Fix multiple vulnerabilities of OpenSSL.

Security: FreeBSD-SA-17:11 Approved by: so
svn path=/releng/11.0/; revision=326358
2024-11-30 04:22:44 +00:00 · 2017-11-29 05:59:12 +00:00 · 2017-11-29 05:59:12 +00:00 · 8d2708de5d · 2020-12-20 02:59:44 +00:00
commit 8d2708de5d
parent 9b542f9396
5 changed files with 31 additions and 9 deletions
--- a/4
+++ b/4
@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to
 the tip of head, and then rebuild without this option. The bootstrap process
 from older version of current across the gcc/clang cutover is a bit fragile.

+20171129	p16	FreeBSD-SA-17:11.openssl
+
+	Fix multiple vulnerabilities of OpenSSL.
+
 20171115	p15	FreeBSD-SA-17:08.ptrace
 			FreeBSD-SA-17:10.kldstat

--- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
@ -3090,11 +3090,19 @@ $code.=<<___;

 .align	32
 .Lsqrx8x_break:
-	sub	16+8(%rsp),%r8		# consume last carry
+	xor	$zero,$zero
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
+	adcx	$zero,%r8
 	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
+	adcx	$zero,%r9
 	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
-	xor	%ebp,%ebp		# xor	$zero,$zero
+	adc	\$0,%r10
 	mov	%r8,0*8($tptr)
+	adc	\$0,%r11
+	adc	\$0,%r12
+	adc	\$0,%r13
+	adc	\$0,%r14
+	adc	\$0,%r15
 	cmp	$carry,$tptr		# cf=0, of=0
 	je	.Lsqrx8x_outer_loop

--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/openssl/crypto/x509v3/v3_addr.c
@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
 */
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
 }

 /*
--- a/secure/lib/libcrypto/amd64/x86_64-mont5.S
+++ b/secure/lib/libcrypto/amd64/x86_64-mont5.S
@ -3077,11 +3077,19 @@ __bn_sqrx8x_internal:

 .align	32
 .Lsqrx8x_break:
-	subq	16+8(%rsp),%r8
+	xorq	%rbp,%rbp
+	subq	16+8(%rsp),%rbx
+	adcxq	%rbp,%r8
 	movq	24+8(%rsp),%rcx
+	adcxq	%rbp,%r9
 	movq	0(%rsi),%rdx
-	xorl	%ebp,%ebp
+	adcq	$0,%r10
 	movq	%r8,0(%rdi)
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
 	cmpq	%rcx,%rdi
 	je	.Lsqrx8x_outer_loop

--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@ -32,7 +32,7 @@

 TYPE="FreeBSD"
 REVISION="11.0"
-BRANCH="RELEASE-p15"
+BRANCH="RELEASE-p16"
 if [ -n "${BRANCH_OVERRIDE}" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi