public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: - gracefully handle zero length in assembler implementations of
Date: Tue, 09 Jun 2026 12:42:04 GMT [thread overview]
Message-ID: <178100892480.1.6563927397929959899.rpms-openssl-bffe20438c4a@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : bffe20438c4a0d0e16e93abe87499fe2df6a8d62
Author : Tomáš Mráz <tmraz@fedoraproject.org>
Date : 2010-02-12T17:20:50+00:00
Stats : +617/-508 in 4 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/bffe20438c4a0d0e16e93abe87499fe2df6a8d62?branch=rebase_40beta
Log:
- gracefully handle zero length in assembler implementations of
OPENSSL_cleanse (#564029)
- do not fail in s_server if client hostname not resolvable (#561260)
---
diff --git a/openssl-1.0.0-beta3-ipv6-apps.patch b/openssl-1.0.0-beta3-ipv6-apps.patch
deleted file mode 100644
index 690bc98..0000000
--- a/openssl-1.0.0-beta3-ipv6-apps.patch
+++ /dev/null
@@ -1,506 +0,0 @@
-diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
---- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_apps.h 2009-08-05 21:29:58.000000000 +0200
-@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
- #define PORT_STR "4433"
- #define PROTOCOL "tcp"
-
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, char *port, int type);
- int should_retry(int i);
--int extract_port(char *str, short *port_ptr);
--int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
-
- long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret);
-diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
---- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_client.c 2009-08-05 22:33:44.000000000 +0200
-@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
- int cbuf_len,cbuf_off;
- int sbuf_len,sbuf_off;
- fd_set readfds,writefds;
-- short port=PORT;
-+ char *port_str = PORT_STR;
- int full_log=1;
- char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
-@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
- else if (strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
-- port=atoi(*(++argv));
-- if (port == 0) goto bad;
-+ port_str= *(++argv);
- }
- else if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
-- if (!extract_host_port(*(++argv),&host,NULL,&port))
-+ if (!extract_host_port(*(++argv),&host,&port_str))
- goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
-@@ -956,7 +955,7 @@ bad:
-
- re_start:
-
-- if (init_client(&s,host,port,socket_type) == 0)
-+ if (init_client(&s,host,port_str,socket_type) == 0)
- {
- BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- SHUTDOWN(s);
-diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
---- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps 2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_server.c 2009-08-05 21:29:58.000000000 +0200
-@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
- {
- X509_VERIFY_PARAM *vpm = NULL;
- int badarg = 0;
-- short port=PORT;
-+ char *port_str = PORT_STR;
- char *CApath=NULL,*CAfile=NULL;
- unsigned char *context = NULL;
- char *dhfile = NULL;
-@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
- (strcmp(*argv,"-accept") == 0))
- {
- if (--argc < 1) goto bad;
-- if (!extract_port(*(++argv),&port))
-- goto bad;
-+ port_str= *(++argv);
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
-@@ -1685,9 +1684,9 @@ bad:
- BIO_printf(bio_s_out,"ACCEPT\n");
- (void)BIO_flush(bio_s_out);
- if (www)
-- do_server(port,socket_type,&accept_socket,www_body, context);
-+ do_server(port_str,socket_type,&accept_socket,www_body, context);
- else
-- do_server(port,socket_type,&accept_socket,sv_body, context);
-+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
- print_stats(bio_s_out,ctx);
- ret=0;
- end:
-diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
---- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps 2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta3/apps/s_socket.c 2009-08-05 21:29:58.000000000 +0200
-@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_server(int *sock, char *port, int type);
- static int do_accept(int acc_sock, int *sock, char **host);
- static int host_ip(char *str, unsigned char ip[4]);
-
-@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
- return(1);
- }
-
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, char *port, int type)
- {
-- unsigned char ip[4];
--
-- if (!host_ip(host,&(ip[0])))
-- {
-- return(0);
-- }
-- return(init_client_ip(sock,ip,port,type));
-- }
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-- {
-- unsigned long addr;
-- struct sockaddr_in them;
-- int s,i;
-+ struct addrinfo *res, *res0, hints;
-+ char * failed_call = NULL;
-+ int s;
-+ int e;
-
- if (!ssl_sock_init()) return(0);
-
-- memset((char *)&them,0,sizeof(them));
-- them.sin_family=AF_INET;
-- them.sin_port=htons((unsigned short)port);
-- addr=(unsigned long)
-- ((unsigned long)ip[0]<<24L)|
-- ((unsigned long)ip[1]<<16L)|
-- ((unsigned long)ip[2]<< 8L)|
-- ((unsigned long)ip[3]);
-- them.sin_addr.s_addr=htonl(addr);
--
-- if (type == SOCK_STREAM)
-- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-- else /* ( type == SOCK_DGRAM) */
-- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
--
-- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_ADDRCONFIG;
-+
-+ e = getaddrinfo(host, port, &hints, &res);
-+ if (e)
-+ {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
-+ return (0);
-+ }
-
-+ res0 = res;
-+ while (res)
-+ {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET)
-+ {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
- #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
- if (type == SOCK_STREAM)
- {
-- i=0;
-- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-- if (i < 0) { perror("keepalive"); return(0); }
-+ int i=0;
-+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
-+ (char *)&i,sizeof(i));
-+ if (i < 0) {
-+ failed_call = "keepalive";
-+ goto nextres;
-+ }
- }
- #endif
--
-- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-- { closesocket(s); perror("connect"); return(0); }
-+ if (connect(s,(struct sockaddr *)res->ai_addr,
-+ res->ai_addrlen) == 0)
-+ {
-+ freeaddrinfo(res0);
- *sock=s;
- return(1);
- }
-
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+ failed_call = "socket";
-+nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
-+ }
-+ freeaddrinfo(res0);
-+
-+ perror(failed_call);
-+ return(0);
-+ }
-+
-+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
- {
- int sock;
- char *name = NULL;
-@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
- }
- }
-
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server(int *sock, char *port, int type)
- {
-- int ret=0;
-- struct sockaddr_in server;
-- int s= -1,i;
-+ struct addrinfo *res, *res0, hints;
-+ char * failed_call = NULL;
-+ char port_name[8];
-+ int s;
-+ int e;
-
- if (!ssl_sock_init()) return(0);
-
-- memset((char *)&server,0,sizeof(server));
-- server.sin_family=AF_INET;
-- server.sin_port=htons((unsigned short)port);
-- if (ip == NULL)
-- server.sin_addr.s_addr=INADDR_ANY;
-- else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
-- memcpy(&server.sin_addr.s_addr,ip,4);
--#else
-- memcpy(&server.sin_addr,ip,4);
--#endif
-+ memset(&hints, '\0', sizeof(hints));
-+ hints.ai_socktype = type;
-+ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
-
-- if (type == SOCK_STREAM)
-- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-- else /* type == SOCK_DGRAM */
-- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+ e = getaddrinfo(NULL, port, &hints, &res);
-+ if (e)
-+ {
-+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
-+ if (e == EAI_SYSTEM)
-+ perror("getaddrinfo");
-+ return (0);
-+ }
-
-- if (s == INVALID_SOCKET) goto err;
-+ res0 = res;
-+ while (res)
-+ {
-+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-+ if (s == INVALID_SOCKET)
-+ {
-+ failed_call = "socket";
-+ goto nextres;
-+ }
- #if defined SOL_SOCKET && defined SO_REUSEADDR
- {
- int j = 1;
-@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
- (void *) &j, sizeof j);
- }
- #endif
-- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+
-+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
- {
--#ifndef OPENSSL_SYS_WINDOWS
-- perror("bind");
--#endif
-- goto err;
-+ failed_call = "bind";
-+ goto nextres;
- }
-- /* Make it 128 for linux */
-- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
-- i=0;
-- *sock=s;
-- ret=1;
--err:
-- if ((ret == 0) && (s != -1))
-+ if (type==SOCK_STREAM && listen(s,128) == -1)
- {
-- SHUTDOWN(s);
-+ failed_call = "listen";
-+ goto nextres;
- }
-- return(ret);
-+
-+ *sock=s;
-+ return(1);
-+
-+nextres:
-+ if (s != INVALID_SOCKET)
-+ close(s);
-+ res = res->ai_next;
- }
-+ freeaddrinfo(res0);
-
--static int init_server(int *sock, int port, int type)
-- {
-- return(init_server_long(sock, port, NULL, type));
-+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-+
-+ perror(failed_call);
-+ return(0);
- }
-
- static int do_accept(int acc_sock, int *sock, char **host)
- {
-- int ret,i;
-- struct hostent *h1,*h2;
-- static struct sockaddr_in from;
-+ static struct sockaddr_storage from;
-+ char buffer[NI_MAXHOST];
-+ int ret;
- int len;
- /* struct linger ling; */
-
-@@ -425,137 +443,62 @@ redoit:
- if (i < 0) { perror("keepalive"); return(0); }
- */
-
-- if (host == NULL) goto end;
--#ifndef BIT_FIELD_LIMITS
-- /* I should use WSAAsyncGetHostByName() under windows */
-- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
-- sizeof(from.sin_addr.s_addr),AF_INET);
--#else
-- h1=gethostbyaddr((char *)&from.sin_addr,
-- sizeof(struct in_addr),AF_INET);
--#endif
-- if (h1 == NULL)
-+ if (host == NULL)
- {
-- BIO_printf(bio_err,"bad gethostbyaddr\n");
-- *host=NULL;
-- /* return(0); */
-- }
-- else
-- {
-- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
-- {
-- perror("OPENSSL_malloc");
-+ *sock=ret;
- return(0);
- }
-- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
-- h2=GetHostByName(*host);
-- if (h2 == NULL)
-+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
-+ buffer, sizeof(buffer),
-+ NULL, 0, 0))
- {
-- BIO_printf(bio_err,"gethostbyname failure\n");
-+ BIO_printf(bio_err,"getnameinfo failed\n");
-+ *host=NULL;
- return(0);
- }
-- i=0;
-- if (h2->h_addrtype != AF_INET)
-+ else
- {
-- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
-+ {
-+ perror("OPENSSL_malloc");
- return(0);
- }
-- }
--end:
-+ strcpy(*host, buffer);
- *sock=ret;
- return(1);
- }
-+ }
-
--int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-- short *port_ptr)
-+int extract_host_port(char *str, char **host_ptr,
-+ char **port_ptr)
- {
-- char *h,*p;
-+ char *h,*p,*x;
-
-- h=str;
-- p=strchr(str,':');
-+ x=h=str;
-+ if (*h == '[')
-+ {
-+ h++;
-+ p=strchr(h,']');
- if (p == NULL)
- {
-- BIO_printf(bio_err,"no port defined\n");
-+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
- return(0);
- }
- *(p++)='\0';
--
-- if ((ip != NULL) && !host_ip(str,ip))
-- goto err;
-- if (host_ptr != NULL) *host_ptr=h;
--
-- if (!extract_port(p,port_ptr))
-- goto err;
-- return(1);
--err:
-- return(0);
-+ x = p;
- }
--
--static int host_ip(char *str, unsigned char ip[4])
-- {
-- unsigned int in[4];
-- int i;
--
-- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-- {
-- for (i=0; i<4; i++)
-- if (in[i] > 255)
-- {
-- BIO_printf(bio_err,"invalid IP address\n");
-- goto err;
-- }
-- ip[0]=in[0];
-- ip[1]=in[1];
-- ip[2]=in[2];
-- ip[3]=in[3];
-- }
-- else
-- { /* do a gethostbyname */
-- struct hostent *he;
--
-- if (!ssl_sock_init()) return(0);
--
-- he=GetHostByName(str);
-- if (he == NULL)
-- {
-- BIO_printf(bio_err,"gethostbyname failure\n");
-- goto err;
-- }
-- /* cast to short because of win16 winsock definition */
-- if ((short)he->h_addrtype != AF_INET)
-+ p=strchr(x,':');
-+ if (p == NULL)
- {
-- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-- return(0);
-- }
-- ip[0]=he->h_addr_list[0][0];
-- ip[1]=he->h_addr_list[0][1];
-- ip[2]=he->h_addr_list[0][2];
-- ip[3]=he->h_addr_list[0][3];
-- }
-- return(1);
--err:
-+ BIO_printf(bio_err,"no port defined\n");
- return(0);
- }
-+ *(p++)='\0';
-
--int extract_port(char *str, short *port_ptr)
-- {
-- int i;
-- struct servent *s;
-+ if (host_ptr != NULL) *host_ptr=h;
-+ if (port_ptr != NULL) *port_ptr=p;
-
-- i=atoi(str);
-- if (i != 0)
-- *port_ptr=(unsigned short)i;
-- else
-- {
-- s=getservbyname(str,"tcp");
-- if (s == NULL)
-- {
-- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
-- return(0);
-- }
-- *port_ptr=ntohs((unsigned short)s->s_port);
-- }
- return(1);
- }
-
diff --git a/openssl-1.0.0-beta5-cleanse.patch b/openssl-1.0.0-beta5-cleanse.patch
new file mode 100644
index 0000000..92f7446
--- /dev/null
+++ b/openssl-1.0.0-beta5-cleanse.patch
@@ -0,0 +1,109 @@
+Gracefully handle zero length in assembler implementations of OPENSSL_cleanse.
+diff -up openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse openssl-1.0.0-beta5/crypto/ia64cpuid.S
+--- openssl-1.0.0-beta5/crypto/ia64cpuid.S.cleanse 2007-07-27 20:03:27.000000000 +0200
++++ openssl-1.0.0-beta5/crypto/ia64cpuid.S 2010-02-12 18:13:52.000000000 +0100
+@@ -130,9 +130,11 @@ OPENSSL_wipe_cpu:
+ .global OPENSSL_cleanse#
+ .proc OPENSSL_cleanse#
+ OPENSSL_cleanse:
++{ .mib; cmp.eq p6,p0=0,r33 // len==0
+ #if defined(_HPUX_SOURCE) && !defined(_LP64)
+-{ .mmi; addp4 r32=0,r32 };;
++ addp4 r32=0,r32
+ #endif
++(p6) br.ret.spnt b0 };;
+ { .mib; and r2=7,r32
+ cmp.leu p6,p0=15,r33 // len>=15
+ (p6) br.cond.dptk .Lot };;
+diff -up openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl
+--- openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl.cleanse 2008-01-13 23:01:29.000000000 +0100
++++ openssl-1.0.0-beta5/crypto/perlasm/ppc-xlate.pl 2010-02-12 18:13:52.000000000 +0100
+@@ -101,6 +101,13 @@ my $bnelr = sub {
+ " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+ " bclr $bo,2";
+ };
++my $beqlr = sub {
++ my $f = shift;
++ my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint
++ ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints
++ " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
++ " bclr $bo,2";
++};
+ # GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+ # arguments is 64, with "operand out of range" error.
+ my $extrdi = sub {
+diff -up openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse openssl-1.0.0-beta5/crypto/ppccpuid.pl
+--- openssl-1.0.0-beta5/crypto/ppccpuid.pl.cleanse 2008-09-12 16:45:53.000000000 +0200
++++ openssl-1.0.0-beta5/crypto/ppccpuid.pl 2010-02-12 18:13:52.000000000 +0100
+@@ -67,6 +67,8 @@ Loop: lwarx r5,0,r3
+ $CMPLI r4,7
+ li r0,0
+ bge Lot
++ $CMPLI r4,0
++ beqlr-
+ Little: mtctr r4
+ stb r0,0(r3)
+ addi r3,r3,1
+diff -up openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse openssl-1.0.0-beta5/crypto/sparccpuid.S
+--- openssl-1.0.0-beta5/crypto/sparccpuid.S.cleanse 2007-05-19 19:26:48.000000000 +0200
++++ openssl-1.0.0-beta5/crypto/sparccpuid.S 2010-02-12 18:13:52.000000000 +0100
+@@ -242,6 +242,10 @@ OPENSSL_cleanse:
+ #else
+ bgu .Lot
+ #endif
++ cmp %o1,0
++ bne .Little
++ nop
++ retl
+ nop
+
+ .Little:
+diff -up openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse openssl-1.0.0-beta5/crypto/s390xcpuid.S
+--- openssl-1.0.0-beta5/crypto/s390xcpuid.S.cleanse 2010-01-19 22:40:56.000000000 +0100
++++ openssl-1.0.0-beta5/crypto/s390xcpuid.S 2010-02-12 18:13:52.000000000 +0100
+@@ -62,6 +62,8 @@ OPENSSL_cleanse:
+ lghi %r0,0
+ clgr %r3,%r4
+ jh .Lot
++ clgr %r3,%r0
++ bcr 8,%r14
+ .Little:
+ stc %r0,0(%r2)
+ la %r2,1(%r2)
+diff -up openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86cpuid.pl
+--- openssl-1.0.0-beta5/crypto/x86cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200
++++ openssl-1.0.0-beta5/crypto/x86cpuid.pl 2010-02-12 18:13:52.000000000 +0100
+@@ -279,11 +279,14 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
+ &xor ("eax","eax");
+ &cmp ("ecx",7);
+ &jae (&label("lot"));
++ &cmp ("ecx",0);
++ &je (&label("ret"));
+ &set_label("little");
+ &mov (&BP(0,"edx"),"al");
+ &sub ("ecx",1);
+ &lea ("edx",&DWP(1,"edx"));
+ &jnz (&label("little"));
++&set_label("ret");
+ &ret ();
+
+ &set_label("lot",16);
+diff -up openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse openssl-1.0.0-beta5/crypto/x86_64cpuid.pl
+--- openssl-1.0.0-beta5/crypto/x86_64cpuid.pl.cleanse 2009-05-14 20:25:29.000000000 +0200
++++ openssl-1.0.0-beta5/crypto/x86_64cpuid.pl 2010-02-12 18:13:52.000000000 +0100
+@@ -145,12 +145,14 @@ OPENSSL_cleanse:
+ xor %rax,%rax
+ cmp \$15,$arg2
+ jae .Lot
++ cmp \$0,$arg2
++ je .Lret
+ .Little:
+ mov %al,($arg1)
+ sub \$1,$arg2
+ lea 1($arg1),$arg1
+ jnz .Little
+- ret
++.Lret: ret
+ .align 16
+ .Lot:
+ test \$7,$arg1
diff --git a/openssl-1.0.0-beta5-ipv6-apps.patch b/openssl-1.0.0-beta5-ipv6-apps.patch
new file mode 100644
index 0000000..4304c01
--- /dev/null
+++ b/openssl-1.0.0-beta5-ipv6-apps.patch
@@ -0,0 +1,499 @@
+diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
+--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_apps.h 2010-02-03 09:43:49.000000000 +0100
+@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
+ #define PORT_STR "4433"
+ #define PROTOCOL "tcp"
+
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, char *port, int type);
+ int should_retry(int i);
+-int extract_port(char *str, short *port_ptr);
+-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
++int extract_host_port(char *str,char **host_ptr,char **port_ptr);
+
+ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret);
+diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
+--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_client.c 2010-02-03 09:43:49.000000000 +0100
+@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
+ int cbuf_len,cbuf_off;
+ int sbuf_len,sbuf_off;
+ fd_set readfds,writefds;
+- short port=PORT;
++ char *port_str = PORT_STR;
+ int full_log=1;
+ char *host=SSL_HOST_NAME;
+ char *cert_file=NULL,*key_file=NULL;
+@@ -488,13 +488,12 @@ int MAIN(int argc, char **argv)
+ else if (strcmp(*argv,"-port") == 0)
+ {
+ if (--argc < 1) goto bad;
+- port=atoi(*(++argv));
+- if (port == 0) goto bad;
++ port_str= *(++argv);
+ }
+ else if (strcmp(*argv,"-connect") == 0)
+ {
+ if (--argc < 1) goto bad;
+- if (!extract_host_port(*(++argv),&host,NULL,&port))
++ if (!extract_host_port(*(++argv),&host,&port_str))
+ goto bad;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+@@ -967,7 +966,7 @@ bad:
+
+ re_start:
+
+- if (init_client(&s,host,port,socket_type) == 0)
++ if (init_client(&s,host,port_str,socket_type) == 0)
+ {
+ BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ SHUTDOWN(s);
+diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
+--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_server.c 2010-02-03 09:43:49.000000000 +0100
+@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
+ {
+ X509_VERIFY_PARAM *vpm = NULL;
+ int badarg = 0;
+- short port=PORT;
++ char *port_str = PORT_STR;
+ char *CApath=NULL,*CAfile=NULL;
+ unsigned char *context = NULL;
+ char *dhfile = NULL;
+@@ -909,8 +909,7 @@ int MAIN(int argc, char *argv[])
+ (strcmp(*argv,"-accept") == 0))
+ {
+ if (--argc < 1) goto bad;
+- if (!extract_port(*(++argv),&port))
+- goto bad;
++ port_str= *(++argv);
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ {
+@@ -1700,9 +1699,9 @@ bad:
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ (void)BIO_flush(bio_s_out);
+ if (www)
+- do_server(port,socket_type,&accept_socket,www_body, context);
++ do_server(port_str,socket_type,&accept_socket,www_body, context);
+ else
+- do_server(port,socket_type,&accept_socket,sv_body, context);
++ do_server(port_str,socket_type,&accept_socket,sv_body, context);
+ print_stats(bio_s_out,ctx);
+ ret=0;
+ end:
+diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
+--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps 2009-08-26 13:21:50.000000000 +0200
++++ openssl-1.0.0-beta5/apps/s_socket.c 2010-02-03 10:00:30.000000000 +0100
+@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
+ static void ssl_sock_cleanup(void);
+ #endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port,char *ip, int type);
++static int init_server(int *sock, char *port, int type);
+ static int do_accept(int acc_sock, int *sock, char **host);
+ static int host_ip(char *str, unsigned char ip[4]);
+
+@@ -234,58 +232,70 @@ static int ssl_sock_init(void)
+ return(1);
+ }
+
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, char *port, int type)
+ {
+- unsigned char ip[4];
+-
+- if (!host_ip(host,&(ip[0])))
+- {
+- return(0);
+- }
+- return(init_client_ip(sock,ip,port,type));
+- }
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+- {
+- unsigned long addr;
+- struct sockaddr_in them;
+- int s,i;
++ struct addrinfo *res, *res0, hints;
++ char * failed_call = NULL;
++ int s;
++ int e;
+
+ if (!ssl_sock_init()) return(0);
+
+- memset((char *)&them,0,sizeof(them));
+- them.sin_family=AF_INET;
+- them.sin_port=htons((unsigned short)port);
+- addr=(unsigned long)
+- ((unsigned long)ip[0]<<24L)|
+- ((unsigned long)ip[1]<<16L)|
+- ((unsigned long)ip[2]<< 8L)|
+- ((unsigned long)ip[3]);
+- them.sin_addr.s_addr=htonl(addr);
+-
+- if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+- else /* ( type == SOCK_DGRAM) */
+- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+-
+- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++ memset(&hints, '\0', sizeof(hints));
++ hints.ai_socktype = type;
++ hints.ai_flags = AI_ADDRCONFIG;
++
++ e = getaddrinfo(host, port, &hints, &res);
++ if (e)
++ {
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++ if (e == EAI_SYSTEM)
++ perror("getaddrinfo");
++ return (0);
++ }
+
++ res0 = res;
++ while (res)
++ {
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ if (s == INVALID_SOCKET)
++ {
++ failed_call = "socket";
++ goto nextres;
++ }
+ #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+ if (type == SOCK_STREAM)
+ {
+- i=0;
+- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+- if (i < 0) { perror("keepalive"); return(0); }
++ int i=0;
++ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
++ (char *)&i,sizeof(i));
++ if (i < 0) {
++ failed_call = "keepalive";
++ goto nextres;
++ }
+ }
+ #endif
+-
+- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+- { closesocket(s); perror("connect"); return(0); }
++ if (connect(s,(struct sockaddr *)res->ai_addr,
++ res->ai_addrlen) == 0)
++ {
++ freeaddrinfo(res0);
+ *sock=s;
+ return(1);
+ }
+
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
++ failed_call = "socket";
++nextres:
++ if (s != INVALID_SOCKET)
++ close(s);
++ res = res->ai_next;
++ }
++ freeaddrinfo(res0);
++
++ perror(failed_call);
++ return(0);
++ }
++
++int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ {
+ int sock;
+ char *name = NULL;
+@@ -323,33 +333,38 @@ int do_server(int port, int type, int *r
+ }
+ }
+
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server(int *sock, char *port, int type)
+ {
+- int ret=0;
+- struct sockaddr_in server;
+- int s= -1,i;
++ struct addrinfo *res, *res0, hints;
++ char * failed_call = NULL;
++ char port_name[8];
++ int s;
++ int e;
+
+ if (!ssl_sock_init()) return(0);
+
+- memset((char *)&server,0,sizeof(server));
+- server.sin_family=AF_INET;
+- server.sin_port=htons((unsigned short)port);
+- if (ip == NULL)
+- server.sin_addr.s_addr=INADDR_ANY;
+- else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-#ifndef BIT_FIELD_LIMITS
+- memcpy(&server.sin_addr.s_addr,ip,4);
+-#else
+- memcpy(&server.sin_addr,ip,4);
+-#endif
++ memset(&hints, '\0', sizeof(hints));
++ hints.ai_socktype = type;
++ hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+
+- if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+- else /* type == SOCK_DGRAM */
+- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
++ e = getaddrinfo(NULL, port, &hints, &res);
++ if (e)
++ {
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++ if (e == EAI_SYSTEM)
++ perror("getaddrinfo");
++ return (0);
++ }
+
+- if (s == INVALID_SOCKET) goto err;
++ res0 = res;
++ while (res)
++ {
++ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++ if (s == INVALID_SOCKET)
++ {
++ failed_call = "socket";
++ goto nextres;
++ }
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
+ (void *) &j, sizeof j);
+ }
+ #endif
+- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
++
++ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
+ {
+-#ifndef OPENSSL_SYS_WINDOWS
+- perror("bind");
+-#endif
+- goto err;
++ failed_call = "bind";
++ goto nextres;
+ }
+- /* Make it 128 for linux */
+- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+- i=0;
+- *sock=s;
+- ret=1;
+-err:
+- if ((ret == 0) && (s != -1))
++ if (type==SOCK_STREAM && listen(s,128) == -1)
+ {
+- SHUTDOWN(s);
++ failed_call = "listen";
++ goto nextres;
+ }
+- return(ret);
++
++ *sock=s;
++ return(1);
++
++nextres:
++ if (s != INVALID_SOCKET)
++ close(s);
++ res = res->ai_next;
+ }
++ freeaddrinfo(res0);
+
+-static int init_server(int *sock, int port, int type)
+- {
+- return(init_server_long(sock, port, NULL, type));
++ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++
++ perror(failed_call);
++ return(0);
+ }
+
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+- int ret,i;
+- struct hostent *h1,*h2;
+- static struct sockaddr_in from;
++ static struct sockaddr_storage from;
++ char buffer[NI_MAXHOST];
++ int ret;
+ int len;
+ /* struct linger ling; */
+
+@@ -432,136 +450,58 @@ redoit:
+ */
+
+ if (host == NULL) goto end;
+-#ifndef BIT_FIELD_LIMITS
+- /* I should use WSAAsyncGetHostByName() under windows */
+- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+- sizeof(from.sin_addr.s_addr),AF_INET);
+-#else
+- h1=gethostbyaddr((char *)&from.sin_addr,
+- sizeof(struct in_addr),AF_INET);
+-#endif
+- if (h1 == NULL)
++
++ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
++ buffer, sizeof(buffer),
++ NULL, 0, 0))
+ {
+- BIO_printf(bio_err,"bad gethostbyaddr\n");
++ BIO_printf(bio_err,"getnameinfo failed\n");
+ *host=NULL;
+ /* return(0); */
+ }
+ else
+ {
+- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
++ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ {
+ perror("OPENSSL_malloc");
+ return(0);
+ }
+- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+-
+- h2=GetHostByName(*host);
+- if (h2 == NULL)
+- {
+- BIO_printf(bio_err,"gethostbyname failure\n");
+- return(0);
+- }
+- i=0;
+- if (h2->h_addrtype != AF_INET)
+- {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+- return(0);
+- }
++ strcpy(*host, buffer);
+ }
+ end:
+ *sock=ret;
+ return(1);
+ }
+
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+- short *port_ptr)
++int extract_host_port(char *str, char **host_ptr,
++ char **port_ptr)
+ {
+- char *h,*p;
++ char *h,*p,*x;
+
+- h=str;
+- p=strchr(str,':');
++ x=h=str;
++ if (*h == '[')
++ {
++ h++;
++ p=strchr(h,']');
+ if (p == NULL)
+ {
+- BIO_printf(bio_err,"no port defined\n");
++ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
+ return(0);
+ }
+ *(p++)='\0';
+-
+- if ((ip != NULL) && !host_ip(str,ip))
+- goto err;
+- if (host_ptr != NULL) *host_ptr=h;
+-
+- if (!extract_port(p,port_ptr))
+- goto err;
+- return(1);
+-err:
+- return(0);
++ x = p;
+ }
+-
+-static int host_ip(char *str, unsigned char ip[4])
+- {
+- unsigned int in[4];
+- int i;
+-
+- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+- {
+- for (i=0; i<4; i++)
+- if (in[i] > 255)
+- {
+- BIO_printf(bio_err,"invalid IP address\n");
+- goto err;
+- }
+- ip[0]=in[0];
+- ip[1]=in[1];
+- ip[2]=in[2];
+- ip[3]=in[3];
+- }
+- else
+- { /* do a gethostbyname */
+- struct hostent *he;
+-
+- if (!ssl_sock_init()) return(0);
+-
+- he=GetHostByName(str);
+- if (he == NULL)
+- {
+- BIO_printf(bio_err,"gethostbyname failure\n");
+- goto err;
+- }
+- /* cast to short because of win16 winsock definition */
+- if ((short)he->h_addrtype != AF_INET)
++ p=strchr(x,':');
++ if (p == NULL)
+ {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+- return(0);
+- }
+- ip[0]=he->h_addr_list[0][0];
+- ip[1]=he->h_addr_list[0][1];
+- ip[2]=he->h_addr_list[0][2];
+- ip[3]=he->h_addr_list[0][3];
+- }
+- return(1);
+-err:
++ BIO_printf(bio_err,"no port defined\n");
+ return(0);
+ }
++ *(p++)='\0';
+
+-int extract_port(char *str, short *port_ptr)
+- {
+- int i;
+- struct servent *s;
++ if (host_ptr != NULL) *host_ptr=h;
++ if (port_ptr != NULL) *port_ptr=p;
+
+- i=atoi(str);
+- if (i != 0)
+- *port_ptr=(unsigned short)i;
+- else
+- {
+- s=getservbyname(str,"tcp");
+- if (s == NULL)
+- {
+- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+- return(0);
+- }
+- *port_ptr=ntohs((unsigned short)s->s_port);
+- }
+ return(1);
+ }
+
diff --git a/openssl.spec b/openssl.spec
index 7ccec34..d6eb67b 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0
-Release: 0.20.%{beta}%{?dist}
+Release: 0.21.%{beta}%{?dist}
# We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below.
Source: openssl-%{version}-%{beta}-usa.tar.bz2
@@ -50,7 +50,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-1.0.0-beta5-cipher-change.patch
-Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
+Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
Patch40: openssl-1.0.0-beta5-fips.patch
Patch41: openssl-1.0.0-beta3-fipscheck.patch
Patch43: openssl-1.0.0-beta3-fipsmode.patch
@@ -62,6 +62,7 @@ Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
Patch51: openssl-1.0.0-beta5-version.patch
Patch52: openssl-1.0.0-beta4-aesni.patch
# Backported fixes including security fixes
+Patch53: openssl-1.0.0-beta5-cleanse.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -140,6 +141,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version
%patch52 -p1 -b .aesni
+%patch53 -p1 -b .cleanse
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -385,6 +387,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Fri Feb 12 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.21.beta5
+- gracefully handle zero length in assembler implementations of
+ OPENSSL_cleanse (#564029)
+- do not fail in s_server if client hostname not resolvable (#561260)
+
* Wed Jan 20 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.20.beta5
- new upstream release
reply other threads:[~2026-06-09 12:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100892480.1.6563927397929959899.rpms-openssl-bffe20438c4a@fedoraproject.org \
--to=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox