summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2017-11-29 05:59:12 +0000
committerdelphij <delphij@FreeBSD.org>2017-11-29 05:59:12 +0000
commit0ecf331da20a8ac070c734965e57534aacbba964 (patch)
tree04169c7abc664208529d007b5929c518d57c83d6
parent4a41e2e13c64eddf6e3f83911de7e508d1098b4c (diff)
downloadFreeBSD-src-0ecf331da20a8ac070c734965e57534aacbba964.zip
FreeBSD-src-0ecf331da20a8ac070c734965e57534aacbba964.tar.gz
Fix multiple vulnerabilities of OpenSSL.
Security: FreeBSD-SA-17:11 Approved by: so
Diffstat
-rw-r--r--UPDATING4
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/x86_64-mont5.pl12
-rw-r--r--crypto/openssl/crypto/x509v3/v3_addr.c10
-rw-r--r--secure/lib/libcrypto/amd64/x86_64-mont5.S12
4 files changed, 30 insertions, 8 deletions
diff --git a/UPDATING b/UPDATING
index dab8af9..e63fad1 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+20171129 p5 FreeBSD-SA-17:11.openssl
+
+ Fix multiple vulnerabilities of OpenSSL.
+
20171115 p4 FreeBSD-SA-17:08.ptrace
FreeBSD-SA-17:10.kldstat
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
index 3bb0cdf..42178e4 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
@@ -3090,11 +3090,19 @@ $code.=<<___;
.align 32
.Lsqrx8x_break:
- sub 16+8(%rsp),%r8 # consume last carry
+ xor $zero,$zero
+ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
+ adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
+ adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
- xor %ebp,%ebp # xor $zero,$zero
+ adc \$0,%r10
mov %r8,0*8($tptr)
+ adc \$0,%r11
+ adc \$0,%r12
+ adc \$0,%r13
+ adc \$0,%r14
+ adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop
diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c
index 1290dec..af080a0 100644
--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/openssl/crypto/x509v3/v3_addr.c
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
- return ((f != NULL &&
- f->addressFamily != NULL && f->addressFamily->data != NULL)
- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
- : 0);
+ if (f == NULL
+ || f->addressFamily == NULL
+ || f->addressFamily->data == NULL
+ || f->addressFamily->length < 2)
+ return 0;
+ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*
diff --git a/secure/lib/libcrypto/amd64/x86_64-mont5.S b/secure/lib/libcrypto/amd64/x86_64-mont5.S
index 3d1b0ce..f4a12d7 100644
--- a/secure/lib/libcrypto/amd64/x86_64-mont5.S
+++ b/secure/lib/libcrypto/amd64/x86_64-mont5.S
@@ -3077,11 +3077,19 @@ __bn_sqrx8x_internal:
.align 32
.Lsqrx8x_break:
- subq 16+8(%rsp),%r8
+ xorq %rbp,%rbp
+ subq 16+8(%rsp),%rbx
+ adcxq %rbp,%r8
movq 24+8(%rsp),%rcx
+ adcxq %rbp,%r9
movq 0(%rsi),%rdx
- xorl %ebp,%ebp
+ adcq $0,%r10
movq %r8,0(%rdi)
+ adcq $0,%r11
+ adcq $0,%r12
+ adcq $0,%r13
+ adcq $0,%r14
+ adcq $0,%r15
cmpq %rcx,%rdi
je .Lsqrx8x_outer_loop
OpenPOWER on IntegriCloud