { ++ local *opcode=shift; ++ my ($dst,$src)=@_; ++ ++ if ($dst>=8 || $src>=8) { ++ $rex=0x40; ++ $rex|=0x04 if($dst>=8); ++ $rex|=0x01 if($src>=8); ++ push @opcode,$rex; ++ } ++} ++ ++sub aesni { ++ my $line=shift; ++ my @opcode=(0x66); ++ ++ if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { ++ rex(\@opcode,$4,$3); ++ push @opcode,0x0f,0x3a,0xdf; ++ push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M ++ my $c=$2; ++ push @opcode,$c=~/^0/?oct($c):$c; ++ return ".byte\t".join(',',@opcode); ++ } ++ elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { ++ my %opcodelet = ( ++ "aesimc" => 0xdb, ++ "aesenc" => 0xdc, "aesenclast" => 0xdd, ++ "aesdec" => 0xde, "aesdeclast" => 0xdf ++ ); ++ return undef if (!defined($opcodelet{$1})); ++ rex(\@opcode,$3,$2); ++ push @opcode,0x0f,0x38,$opcodelet{$1}; ++ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M ++ return ".byte\t".join(',',@opcode); ++ } ++ return $line; ++} ++ ++$code =~ s/\`([^\`]*)\`/eval($1)/gem; ++$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; ++ ++print $code; ++ ++close STDOUT; +Index: b/crypto/engine/Makefile +=================================================================== +--- a/crypto/engine/Makefile ++++ b/crypto/engine/Makefile +@@ -21,12 +21,14 @@ + eng_table.c eng_pkey.c eng_fat.c eng_all.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c \ +- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c ++ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \ ++ eng_aesni.c + LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o \ +- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o ++ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \ ++ eng_aesni.o + + SRC= $(LIBSRC) + +Index: b/crypto/engine/eng_aesni.c +=================================================================== +--- /dev/null ++++ b/crypto/engine/eng_aesni.c +@@ -0,0 +1,569 @@ ++/* ++ * Support for Intel AES-NI intruction set ++ * Author: Huang Ying ++ * ++ * Intel AES-NI is a new set of Single Instruction Multiple Data ++ * (SIMD) instructions that are going to be introduced in the next ++ * generation of Intel processor, as of 2009. These instructions ++ * enable fast and secure data encryption and decryption, using the ++ * Advanced Encryption Standard (AES), defined by FIPS Publication ++ * number 197. The architecture introduces six instructions that ++ * offer full hardware support for AES. Four of them support high ++ * performance data encryption and decryption, and the other two ++ * instructions support the AES key expansion procedure. ++ * ++ * The white paper can be downloaded from: ++ * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf ++ * ++ * This file is based on engines/e_padlock.c ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++ ++#include ++ ++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES) ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++ ++/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it ++ doesn't exist elsewhere, but it even can't be compiled on other ++ platforms! */ ++#undef COMPILE_HW_AESNI ++#if (defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) ++#define COMPILE_HW_AESNI ++static ENGINE *ENGINE_aesni (void); ++#endif ++ ++void ENGINE_load_aesni (void) ++{ ++/* On non-x86 CPUs it just returns. */ ++#ifdef COMPILE_HW_AESNI ++ ENGINE *toadd = ENGINE_aesni(); ++ if (!toadd) ++ return; ++ ENGINE_add (toadd); ++ ENGINE_free (toadd); ++ ERR_clear_error (); ++#endif ++} ++ ++#ifdef COMPILE_HW_AESNI ++int aesni_set_encrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++int aesni_set_decrypt_key(const unsigned char *userKey, int bits, ++ AES_KEY *key); ++ ++void aesni_encrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++void aesni_decrypt(const unsigned char *in, unsigned char *out, ++ const AES_KEY *key); ++ ++void aesni_ecb_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, ++ int enc); ++void aesni_cbc_encrypt(const unsigned char *in, ++ unsigned char *out, ++ size_t length, ++ const AES_KEY *key, ++ unsigned char *ivec, int enc); ++ ++/* Function for ENGINE detection and control */ ++static int aesni_init(ENGINE *e); ++ ++/* Cipher Stuff */ ++static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, ++ const int **nids, int nid); ++ ++#define AESNI_MIN_ALIGN 16 ++#define AESNI_ALIGN(x) \ ++ ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1))) ++ ++/* Engine names */ ++static const char aesni_id[] = "aesni", ++ aesni_name[] = "Intel AES-NI engine", ++ no_aesni_name[] = "Intel AES-NI engine (no-aesni)"; ++ ++ ++/* The input and output encrypted as though 128bit cfb mode is being ++ * used. The extra state information to record how much of the ++ * 128bit block we have used is contained in *num; ++ */ ++static void aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out, ++ unsigned int len, const void *key, ++ unsigned char ivec[16], int *num, ++ int enc) ++{ ++ unsigned int n; ++ size_t l = 0; ++ ++ assert(in && out && key && ivec && num); ++ ++ n = *num; ++ ++ if (enc) { ++#if !defined(OPENSSL_SMALL_FOOTPRINT) ++ if (16%sizeof(size_t) == 0) do { /* always true actually */ ++ while (n && len) { ++ *(out++) = ivec[n] ^= *(in++); ++ --len; ++ n = (n+1) % 16; ++ } ++ while (len>=16) { ++ aesni_encrypt(ivec, ivec, key); ++ for (n=0; n<16; n+=sizeof(size_t)) { ++ *(size_t*)(out+n) = ++ *(size_t*)(ivec+n) ^= *(size_t*)(in+n); ++ } ++ len -= 16; ++ out += 16; ++ in += 16; ++ } ++ n = 0; ++ if (len) { ++ aesni_encrypt(ivec, ivec, key); ++ while (len--) { ++ out[n] = ivec[n] ^= in[n]; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l=16) { ++ aesni_encrypt(ivec, ivec, key); ++ for (n=0; n<16; n+=sizeof(size_t)) { ++ size_t t = *(size_t*)(in+n); ++ *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; ++ *(size_t*)(ivec+n) = t; ++ } ++ len -= 16; ++ out += 16; ++ in += 16; ++ } ++ n = 0; ++ if (len) { ++ aesni_encrypt(ivec, ivec, key); ++ while (len--) { ++ unsigned char c; ++ out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while (0); ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l=16) { ++ aesni_encrypt(ivec, ivec, key); ++ for (n=0; n<16; n+=sizeof(size_t)) ++ *(size_t*)(out+n) = ++ *(size_t*)(in+n) ^ *(size_t*)(ivec+n); ++ len -= 16; ++ out += 16; ++ in += 16; ++ } ++ n = 0; ++ if (len) { ++ aesni_encrypt(ivec, ivec, key); ++ while (len--) { ++ out[n] = in[n] ^ ivec[n]; ++ ++n; ++ } ++ } ++ *num = n; ++ return; ++ } while(0); ++ /* the rest would be commonly eliminated by x86* compiler */ ++#endif ++ while (l 4) { ++ engage = ((IA32CAP)OPENSSL_ia32cap_P >> 57) & 1; ++ } else { ++ IA32CAP OPENSSL_ia32_cpuid(void); ++ engage = (OPENSSL_ia32_cpuid() >> 57) & 1; ++ } ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, aesni_id) || ++ !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) || ++ ++ !ENGINE_set_init_function(e, aesni_init) || ++ (engage && !ENGINE_set_ciphers (e, aesni_ciphers)) ++ ) ++ return 0; ++ ++ /* Everything looks good */ ++ return 1; ++} ++ ++/* Constructor */ ++static ENGINE * ++ENGINE_aesni(void) ++{ ++ ENGINE *eng = ENGINE_new(); ++ ++ if (!eng) { ++ return NULL; ++ } ++ ++ if (!aesni_bind_helper(eng)) { ++ ENGINE_free(eng); ++ return NULL; ++ } ++ ++ return eng; ++} ++ ++/* Check availability of the engine */ ++static int ++aesni_init(ENGINE *e) ++{ ++ return 1; ++} ++ ++#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) ++#define NID_aes_128_cfb NID_aes_128_cfb128 ++#endif ++ ++#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) ++#define NID_aes_128_ofb NID_aes_128_ofb128 ++#endif ++ ++#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) ++#define NID_aes_192_cfb NID_aes_192_cfb128 ++#endif ++ ++#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) ++#define NID_aes_192_ofb NID_aes_192_ofb128 ++#endif ++ ++#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) ++#define NID_aes_256_cfb NID_aes_256_cfb128 ++#endif ++ ++#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) ++#define NID_aes_256_ofb NID_aes_256_ofb128 ++#endif ++ ++/* List of supported ciphers. */ ++static int aesni_cipher_nids[] = { ++ NID_aes_128_ecb, ++ NID_aes_128_cbc, ++ NID_aes_128_cfb, ++ NID_aes_128_ofb, ++ ++ NID_aes_192_ecb, ++ NID_aes_192_cbc, ++ NID_aes_192_cfb, ++ NID_aes_192_ofb, ++ ++ NID_aes_256_ecb, ++ NID_aes_256_cbc, ++ NID_aes_256_cfb, ++ NID_aes_256_ofb, ++}; ++static int aesni_cipher_nids_num = ++ (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0])); ++ ++typedef struct ++{ ++ AES_KEY ks; ++ unsigned int _pad1[3]; ++} AESNI_KEY; ++ ++static int ++aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key, ++ const unsigned char *iv, int enc) ++{ ++ int ret; ++ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ ++ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ++ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE ++ || enc) ++ ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key); ++ else ++ ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key); ++ ++ if(ret < 0) { ++ EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt); ++ return 1; ++} ++static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_cbc_encrypt(in, out, inl, key, ++ ctx->iv, ctx->encrypt); ++ return 1; ++} ++static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_cfb128_encrypt(in, out, inl, key, ctx->iv, ++ &ctx->num, ctx->encrypt); ++ return 1; ++} ++static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); ++ aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num); ++ return 1; ++} ++ ++#define AES_BLOCK_SIZE 16 ++ ++#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE ++#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE ++#define EVP_CIPHER_block_size_OFB 1 ++#define EVP_CIPHER_block_size_CFB 1 ++ ++/* Declaring so many ciphers by hand would be a pain. ++ Instead introduce a bit of preprocessor magic :-) */ ++#define DECLARE_AES_EVP(ksize,lmode,umode) \ ++static const EVP_CIPHER aesni_##ksize##_##lmode = { \ ++ NID_aes_##ksize##_##lmode, \ ++ EVP_CIPHER_block_size_##umode, \ ++ ksize / 8, \ ++ AES_BLOCK_SIZE, \ ++ 0 | EVP_CIPH_##umode##_MODE, \ ++ aesni_init_key, \ ++ aesni_cipher_##lmode, \ ++ NULL, \ ++ sizeof(AESNI_KEY), \ ++ EVP_CIPHER_set_asn1_iv, \ ++ EVP_CIPHER_get_asn1_iv, \ ++ NULL, \ ++ NULL \ ++} ++ ++DECLARE_AES_EVP(128,ecb,ECB); ++DECLARE_AES_EVP(128,cbc,CBC); ++DECLARE_AES_EVP(128,cfb,CFB); ++DECLARE_AES_EVP(128,ofb,OFB); ++ ++DECLARE_AES_EVP(192,ecb,ECB); ++DECLARE_AES_EVP(192,cbc,CBC); ++DECLARE_AES_EVP(192,cfb,CFB); ++DECLARE_AES_EVP(192,ofb,OFB); ++ ++DECLARE_AES_EVP(256,ecb,ECB); ++DECLARE_AES_EVP(256,cbc,CBC); ++DECLARE_AES_EVP(256,cfb,CFB); ++DECLARE_AES_EVP(256,ofb,OFB); ++ ++static int ++aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher, ++ const int **nids, int nid) ++{ ++ /* No specific cipher => return a list of supported nids ... */ ++ if (!cipher) { ++ *nids = aesni_cipher_nids; ++ return aesni_cipher_nids_num; ++ } ++ ++ /* ... or the requested "cipher" otherwise */ ++ switch (nid) { ++ case NID_aes_128_ecb: ++ *cipher = &aesni_128_ecb; ++ break; ++ case NID_aes_128_cbc: ++ *cipher = &aesni_128_cbc; ++ break; ++ case NID_aes_128_cfb: ++ *cipher = &aesni_128_cfb; ++ break; ++ case NID_aes_128_ofb: ++ *cipher = &aesni_128_ofb; ++ break; ++ ++ case NID_aes_192_ecb: ++ *cipher = &aesni_192_ecb; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &aesni_192_cbc; ++ break; ++ case NID_aes_192_cfb: ++ *cipher = &aesni_192_cfb; ++ break; ++ case NID_aes_192_ofb: ++ *cipher = &aesni_192_ofb; ++ break; ++ ++ case NID_aes_256_ecb: ++ *cipher = &aesni_256_ecb; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &aesni_256_cbc; ++ break; ++ case NID_aes_256_cfb: ++ *cipher = &aesni_256_cfb; ++ break; ++ case NID_aes_256_ofb: ++ *cipher = &aesni_256_ofb; ++ break; ++ ++ default: ++ /* Sorry, we don't support this NID */ ++ *cipher = NULL; ++ return 0; ++ } ++ ++ return 1; ++} ++ ++#endif /* COMPILE_HW_AESNI */ ++#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */ +Index: b/crypto/engine/eng_all.c +=================================================================== +--- a/crypto/engine/eng_all.c ++++ b/crypto/engine/eng_all.c +@@ -61,6 +61,8 @@ + + void ENGINE_load_builtin_engines(void) + { ++ /* Engines may depend on CPU capabilities */ ++ OPENSSL_cpuid_setup(); + /* There's no longer any need for an "openssl" ENGINE unless, one day, + * it is the *only* way for standard builtin implementations to be be + * accessed (ie. it would be possible to statically link binaries with +@@ -71,6 +73,9 @@ + #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) + ENGINE_load_padlock(); + #endif ++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) ++ ENGINE_load_aesni(); ++#endif + ENGINE_load_dynamic(); + #ifndef OPENSSL_NO_STATIC_ENGINE + #ifndef OPENSSL_NO_HW +@@ -111,6 +116,7 @@ + ENGINE_load_capi(); + #endif + #endif ++ ENGINE_register_all_complete(); + } + + #if defined(__OpenBSD__) || defined(__FreeBSD__) +Index: b/crypto/engine/engine.h +=================================================================== +--- a/crypto/engine/engine.h ++++ b/crypto/engine/engine.h +@@ -337,6 +337,7 @@ + void ENGINE_load_ubsec(void); + #endif + void ENGINE_load_cryptodev(void); ++void ENGINE_load_aesni(void); + void ENGINE_load_padlock(void); + void ENGINE_load_builtin_engines(void); + #ifndef OPENSSL_NO_CAPIENG +Index: b/crypto/evp/evp.h +=================================================================== +--- a/crypto/evp/evp.h ++++ b/crypto/evp/evp.h +@@ -955,6 +955,7 @@ + /* Error codes for the EVP functions. */ + + /* Function codes. */ ++#define EVP_F_AESNI_INIT_KEY 163 + #define EVP_F_AES_INIT_KEY 133 + #define EVP_F_ALG_MODULE_INIT 138 + #define EVP_F_CAMELLIA_INIT_KEY 159 +Index: b/crypto/evp/evp_err.c +=================================================================== +--- a/crypto/evp/evp_err.c ++++ b/crypto/evp/evp_err.c +@@ -70,6 +70,7 @@ + + static ERR_STRING_DATA EVP_str_functs[]= + { ++{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, +Index: b/crypto/perlasm/aesni/README +=================================================================== +--- /dev/null ++++ b/crypto/perlasm/aesni/README +@@ -0,0 +1,7 @@ ++This contains a backported version of the perl routines from OpenSSL ++1.0.0. The AES-NI support on i386 requires features (like 4-argument ++support) which were not present in 0.9.8. ++ ++We don't just overwrite the versions in the parent directory, ++although we could do so, because we're trying to keep the AES-NI support ++patch as unintrusive as possible. +Index: b/crypto/perlasm/aesni/nx86asm.pl +=================================================================== +--- /dev/null ++++ b/crypto/perlasm/aesni/nx86asm.pl +@@ -0,0 +1,207 @@ ++#!/usr/local/bin/perl ++ ++# require 'x86asm.pl'; ++# &asm_init(,"des-586.pl"[,$i386only]); ++# &function_begin("foo"); ++# ... ++# &function_end("foo"); ++# &asm_finish ++ ++$out=(); ++$i386=0; ++ ++# AUTOLOAD is this context has quite unpleasant side effect, namely ++# that typos in function calls effectively go to assembler output, ++# but on the pros side we don't have to implement one subroutine per ++# each opcode... ++sub ::AUTOLOAD ++{ my $opcode = $AUTOLOAD; ++ ++ die "more than 4 arguments passed to $opcode" if ($#_>3); ++ ++ $opcode =~ s/.*:://; ++ if ($opcode =~ /^push/) { $stack+=4; } ++ elsif ($opcode =~ /^pop/) { $stack-=4; } ++ ++ &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD"; ++} ++ ++sub ::emit ++{ my $opcode=shift; ++ ++ if ($#_==-1) { push(@out,"\t$opcode\n"); } ++ else { push(@out,"\t$opcode\t".join(',',@_)."\n"); } ++} ++ ++sub ::LB ++{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'"; ++ $1."l"; ++} ++sub ::HB ++{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'"; ++ $1."h"; ++} ++sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); } ++sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num); } ++sub ::blindpop { &pop($_[0]); $stack+=4; } ++sub ::wparam { &DWP($stack+4*$_[0],"esp"); } ++sub ::swtmp { &DWP(4*$_[0],"esp"); } ++ ++sub ::bswap ++{ if ($i386) # emulate bswap for i386 ++ { &comment("bswap @_"); ++ &xchg(&HB(@_),&LB(@_)); ++ &ror (@_,16); ++ &xchg(&HB(@_),&LB(@_)); ++ } ++ else ++ { &generic("bswap",@_); } ++} ++# These are made-up opcodes introduced over the years essentially ++# by ignorance, just alias them to real ones... ++sub ::movb { &mov(@_); } ++sub ::xorb { &xor(@_); } ++sub ::rotl { &rol(@_); } ++sub ::rotr { &ror(@_); } ++sub ::exch { &xchg(@_); } ++sub ::halt { &hlt; } ++sub ::movz { &movzx(@_); } ++sub ::pushf { &pushfd; } ++sub ::popf { &popfd; } ++ ++# 3 argument instructions ++sub ::movq ++{ my($p1,$p2,$optimize)=@_; ++ ++ if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) ++ # movq between mmx registers can sink Intel CPUs ++ { &::pshufw($p1,$p2,0xe4); } ++ else ++ { &::generic("movq",@_); } ++} ++ ++# label management ++$lbdecor="L"; # local label decoration, set by package ++$label="000"; ++ ++sub ::islabel # see is argument is a known label ++{ my $i; ++ foreach $i (values %label) { return $i if ($i eq $_[0]); } ++ $label{$_[0]}; # can be undef ++} ++ ++sub ::label # instantiate a function-scope label ++{ if (!defined($label{$_[0]})) ++ { $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++; } ++ $label{$_[0]}; ++} ++ ++sub ::LABEL # instantiate a file-scope label ++{ $label{$_[0]}=$_[1] if (!defined($label{$_[0]})); ++ $label{$_[0]}; ++} ++ ++sub ::static_label { &::LABEL($_[0],$lbdecor.$_[0]); } ++ ++sub ::set_label_B { push(@out,"@_:\n"); } ++sub ::set_label ++{ my $label=&::label($_[0]); ++ &::align($_[1]) if ($_[1]>1); ++ &::set_label_B($label); ++ $label; ++} ++ ++sub ::wipe_labels # wipes function-scope labels ++{ foreach $i (keys %label) ++ { delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); } ++} ++ ++# subroutine management ++sub ::function_begin ++{ &function_begin_B(@_); ++ $stack=4; ++ &push("ebp"); ++ &push("ebx"); ++ &push("esi"); ++ &push("edi"); ++} ++ ++sub ::function_end ++{ &pop("edi"); ++ &pop("esi"); ++ &pop("ebx"); ++ &pop("ebp"); ++ &ret(); ++ &function_end_B(@_); ++ $stack=0; ++ &wipe_labels(); ++} ++ ++sub ::function_end_A ++{ &pop("edi"); ++ &pop("esi"); ++ &pop("ebx"); ++ &pop("ebp"); ++ &ret(); ++ $stack+=16; # readjust esp as if we didn't pop anything ++} ++ ++sub ::asciz ++{ my @str=unpack("C*",shift); ++ push @str,0; ++ while ($#str>15) { ++ &data_byte(@str[0..15]); ++ foreach (0..15) { shift @str; } ++ } ++ &data_byte(@str) if (@str); ++} ++ ++sub ::asm_finish ++{ &file_end(); ++ print @out; ++} ++ ++sub ::asm_init ++{ my ($type,$fn,$cpu)=@_; ++ ++ $filename=$fn; ++ $i386=$cpu; ++ ++ $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=0; ++ if (($type eq "elf")) ++ { $elf=1; require "nx86gas.pl"; } ++ elsif (($type eq "a\.out")) ++ { $aout=1; require "nx86gas.pl"; } ++ elsif (($type eq "coff" or $type eq "gaswin")) ++ { $coff=1; require "nx86gas.pl"; } ++ elsif (($type eq "win32n")) ++ { $win32=1; require "nx86nasm.pl"; } ++ elsif (($type eq "nw-nasm")) ++ { $netware=1; require "nx86nasm.pl"; } ++ #elsif (($type eq "nw-mwasm")) ++ #{ $netware=1; $mwerks=1; require "nx86nasm.pl"; } ++ elsif (($type eq "win32")) ++ { $win32=1; require "nx86masm.pl"; } ++ elsif (($type eq "macosx")) ++ { $aout=1; $macosx=1; require "nx86gas.pl"; } ++ else ++ { print STDERR <<"EOF"; ++Pick one target type from ++ elf - Linux, FreeBSD, Solaris x86, etc. ++ a.out - DJGPP, elder OpenBSD, etc. ++ coff - GAS/COFF such as Win32 targets ++ win32n - Windows 95/Windows NT NASM format ++ nw-nasm - NetWare NASM format ++ macosx - Mac OS X ++EOF ++ exit(1); ++ } ++ ++ $pic=0; ++ for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } ++ ++ $filename =~ s/\.pl$//; ++ &file($filename); ++} ++ ++1; +Index: b/crypto/perlasm/aesni/nx86gas.pl +=================================================================== +--- /dev/null ++++ b/crypto/perlasm/aesni/nx86gas.pl +@@ -0,0 +1,247 @@ ++#!/usr/local/bin/perl ++ ++package x86gas; ++ ++*out=\@::out; ++ ++$::lbdecor=$::aout?"L":".L"; # local label decoration ++$nmdecor=($::aout or $::coff)?"_":""; # external name decoration ++ ++$initseg=""; ++ ++$align=16; ++$align=log($align)/log(2) if ($::aout); ++$com_start="#" if ($::aout or $::coff); ++ ++sub opsize() ++{ my $reg=shift; ++ if ($reg =~ m/^%e/o) { "l"; } ++ elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; } ++ elsif ($reg =~ m/^%[xm]/o) { undef; } ++ else { "w"; } ++} ++ ++# swap arguments; ++# expand opcode with size suffix; ++# prefix numeric constants with $; ++sub ::generic ++{ my($opcode,@arg)=@_; ++ my($suffix,$dst,$src); ++ ++ @arg=reverse(@arg); ++ ++ for (@arg) ++ { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers ++ s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers ++ s/^(\-?[0-9]+)$/\$$1/o; # constants ++ s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants ++ } ++ ++ $dst = $arg[$#arg] if ($#arg>=0); ++ $src = $arg[$#arg-1] if ($#arg>=1); ++ if ($dst =~ m/^%/o) { $suffix=&opsize($dst); } ++ elsif ($src =~ m/^%/o) { $suffix=&opsize($src); } ++ else { $suffix="l"; } ++ undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o); ++ ++ if ($#_==0) { &::emit($opcode); } ++ elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg); } ++ elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg); } ++ elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg); } ++ else { &::emit($opcode.$suffix,@arg);} ++ ++ 1; ++} ++# ++# opcodes not covered by ::generic above, mostly inconsistent namings... ++# ++sub ::movzx { &::movzb(@_); } ++sub ::pushfd { &::pushfl; } ++sub ::popfd { &::popfl; } ++sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); } ++sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); } ++ ++sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } ++sub ::call_ptr { &::generic("call","*$_[0]"); } ++sub ::jmp_ptr { &::generic("jmp","*$_[0]"); } ++ ++*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386); ++ ++sub ::DWP ++{ my($addr,$reg1,$reg2,$idx)=@_; ++ my $ret=""; ++ ++ $addr =~ s/^\s+//; ++ # prepend global references with optional underscore ++ $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; ++ ++ $reg1 = "%$reg1" if ($reg1); ++ $reg2 = "%$reg2" if ($reg2); ++ ++ $ret .= $addr if (($addr ne "") && ($addr ne 0)); ++ ++ if ($reg2) ++ { $idx!= 0 or $idx=1; ++ $ret .= "($reg1,$reg2,$idx)"; ++ } ++ elsif ($reg1) ++ { $ret .= "($reg1)"; } ++ ++ $ret; ++} ++sub ::QWP { &::DWP(@_); } ++sub ::BP { &::DWP(@_); } ++sub ::BC { @_; } ++sub ::DWC { @_; } ++ ++sub ::file ++{ push(@out,".file\t\"$_[0].s\"\n.text\n"); } ++ ++sub ::function_begin_B ++{ my $func=shift; ++ my $global=($func !~ /^_/); ++ my $begin="${::lbdecor}_${func}_begin"; ++ ++ &::LABEL($func,$global?"$begin":"$nmdecor$func"); ++ $func=$nmdecor.$func; ++ ++ push(@out,".globl\t$func\n") if ($global); ++ if ($::coff) ++ { push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); } ++ elsif (($::aout and !$::pic) or $::macosx) ++ { } ++ else ++ { push(@out,".type $func,\@function\n"); } ++ push(@out,".align\t$align\n"); ++ push(@out,"$func:\n"); ++ push(@out,"$begin:\n") if ($global); ++ $::stack=4; ++} ++ ++sub ::function_end_B ++{ my $func=shift; ++ push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf); ++ $::stack=0; ++ &::wipe_labels(); ++} ++ ++sub ::comment ++ { ++ if (!defined($com_start) or $::elf) ++ { # Regarding $::elf above... ++ # GNU and SVR4 as'es use different comment delimiters, ++ push(@out,"\n"); # so we just skip ELF comments... ++ return; ++ } ++ foreach (@_) ++ { ++ if (/^\s*$/) ++ { push(@out,"\n"); } ++ else ++ { push(@out,"\t$com_start $_ $com_end\n"); } ++ } ++ } ++ ++sub ::external_label ++{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } } ++ ++sub ::public_label ++{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } ++ ++sub ::file_end ++{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { ++ my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4"; ++ if ($::elf) { push (@out,"$tmp,4\n"); } ++ else { push (@out,"$tmp\n"); } ++ } ++ if ($::macosx) ++ { if (%non_lazy_ptr) ++ { push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n"); ++ foreach $i (keys %non_lazy_ptr) ++ { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } ++ } ++ } ++ push(@out,$initseg) if ($initseg); ++} ++ ++sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } ++sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); } ++ ++sub ::align ++{ my $val=$_[0],$p2,$i; ++ if ($::aout) ++ { for ($p2=0;$val!=0;$val>>=1) { $p2++; } ++ $val=$p2-1; ++ $val.=",0x90"; ++ } ++ push(@out,".align\t$val\n"); ++} ++ ++sub ::picmeup ++{ my($dst,$sym,$base,$reflabel)=@_; ++ ++ if ($::pic && ($::elf || $::aout)) ++ { if (!defined($base)) ++ { &::call(&::label("PIC_me_up")); ++ &::set_label("PIC_me_up"); ++ &::blindpop($dst); ++ $base=$dst; ++ $reflabel=&::label("PIC_me_up"); ++ } ++ if ($::macosx) ++ { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr"); ++ &::mov($dst,&::DWP("$indirect-$reflabel",$base)); ++ $non_lazy_ptr{"$nmdecor$sym"}=$indirect; ++ } ++ else ++ { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", ++ $base)); ++ &::mov($dst,&::DWP("$sym\@GOT",$dst)); ++ } ++ } ++ else ++ { &::lea($dst,&::DWP($sym)); } ++} ++ ++sub ::initseg ++{ my $f=$nmdecor.shift; ++ ++ if ($::elf) ++ { $initseg.=<<___; ++.section .init ++ call $f ++ jmp .Linitalign ++.align $align ++.Linitalign: ++___ ++ } ++ elsif ($::coff) ++ { $initseg.=<<___; # applies to both Cygwin and Mingw ++.section .ctors ++.long $f ++___ ++ } ++ elsif ($::macosx) ++ { $initseg.=<<___; ++.mod_init_func ++.align 2 ++.long $f ++___ ++ } ++ elsif ($::aout) ++ { my $ctor="${nmdecor}_GLOBAL_\$I\$$f"; ++ $initseg.=".text\n"; ++ $initseg.=".type $ctor,\@function\n" if ($::pic); ++ $initseg.=<<___; # OpenBSD way... ++.globl $ctor ++.align 2 ++$ctor: ++ jmp $f ++___ ++ } ++} ++ ++sub ::dataseg ++{ push(@out,".data\n"); } ++ ++1; +Index: b/crypto/perlasm/aesni/nx86masm.pl +=================================================================== +--- /dev/null ++++ b/crypto/perlasm/aesni/nx86masm.pl +@@ -0,0 +1,184 @@ ++#!/usr/local/bin/perl ++ ++package x86masm; ++ ++*out=\@::out; ++ ++$::lbdecor="\$L"; # local label decoration ++$nmdecor="_"; # external name decoration ++ ++$initseg=""; ++$segment=""; ++ ++sub ::generic ++{ my ($opcode,@arg)=@_; ++ ++ # fix hexadecimal constants ++ for (@arg) { s/0x([0-9a-f]+)/0$1h/oi; } ++ ++ if ($opcode !~ /movq/) ++ { # fix xmm references ++ $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); ++ $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); ++ } ++ ++ &::emit($opcode,@arg); ++ 1; ++} ++# ++# opcodes not covered by ::generic above, mostly inconsistent namings... ++# ++sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } ++sub ::call_ptr { &::emit("call",@_); } ++sub ::jmp_ptr { &::emit("jmp",@_); } ++ ++sub get_mem ++{ my($size,$addr,$reg1,$reg2,$idx)=@_; ++ my($post,$ret); ++ ++ $ret .= "$size PTR " if ($size ne ""); ++ ++ $addr =~ s/^\s+//; ++ # prepend global references with optional underscore ++ $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; ++ # put address arithmetic expression in parenthesis ++ $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); ++ ++ if (($addr ne "") && ($addr ne 0)) ++ { if ($addr !~ /^-/) { $ret .= "$addr"; } ++ else { $post=$addr; } ++ } ++ $ret .= "["; ++ ++ if ($reg2 ne "") ++ { $idx!=0 or $idx=1; ++ $ret .= "$reg2*$idx"; ++ $ret .= "+$reg1" if ($reg1 ne ""); ++ } ++ else ++ { $ret .= "$reg1"; } ++ ++ $ret .= "$post]"; ++ $ret =~ s/\+\]/]/; # in case $addr was the only argument ++ $ret =~ s/\[\s*\]//; ++ ++ $ret; ++} ++sub ::BP { &get_mem("BYTE",@_); } ++sub ::DWP { &get_mem("DWORD",@_); } ++sub ::QWP { &get_mem("QWORD",@_); } ++sub ::BC { "@_"; } ++sub ::DWC { "@_"; } ++ ++sub ::file ++{ my $tmp=<<___; ++TITLE $_[0].asm ++IF \@Version LT 800 ++ECHO MASM version 8.00 or later is strongly recommended. ++ENDIF ++.486 ++.MODEL FLAT ++OPTION DOTNAME ++IF \@Version LT 800 ++.text\$ SEGMENT PAGE 'CODE' ++ELSE ++.text\$ SEGMENT ALIGN(64) 'CODE' ++ENDIF ++___ ++ push(@out,$tmp); ++ $segment = ".text\$"; ++} ++ ++sub ::function_begin_B ++{ my $func=shift; ++ my $global=($func !~ /^_/); ++ my $begin="${::lbdecor}_${func}_begin"; ++ ++ &::LABEL($func,$global?"$begin":"$nmdecor$func"); ++ $func="ALIGN\t16\n".$nmdecor.$func."\tPROC"; ++ ++ if ($global) { $func.=" PUBLIC\n${begin}::\n"; } ++ else { $func.=" PRIVATE\n"; } ++ push(@out,$func); ++ $::stack=4; ++} ++sub ::function_end_B ++{ my $func=shift; ++ ++ push(@out,"$nmdecor$func ENDP\n"); ++ $::stack=0; ++ &::wipe_labels(); ++} ++ ++sub ::file_end ++{ my $xmmheader=<<___; ++.686 ++.XMM ++IF \@Version LT 800 ++XMMWORD STRUCT 16 ++DQ 2 dup (?) ++XMMWORD ENDS ++ENDIF ++___ ++ if (grep {/\b[x]?mm[0-7]\b/i} @out) { ++ grep {s/\.[3-7]86/$xmmheader/} @out; ++ } ++ ++ push(@out,"$segment ENDS\n"); ++ ++ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) ++ { my $comm=<<___; ++.bss SEGMENT ++COMM ${nmdecor}OPENSSL_ia32cap_P:DWORD ++.bss ENDS ++___ ++ # comment out OPENSSL_ia32cap_P declarations ++ grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; ++ push (@out,$comm); ++ } ++ push (@out,$initseg) if ($initseg); ++ push (@out,"END\n"); ++} ++ ++sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } ++ ++*::set_label_B = sub ++{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); }; ++ ++sub ::external_label ++{ foreach(@_) ++ { push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n"); } ++} ++ ++sub ::public_label ++{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } ++ ++sub ::data_byte ++{ push(@out,("DB\t").join(',',@_)."\n"); } ++ ++sub ::data_word ++{ push(@out,("DD\t").join(',',@_)."\n"); } ++ ++sub ::align ++{ push(@out,"ALIGN\t$_[0]\n"); } ++ ++sub ::picmeup ++{ my($dst,$sym)=@_; ++ &::lea($dst,&::DWP($sym)); ++} ++ ++sub ::initseg ++{ my $f=$nmdecor.shift; ++ ++ $initseg.=<<___; ++.CRT\$XCU SEGMENT DWORD PUBLIC 'DATA' ++EXTERN $f:NEAR ++DD $f ++.CRT\$XCU ENDS ++___ ++} ++ ++sub ::dataseg ++{ push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA"; } ++ ++1; +Index: b/crypto/perlasm/aesni/nx86nasm.pl +=================================================================== +--- /dev/null ++++ b/crypto/perlasm/aesni/nx86nasm.pl +@@ -0,0 +1,166 @@ ++#!/usr/local/bin/perl ++ ++package x86nasm; ++ ++*out=\@::out; ++ ++$::lbdecor="L\$"; # local label decoration ++$nmdecor=$::netware?"":"_"; # external name decoration ++$drdecor=$::mwerks?".":""; # directive decoration ++ ++$initseg=""; ++ ++sub ::generic ++{ my $opcode=shift; ++ my $tmp; ++ ++ if (!$::mwerks) ++ { if ($opcode =~ m/^j/o && $#_==0) # optimize jumps ++ { $_[0] = "NEAR $_[0]"; } ++ elsif ($opcode eq "lea" && $#_==1) # wipe storage qualifier from lea ++ { $_[1] =~ s/^[^\[]*\[/\[/o; } ++ } ++ &::emit($opcode,@_); ++ 1; ++} ++# ++# opcodes not covered by ::generic above, mostly inconsistent namings... ++# ++sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } ++sub ::call_ptr { &::emit("call",@_); } ++sub ::jmp_ptr { &::emit("jmp",@_); } ++ ++sub get_mem ++{ my($size,$addr,$reg1,$reg2,$idx)=@_; ++ my($post,$ret); ++ ++ if ($size ne "") ++ { $ret .= "$size"; ++ $ret .= " PTR" if ($::mwerks); ++ $ret .= " "; ++ } ++ $ret .= "["; ++ ++ $addr =~ s/^\s+//; ++ # prepend global references with optional underscore ++ $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige; ++ # put address arithmetic expression in parenthesis ++ $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); ++ ++ if (($addr ne "") && ($addr ne 0)) ++ { if ($addr !~ /^-/) { $ret .= "$addr+"; } ++ else { $post=$addr; } ++ } ++ ++ if ($reg2 ne "") ++ { $idx!=0 or $idx=1; ++ $ret .= "$reg2*$idx"; ++ $ret .= "+$reg1" if ($reg1 ne ""); ++ } ++ else ++ { $ret .= "$reg1"; } ++ ++ $ret .= "$post]"; ++ $ret =~ s/\+\]/]/; # in case $addr was the only argument ++ ++ $ret; ++} ++sub ::BP { &get_mem("BYTE",@_); } ++sub ::DWP { &get_mem("DWORD",@_); } ++sub ::QWP { &get_mem("",@_); } ++sub ::BC { (($::mwerks)?"":"BYTE ")."@_"; } ++sub ::DWC { (($::mwerks)?"":"DWORD ")."@_"; } ++ ++sub ::file ++{ if ($::mwerks) { push(@out,".section\t.text,64\n"); } ++ else ++ { my $tmp=<<___; ++%ifidn __OUTPUT_FORMAT__,obj ++section code use32 class=code align=64 ++%elifidn __OUTPUT_FORMAT__,win32 ++\$\@feat.00 equ 1 ++section .text code align=64 ++%else ++section .text code ++%endif ++___ ++ push(@out,$tmp); ++ } ++} ++ ++sub ::function_begin_B ++{ my $func=shift; ++ my $global=($func !~ /^_/); ++ my $begin="${::lbdecor}_${func}_begin"; ++ ++ $begin =~ s/^\@/./ if ($::mwerks); # the torture never stops ++ ++ &::LABEL($func,$global?"$begin":"$nmdecor$func"); ++ $func=$nmdecor.$func; ++ ++ push(@out,"${drdecor}global $func\n") if ($global); ++ push(@out,"${drdecor}align 16\n"); ++ push(@out,"$func:\n"); ++ push(@out,"$begin:\n") if ($global); ++ $::stack=4; ++} ++ ++sub ::function_end_B ++{ $::stack=0; ++ &::wipe_labels(); ++} ++ ++sub ::file_end ++{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) ++ { my $comm=<<___; ++${drdecor}segment .bss ++${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 4 ++___ ++ # comment out OPENSSL_ia32cap_P declarations ++ grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; ++ push (@out,$comm) ++ } ++ push (@out,$initseg) if ($initseg); ++} ++ ++sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } ++ ++sub ::external_label ++{ foreach(@_) ++ { push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n"); } ++} ++ ++sub ::public_label ++{ push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } ++ ++sub ::data_byte ++{ push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n"); } ++ ++sub ::data_word ++{ push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n"); } ++ ++sub ::align ++{ push(@out,"${drdecor}align\t$_[0]\n"); } ++ ++sub ::picmeup ++{ my($dst,$sym)=@_; ++ &::lea($dst,&::DWP($sym)); ++} ++ ++sub ::initseg ++{ my $f=$nmdecor.shift; ++ if ($::win32) ++ { $initseg=<<___; ++segment .CRT\$XCU data align=4 ++extern $f ++dd $f ++___ ++ } ++} ++ ++sub ::dataseg ++{ if ($mwerks) { push(@out,".section\t.data,4\n"); } ++ else { push(@out,"section\t.data align=4\n"); } ++} ++ ++1; +Index: b/ms/do_fips.bat +=================================================================== +--- a/ms/do_fips.bat ++++ b/ms/do_fips.bat +@@ -42,6 +42,8 @@ + cd crypto\aes\asm + perl aes-586.pl win32n %ASMOPTS% > a_win32.asm + if ERRORLEVEL 1 goto error ++perl aesni-x86.pl win32n %ASMOPTS% > an_win32.asm ++if ERRORLEVEL 1 goto error + cd ..\..\.. + + echo DES +@@ -144,6 +146,8 @@ + cd crypto\aes\asm + perl aes-x86_64.pl aes-x86_64.asm + if ERRORLEVEL 1 goto error ++perl aesni-x86_64.pl aesni-x86_64.asm ++if ERRORLEVEL 1 goto error + cd ..\..\.. + + echo SHA +Index: b/ms/do_masm.bat +=================================================================== +--- a/ms/do_masm.bat ++++ b/ms/do_masm.bat +@@ -11,6 +11,7 @@ + @echo AES + @cd crypto\aes\asm + @perl aes-586.pl win32 %ASMOPTS% > a_win32.asm ++@perl aesni-x86.pl win32 %ASMOPTS% > an_win32.asm + @cd ..\..\.. + + @echo DES +Index: b/ms/do_nasm.bat +=================================================================== +--- a/ms/do_nasm.bat ++++ b/ms/do_nasm.bat +@@ -14,6 +14,7 @@ + echo AES + cd crypto\aes\asm + perl aes-586.pl win32n %ASMOPTS% > a_win32.asm ++perl aesni-x86.pl win32n %ASMOPTS% > an_win32.asm + cd ..\..\.. + + echo DES +Index: b/test/test_aesni +=================================================================== +--- /dev/null ++++ b/test/test_aesni +@@ -0,0 +1,69 @@ ++#!/bin/sh ++ ++PROG=$1 ++ ++if [ -x $PROG ]; then ++ if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then ++ : ++ else ++ echo "$PROG is not OpenSSL executable" ++ exit 1 ++ fi ++else ++ echo "$PROG is not executable" ++ exit 1; ++fi ++ ++if $PROG engine aesni | grep -v no-aesni; then ++ ++ HASH=`cat $PROG | $PROG dgst -hex` ++ ++ AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ ++ aes-128-cbc aes-192-cbc aes-256-cbc \ ++ aes-128-cfb aes-192-cfb aes-256-cfb \ ++ aes-128-ofb aes-192-ofb aes-256-ofb" ++ BUFSIZE="16 32 48 64 80 96 128 144 999" ++ ++ nerr=0 ++ ++ for alg in $AES_ALGS; do ++ echo $alg ++ for bufsize in $BUFSIZE; do ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ ++ $PROG enc -d -k "$HASH" -$alg | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg/$bufsize encrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ for bufsize in $BUFSIZE; do ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg | \ ++ $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg/$bufsize decrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ TEST=`( cat $PROG | \ ++ $PROG enc -e -k "$HASH" -$alg -engine aesni | \ ++ $PROG enc -d -k "$HASH" -$alg -engine aesni | \ ++ $PROG dgst -hex ) 2>/dev/null` ++ if [ "$TEST" != "$HASH" ]; then ++ echo "-$alg en/decrypt test failed" ++ nerr=`expr $nerr + 1` ++ fi ++ done ++ ++ if [ $nerr -gt 0 ]; then ++ echo "AESNI engine test failed." ++ exit 1; ++ fi ++else ++ echo "AESNI engine is not available" ++fi ++ ++exit 0 +Index: b/util/libeay.num +=================================================================== +--- a/util/libeay.num ++++ b/util/libeay.num +@@ -3725,3 +3725,4 @@ + JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE + ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE + JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE ++ENGINE_load_aesni 4117 EXIST::FUNCTION:ENGINE +Index: b/util/mk1mf.pl +=================================================================== +--- a/util/mk1mf.pl ++++ b/util/mk1mf.pl +@@ -544,6 +544,8 @@ + + AES_ASM_OBJ=$aes_asm_obj + AES_ASM_SRC=$aes_asm_src ++AESNI_ASM_OBJ=$aesni_asm_obj ++AESNI_ASM_SRC=$aesni_asm_src + BN_ASM_OBJ=$bn_asm_obj + BN_ASM_SRC=$bn_asm_src + BNCO_ASM_OBJ=$bnco_asm_obj +@@ -805,6 +807,12 @@ + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } ++ if ($aesni_asm_obj ne "") ++ { ++ $lib_obj .= "\$(AESNI_ASM_OBJ) "; ++ #$lib_obj =~ s/\$\(AES_ASM_OBJ\)/\$(AES_ASM_OBJ) \$(AESNI_ASM_OBJ)/; ++ $rules.=&do_asm_rule($aesni_asm_obj,$aesni_asm_src); ++ } + if ($sha1_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; +@@ -1134,6 +1142,7 @@ + elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } + elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } + elsif ($_ =~ /AES_ASM/){ $t="$_ "; } ++ elsif ($_ =~ /AESNI_ASM/){ $t="$_ "; } + elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } + elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; } + else { $t="$location${o}$_$pf "; } +Index: b/util/pl/VC-32.pl +=================================================================== +--- a/util/pl/VC-32.pl ++++ b/util/pl/VC-32.pl +@@ -190,6 +190,7 @@ + } + + $aes_asm_obj=''; ++$aesni_asm_obj=''; + $bn_asm_obj=''; + $bn_asm_src=''; + $des_enc_obj=''; +@@ -203,6 +204,8 @@ + { + $aes_asm_obj='crypto\aes\asm\a_win32.obj'; + $aes_asm_src='crypto\aes\asm\a_win32.asm'; ++ $aesni_asm_obj='crypto\aes\asm\an_win32.obj'; ++ $aesni_asm_src='crypto\aes\asm\an_win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; + $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; +@@ -231,6 +234,8 @@ + { + $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; + $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; ++ $aesni_asm_obj='$(OBJ_D)\aesni-x86_64.obj'; ++ $aesni_asm_src='crypto\aes\asm\aesni-x86_64.asm'; + $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; + $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; + $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; --- openssl-0.9.8k.orig/debian/patches/version-script.patch +++ openssl-0.9.8k/debian/patches/version-script.patch @@ -0,0 +1,33 @@ +Index: openssl-0.9.8k/Configure +=================================================================== +--- openssl-0.9.8k.orig/Configure 2009-07-19 11:36:28.000000000 +0200 ++++ openssl-0.9.8k/Configure 2009-07-19 11:36:28.000000000 +0200 +@@ -1479,6 +1479,8 @@ + $shlib_minor=$2; + } + ++$shared_ldflag .= " -Wl,--version-script=openssl.ld"; ++ + open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; +Index: openssl-0.9.8k/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-0.9.8k/openssl.ld 2009-07-19 11:36:28.000000000 +0200 +@@ -0,0 +1,5 @@ ++OPENSSL_0.9.8 { ++ global: ++ *; ++}; ++ +Index: openssl-0.9.8k/engines/openssl.ld +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-0.9.8k/engines/openssl.ld 2009-07-19 11:36:28.000000000 +0200 +@@ -0,0 +1,5 @@ ++OPENSSL_0.9.8 { ++ global: ++ *; ++}; ++ --- openssl-0.9.8k.orig/debian/patches/CVE-2012-0884.patch +++ openssl-0.9.8k/debian/patches/CVE-2012-0884.patch @@ -0,0 +1,402 @@ +Origin: http://cvs.openssl.org/chngview?cn=22238 +Subject: If RSA decryption fails use a random key and continue with + symmetric decryption process to avoid leaking timing information + to an attacker. + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness + in CMS and PKCS7 code. When RSA decryption fails use a random key for + content decryption and always return the same error. Note: this attack + needs on average 2^20 messages so it only affects automated senders. The + old behaviour can be reenabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where + an MMA defence is not necessary. + Thanks to Ivan Nestlerode for discovering + this issue. (CVE-2012-0884) + [Steve Henson] + +(Ubuntu note: also includes http://cvs.openssl.org/chngview?cn=22564 + to fix compilation warning -- sbeattie) + +--- + apps/cms.c | 4 ++ + crypto/cms/cms.h | 1 + crypto/cms/cms_enc.c | 60 ++++++++++++++++++++++++++++++--------- + crypto/cms/cms_env.c | 12 ++++++- + crypto/cms/cms_lcl.h | 2 + + crypto/cms/cms_smime.c | 37 +++++++++++++++++++++--- + crypto/pkcs7/pk7_doit.c | 73 ++++++++++++++++++++++++++++++++++-------------- + 7 files changed, 149 insertions(+), 40 deletions(-) + +Index: b/apps/cms.c +=================================================================== +--- a/apps/cms.c ++++ b/apps/cms.c +@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv) + else if (!strcmp(*args,"-camellia256")) + cipher = EVP_camellia_256_cbc(); + #endif ++ else if (!strcmp (*args, "-debug_decrypt")) ++ flags |= CMS_DEBUG_DECRYPT; + else if (!strcmp (*args, "-text")) + flags |= CMS_TEXT; + else if (!strcmp (*args, "-nointern")) +@@ -1013,6 +1015,8 @@ int MAIN(int argc, char **argv) + ret = 4; + if (operation == SMIME_DECRYPT) + { ++ if (flags & CMS_DEBUG_DECRYPT) ++ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); + + if (secret_key) + { +Index: b/crypto/cms/cms.h +=================================================================== +--- a/crypto/cms/cms.h ++++ b/crypto/cms/cms.h +@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_Receipt + #define CMS_PARTIAL 0x4000 + #define CMS_REUSE_DIGEST 0x8000 + #define CMS_USE_KEYID 0x10000 ++#define CMS_DEBUG_DECRYPT 0x20000 + + const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + +Index: b/crypto/cms/cms_enc.c +=================================================================== +--- a/crypto/cms/cms_enc.c ++++ b/crypto/cms/cms_enc.c +@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + const EVP_CIPHER *ciph; + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; ++ unsigned char *tkey = NULL; ++ size_t tkeylen = 0; + + int ok = 0; + +@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + goto err; + } +- +- +- if (enc && !ec->key) ++ /* Generate random session key */ ++ if (!enc || !ec->key) + { +- /* Generate random key */ +- if (!ec->keylen) +- ec->keylen = EVP_CIPHER_CTX_key_length(ctx); +- ec->key = OPENSSL_malloc(ec->keylen); +- if (!ec->key) ++ tkeylen = EVP_CIPHER_CTX_key_length(ctx); ++ tkey = OPENSSL_malloc(tkeylen); ++ if (!tkey) + { + CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, + ERR_R_MALLOC_FAILURE); + goto err; + } +- if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0) ++ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) + goto err; +- keep_key = 1; + } +- else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx)) ++ ++ if (!ec->key) ++ { ++ ec->key = tkey; ++ ec->keylen = tkeylen; ++ tkey = NULL; ++ if (enc) ++ keep_key = 1; ++ else ++ ERR_clear_error(); ++ ++ } ++ ++ if (ec->keylen != tkeylen) + { + /* If necessary set key length */ + if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) + { +- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, +- CMS_R_INVALID_KEY_LENGTH); +- goto err; ++ /* Only reveal failure if debugging so we don't ++ * leak information which may be useful in MMA. ++ */ ++ if (ec->debug) ++ { ++ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ++ CMS_R_INVALID_KEY_LENGTH); ++ goto err; ++ } ++ else ++ { ++ /* Use random key */ ++ OPENSSL_cleanse(ec->key, ec->keylen); ++ OPENSSL_free(ec->key); ++ ec->key = tkey; ++ ec->keylen = tkeylen; ++ tkey = NULL; ++ ERR_clear_error(); ++ } + } + } + +@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_E + OPENSSL_free(ec->key); + ec->key = NULL; + } ++ if (tkey) ++ { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } + if (ok) + return b; + BIO_free(b); +Index: b/crypto/cms/cms_env.c +=================================================================== +--- a/crypto/cms/cms_env.c ++++ b/crypto/cms/cms_env.c +@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decryp + unsigned char *ek = NULL; + int eklen; + int ret = 0; ++ CMS_EncryptedContentInfo *ec; ++ ec = cms->d.envelopedData->encryptedContentInfo; + + if (ktri->pkey == NULL) + { +@@ -382,8 +384,14 @@ static int cms_RecipientInfo_ktri_decryp + + ret = 1; + +- cms->d.envelopedData->encryptedContentInfo->key = ek; +- cms->d.envelopedData->encryptedContentInfo->keylen = eklen; ++ if (ec->key) ++ { ++ OPENSSL_cleanse(ec->key, ec->keylen); ++ OPENSSL_free(ec->key); ++ } ++ ++ ec->key = ek; ++ ec->keylen = eklen; + + err: + if (!ret && ek) +Index: b/crypto/cms/cms_lcl.h +=================================================================== +--- a/crypto/cms/cms_lcl.h ++++ b/crypto/cms/cms_lcl.h +@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st + const EVP_CIPHER *cipher; + unsigned char *key; + size_t keylen; ++ /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ ++ int debug; + }; + + struct CMS_RecipientInfo_st +Index: b/crypto/cms/cms_smime.c +=================================================================== +--- a/crypto/cms/cms_smime.c ++++ b/crypto/cms/cms_smime.c +@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf + STACK_OF(CMS_RecipientInfo) *ris; + CMS_RecipientInfo *ri; + int i, r; ++ int debug = 0; + ris = CMS_get0_RecipientInfos(cms); ++ if (ris) ++ debug = cms->d.envelopedData->encryptedContentInfo->debug; + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) + { + ri = sk_CMS_RecipientInfo_value(ris, i); +@@ -636,17 +639,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInf + CMS_RecipientInfo_set0_pkey(ri, pk); + r = CMS_RecipientInfo_decrypt(cms, ri); + CMS_RecipientInfo_set0_pkey(ri, NULL); +- if (r > 0) +- return 1; + if (cert) + { ++ /* If not debugging clear any error and ++ * return success to avoid leaking of ++ * information useful to MMA ++ */ ++ if (!debug) ++ { ++ ERR_clear_error(); ++ return 1; ++ } ++ if (r > 0) ++ return 1; + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, + CMS_R_DECRYPT_ERROR); + return 0; + } +- ERR_clear_error(); ++ /* If no cert and not debugging don't leave loop ++ * after first successful decrypt. Always attempt ++ * to decrypt all recipients to avoid leaking timing ++ * of a successful decrypt. ++ */ ++ else if (r > 0 && debug) ++ return 1; + } + } ++ /* If no cert and not debugging always return success */ ++ if (!cert && !debug) ++ { ++ ERR_clear_error(); ++ return 1; ++ } + + CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); + return 0; +@@ -705,9 +729,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EV + } + if (!dcont && !check_content(cms)) + return 0; ++ if (flags & CMS_DEBUG_DECRYPT) ++ cms->d.envelopedData->encryptedContentInfo->debug = 1; ++ else ++ cms->d.envelopedData->encryptedContentInfo->debug = 0; ++ if (!pk && !cert && !dcont && !out) ++ return 1; + if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) + return 0; +- + cont = CMS_dataInit(cms, dcont); + if (!cont) + return 0; +Index: b/crypto/pkcs7/pk7_doit.c +=================================================================== +--- a/crypto/pkcs7/pk7_doit.c ++++ b/crypto/pkcs7/pk7_doit.c +@@ -423,6 +423,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + int max; + X509_OBJECT ret; + #endif ++ unsigned char *tkey = NULL; ++ int tkeylen; + int jj; + + if ((etmp=BIO_new(BIO_f_cipher())) == NULL) +@@ -464,36 +466,42 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + + if (pcert == NULL) + { ++ /* Temporary storage in case EVP_PKEY_decrypt ++ * overwrites output buffer on error. ++ */ ++ unsigned char *tmp2; ++ tmp2 = OPENSSL_malloc(jj); ++ if (!tmp2) ++ goto err; ++ jj = -1; ++ /* Always attempt to decrypt all cases to avoid ++ * leaking timing information about a successful ++ * decrypt. ++ */ + for (i=0; ienc_key), + M_ASN1_STRING_length(ri->enc_key), + pkey); +- if (jj > 0) +- break; ++ if (tret > 0) ++ { ++ memcpy(tmp, tmp2, tret); ++ OPENSSL_cleanse(tmp2, tret); ++ jj = tret; ++ } + ERR_clear_error(); +- ri = NULL; +- } +- if (ri == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, +- PKCS7_R_NO_RECIPIENT_MATCHES_KEY); +- goto err; + } ++ OPENSSL_free(tmp2); + } + else + { + jj=EVP_PKEY_decrypt(tmp, + M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), pkey); +- if (jj <= 0) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, +- ERR_R_EVP_LIB); +- goto err; +- } ++ ERR_clear_error(); + } + + evp_ctx=NULL; +@@ -502,24 +510,49 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE + goto err; + if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) + goto err; ++ /* Generate random key to counter MMA */ ++ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); ++ tkey = OPENSSL_malloc(tkeylen); ++ if (!tkey) ++ goto err; ++ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) ++ goto err; ++ /* If we have no key use random key */ ++ if (jj <= 0) ++ { ++ OPENSSL_free(tmp); ++ jj = tkeylen; ++ tmp = tkey; ++ tkey = NULL; ++ } + +- if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { ++ if (jj != tkeylen) { + /* Some S/MIME clients don't use the same key + * and effective key length. The key length is + * determined by the size of the decrypted RSA key. + */ + if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) + { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE, +- PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); +- goto err; ++ /* As MMA defence use random key instead */ ++ OPENSSL_cleanse(tmp, jj); ++ OPENSSL_free(tmp); ++ jj = tkeylen; ++ tmp = tkey; ++ tkey = NULL; + } + } ++ ERR_clear_error(); + if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) + goto err; + + OPENSSL_cleanse(tmp,jj); + ++ if (tkey) ++ { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } ++ + if (out == NULL) + out=etmp; + else --- openssl-0.9.8k.orig/debian/patches/pic.patch +++ openssl-0.9.8k/debian/patches/pic.patch @@ -0,0 +1,330 @@ +Index: openssl-0.9.8k/crypto/Makefile +=================================================================== +--- openssl-0.9.8k.orig/crypto/Makefile 2008-09-17 19:10:55.000000000 +0200 ++++ openssl-0.9.8k/crypto/Makefile 2009-07-19 11:36:00.000000000 +0200 +@@ -57,7 +57,7 @@ + echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ + echo '#endif' ) >buildinf.h + +-x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl ++x86cpuid-elf.S: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@ + x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@ +@@ -70,7 +70,7 @@ + uplink-cof.s: ../ms/uplink.pl + $(PERL) ../ms/uplink.pl coff > $@ + +-x86_64cpuid.s: x86_64cpuid.pl ++x86_64cpuid.S: x86_64cpuid.pl + $(PERL) x86_64cpuid.pl $@ + ia64cpuid.s: ia64cpuid.S + $(CC) $(CFLAGS) -E ia64cpuid.S > $@ +Index: openssl-0.9.8k/crypto/x86_64cpuid.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/x86_64cpuid.pl 2007-11-11 17:25:00.000000000 +0100 ++++ openssl-0.9.8k/crypto/x86_64cpuid.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -95,7 +95,11 @@ + .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + + .section .init ++#ifdef OPENSSL_PIC ++ call OPENSSL_cpuid_setup\@PLT ++#else + call OPENSSL_cpuid_setup ++#endif + + ___ + +Index: openssl-0.9.8k/crypto/md5/Makefile +=================================================================== +--- openssl-0.9.8k.orig/crypto/md5/Makefile 2008-09-17 19:11:02.000000000 +0200 ++++ openssl-0.9.8k/crypto/md5/Makefile 2009-07-19 11:36:00.000000000 +0200 +@@ -52,7 +52,8 @@ + mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) + +-md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ ++md5-x86_64.s: asm/md5-x86_64.pl ++ $(PERL) asm/md5-x86_64.pl $@ + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +Index: openssl-0.9.8k/crypto/des/asm/desboth.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 ++++ openssl-0.9.8k/crypto/des/asm/desboth.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -16,6 +16,11 @@ + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +Index: openssl-0.9.8k/crypto/rc4/Makefile +=================================================================== +--- openssl-0.9.8k.orig/crypto/rc4/Makefile 2008-11-19 17:03:50.000000000 +0100 ++++ openssl-0.9.8k/crypto/rc4/Makefile 2009-07-19 11:36:00.000000000 +0200 +@@ -51,7 +51,7 @@ + rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) + +-rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ ++rc4-x86_64.S: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ + + rc4-ia64.s: asm/rc4-ia64.S + @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ +Index: openssl-0.9.8k/crypto/rc4/asm/rc4-x86_64.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/rc4/asm/rc4-x86_64.pl 2008-09-16 12:47:27.000000000 +0200 ++++ openssl-0.9.8k/crypto/rc4/asm/rc4-x86_64.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -270,7 +270,11 @@ + xor %r10,%r10 + xor %r11,%r11 + ++#ifdef OPENSSL_PIC ++ mov OPENSSL_ia32cap_P\@GOTPCREL(%rip),$idx#d ++#else + mov OPENSSL_ia32cap_P(%rip),$idx#d ++#endif + bt \$20,$idx#d + jnc .Lw1stloop + bt \$30,$idx#d +@@ -338,7 +342,11 @@ + RC4_options: + .picmeup %rax + lea .Lopts-.(%rax),%rax ++#ifdef OPENSSL_PIC ++ mov OPENSSL_ia32cap_P\@GOTPCREL(%rip),%edx ++#else + mov OPENSSL_ia32cap_P(%rip),%edx ++#endif + bt \$20,%edx + jnc .Ldone + add \$12,%rax +Index: openssl-0.9.8k/crypto/perlasm/x86unix.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/perlasm/x86unix.pl 2008-05-02 01:11:32.000000000 +0200 ++++ openssl-0.9.8k/crypto/perlasm/x86unix.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -400,6 +400,29 @@ + $stack=4; + } + ++sub main'function_begin_B_static ++ { ++ local($func,$extra)=@_; ++ ++ &main'external_label($func); ++ $func=$under.$func; ++ ++ local($tmp)=<<"EOF"; ++.text ++EOF ++ push(@out,$tmp); ++ if ($main'cpp) ++ { push(@out,"TYPE($func,\@function)\n"); } ++ elsif ($main'coff) ++ { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } ++ elsif ($main'aout and !$main'pic) ++ { } ++ else { push(@out,".type $func,\@function\n"); } ++ push(@out,".align\t$align\n"); ++ push(@out,"$func:\n"); ++ $stack=4; ++ } ++ + sub main'function_end + { + local($func)=@_; +@@ -694,7 +717,17 @@ + { + $tmp=<<___; + .section .init ++#ifdef OPENSSL_PIC ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $under$f\@PLT ++ popl %ebx ++#else + call $under$f ++#endif + jmp .Linitalign + .align $align + .Linitalign: +Index: openssl-0.9.8k/crypto/perlasm/cbc.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/perlasm/cbc.pl 2005-05-09 23:48:00.000000000 +0200 ++++ openssl-0.9.8k/crypto/perlasm/cbc.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -122,7 +122,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -187,7 +191,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -220,7 +228,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -263,7 +275,11 @@ + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +Index: openssl-0.9.8k/crypto/perlasm/x86_64-xlate.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/perlasm/x86_64-xlate.pl 2009-07-19 11:32:41.000000000 +0200 ++++ openssl-0.9.8k/crypto/perlasm/x86_64-xlate.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -433,7 +433,7 @@ + + chomp($line); + +- $line =~ s|[#!].*$||; # get rid of asm-style comments... ++# $line =~ s|[#!].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning + +Index: openssl-0.9.8k/crypto/aes/Makefile +=================================================================== +--- openssl-0.9.8k.orig/crypto/aes/Makefile 2008-09-17 19:10:55.000000000 +0200 ++++ openssl-0.9.8k/crypto/aes/Makefile 2009-07-19 11:36:00.000000000 +0200 +@@ -57,7 +57,7 @@ + ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) + +-aes-x86_64.s: asm/aes-x86_64.pl ++aes-x86_64.S: asm/aes-x86_64.pl + $(PERL) asm/aes-x86_64.pl $@ + + files: +Index: openssl-0.9.8k/crypto/aes/asm/aes-586.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/aes/asm/aes-586.pl 2008-12-17 15:14:51.000000000 +0100 ++++ openssl-0.9.8k/crypto/aes/asm/aes-586.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -250,7 +250,7 @@ + sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } + + &public_label("AES_Te"); +-&function_begin_B("_x86_AES_encrypt"); ++&function_begin_B_static("_x86_AES_encrypt"); + if ($vertical_spin) { + # I need high parts of volatile registers to be accessible... + &exch ($s1="edi",$key="ebx"); +@@ -539,7 +539,7 @@ + } + + &public_label("AES_Td"); +-&function_begin_B("_x86_AES_decrypt"); ++&function_begin_B_static("_x86_AES_decrypt"); + # note that caller is expected to allocate stack frame for me! + &mov (&DWP(12,"esp"),$key); # save key + +@@ -1461,15 +1461,22 @@ + &public_label("AES_Td"); + &public_label("AES_Te"); + &function_begin_B("AES_set_decrypt_key"); ++ &push ("ebx"); + &mov ("eax",&wparam(0)); + &mov ("ecx",&wparam(1)); + &mov ("edx",&wparam(2)); + &sub ("esp",12); ++ ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); + &mov (&DWP(0,"esp"),"eax"); + &mov (&DWP(4,"esp"),"ecx"); + &mov (&DWP(8,"esp"),"edx"); +- &call ("AES_set_encrypt_key"); ++ &call ("AES_set_encrypt_key\@PLT"); + &add ("esp",12); ++ &pop ("ebx"); + &cmp ("eax",0); + &je (&label("proceed")); + &ret (); +Index: openssl-0.9.8k/crypto/aes/asm/aes-x86_64.pl +=================================================================== +--- openssl-0.9.8k.orig/crypto/aes/asm/aes-x86_64.pl 2008-12-27 14:34:30.000000000 +0100 ++++ openssl-0.9.8k/crypto/aes/asm/aes-x86_64.pl 2009-07-19 11:36:00.000000000 +0200 +@@ -974,7 +974,11 @@ + .align 16 + AES_set_decrypt_key: + push %rdx ++#ifdef OPENSSL_PIC ++ call AES_set_encrypt_key\@PLT ++#else + call AES_set_encrypt_key ++#endif + cmp \$0,%eax + je .Lproceed + lea 24(%rsp),%rsp --- openssl-0.9.8k.orig/VMS/VMSify-conf.pl +++ openssl-0.9.8k/VMS/VMSify-conf.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#!/usr/local/bin/perl use strict; use warnings; --- openssl-0.9.8k.orig/demos/tunala/configure.in +++ openssl-0.9.8k/demos/tunala/configure.in @@ -1,4 +1,4 @@ -dnl Process this file with autoconf to produce a configure script. +#!/usr/local/bin/perl AC_INIT(tunala.c) AM_CONFIG_HEADER(config.h) AM_INIT_AUTOMAKE(tunala, 0.0.1-dev) --- openssl-0.9.8k.orig/.pc/.quilt_series +++ openssl-0.9.8k/.pc/.quilt_series @@ -0,0 +1 @@ +series --- openssl-0.9.8k.orig/.pc/.version +++ openssl-0.9.8k/.pc/.version @@ -0,0 +1 @@ +2 --- openssl-0.9.8k.orig/.pc/.quilt_patches +++ openssl-0.9.8k/.pc/.quilt_patches @@ -0,0 +1 @@ +debian/patches