mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
336923c0c8
openssl/crypto
History
Bernd Edlinger 336923c0c8 Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets 
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45

The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
    912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899

but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
    912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899

so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.

Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45

correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899

wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899

Fortunately the bn_mul_comba4/8 code paths are not affected.

Also the mips64 target does in fact not handle the carry propagation
correctly.

Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
    022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001

correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
    0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
    3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
    2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001

wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
    0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
    3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
    2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
2021-12-14 06:43:04 +01:00
..
aes fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
aria fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
asn1 asn1_item_embed_d2i: fix th return check 2021-11-22 14:43:44 +01:00
async Add return value NULL checks that were missing 2021-11-12 19:53:02 +10:00
bf
bio BIO_s_connect(): Enable BIO_gets() 2021-11-15 14:40:16 +01:00
bn Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets 2021-12-14 06:43:04 +01:00
buffer
camellia Update copyright year 2021-07-29 15:41:35 +01:00
cast
chacha aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
cmac EVP_Cipher: fix the incomplete return check 2021-11-16 17:28:23 +01:00
cmp ossl_cmp_msg_check_update(): align recipNone check with improved transactionID check 2021-12-13 09:52:02 +01:00
cms Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
comp Fix coverity 1493364 & 1493375: unchecked return value 2021-11-08 08:55:32 +10:00
conf Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
crmf Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
ct
des Convert the weak key and key parity tests to be constant time. 2021-11-05 09:25:28 +10:00
dh Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
dsa add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), 2021-10-27 08:36:55 +10:00
dso Fix data race setting default_DSO_meth 2021-11-08 08:58:38 +10:00
ec Don't create an ECX key with short keys 2021-11-16 13:21:06 +00:00
encode_decode CORE: Encure that cached fetches can be done per provider 2021-10-27 12:41:15 +02:00
engine Avoid loading of a dynamic engine twice 2021-11-23 06:08:16 +01:00
err OSSL_HTTP_get(): Fix timeout handling on redirection 2021-12-09 18:10:07 +01:00
ess
evp Fix EVP_PKEY_eq() to be possible to use with strictly private keys 2021-12-13 07:52:53 +01:00
ffc fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
hmac Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac() 2021-06-23 23:00:36 +02:00
http OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing 2021-12-13 12:13:30 +01:00
idea
kdf
lhash fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
md2
md4
md5 Update copyright year 2021-07-29 15:41:35 +01:00
mdc2
modes aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
objects Minor code cleanup in o_names_init 2021-12-09 19:24:30 +01:00
ocsp OCSP_sendreq_bio: Avoid doublefree of mem BIO 2021-10-25 11:43:10 +02:00
pem Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
perlasm perlasm/ppc-xlate.pl: Fix build on OS X 2021-11-18 13:24:17 +01:00
pkcs7
pkcs12 fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
poly1305 aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
property Don't write to the globals ossl_property_true and ossl_property_false 2021-11-12 17:16:01 +00:00
rand fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
rc2
rc4
rc5
ripemd
rsa check the return value of BN_dup() in rsa_lib.c:1248 2021-12-02 09:51:16 +01:00
seed
sha sha/asm/keccak1600-ppc64.pl: Load data in 8 byte chunks on little endian 2021-11-11 10:58:46 +01:00
siphash
sm2 Add missing check according to SM2 Digital Signature generation algorithm 2021-11-02 12:02:56 +01:00
sm3
sm4
srp fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
stack Fix Coverity 1493746: constant expression result 2021-11-17 08:15:35 +10:00
store Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
ts ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint 2021-08-26 11:06:06 +02:00
txt_db
ui Update copyright year 2021-07-29 15:41:35 +01:00
whrlpool
x509 remove redundant ERR_raise 2021-12-10 15:20:29 +11:00
alphacpuid.pl
arm64cpuid.pl aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
arm_arch.h aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
armcap.c Fix detection of ARMv7 and ARM64 CPU features on FreeBSD 2021-11-24 11:00:24 +01:00
armv4cpuid.pl
asn1_dsa.c
bsearch.c
build.info
c64xpluscpuid.pl
context.c Stop receiving child callbacks in a child libctx when appropriate 2021-11-12 17:16:14 +00:00
core_algorithm.c CORE: add a provider argument to ossl_method_construct() 2021-10-27 12:41:10 +02:00
core_fetch.c CORE: Encure that cached fetches can be done per provider 2021-10-27 12:41:15 +02:00
core_namemap.c Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
cpt_err.c Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number 2021-11-24 19:18:19 +01:00
cpuid.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
cryptlib.c
ctype.c
cversion.c
der_writer.c
dllmain.c
ebcdic.c
ex_data.c
getenv.c
ia64cpuid.S
info.c
init.c Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG 2021-08-05 09:21:00 +10:00
initthread.c Avoid a race in init_thread_stop() 2021-11-12 17:16:14 +00:00
LPdir_nyi.c
LPdir_unix.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c
mem.c
mips_arch.h
o_dir.c
o_fopen.c
o_init.c
o_str.c
o_time.c
packet.c
param_build_set.c
param_build.c Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers 2021-11-23 11:40:29 +01:00
params_dup.c
params_from_text.c Allow sign extension in OSSL_PARAM_allocate_from_text() 2021-11-24 19:18:19 +01:00
params.c
pariscid.pl
passphrase.c Fix pvk encoder to properly query for the passphrase 2021-12-06 16:38:03 +01:00
ppccap.c Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurations 2021-12-09 16:07:14 +11:00
ppccpuid.pl
provider_child.c Stop receiving child callbacks in a child libctx when appropriate 2021-11-12 17:16:14 +00:00
provider_conf.c Refactor: a separate func for provider activation from config 2021-12-01 15:49:38 +01:00
provider_core.c Hold the flag_lock when calling child callbacks 2021-11-12 17:16:14 +00:00
provider_local.h make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider_predefined.c make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider.c Correctly activate the provider in OSSL_PROVIDER_try_load 2021-11-12 17:16:14 +00:00
punycode.c Move more general parts of internal/cryptlib.h to new internal/common.h 2021-11-17 15:48:37 +01:00
README-sparse_array.md
s390x_arch.h Add default provider support for Keccak 224, 256, 384 and 512 2021-09-23 12:07:57 +10:00
s390xcap.c
s390xcpuid.pl
self_test_core.c
sparccpuid.S
sparcv9cap.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
sparse_array.c
threads_lib.c
threads_none.c
threads_pthread.c Defined out MUTEX attributes not available on NonStop SPT Threads. 2021-07-02 12:33:45 +10:00
threads_win.c Explicitly #include <synchapi.h> is unnecessary 2021-09-23 14:07:18 +02:00
trace.c
uid.c Openssl fails to compile on Debian with kfreebsd kernels 2021-09-02 10:02:32 +10:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl