Changeset 2586

Show
Ignore:
Timestamp:
04/28/12 16:30:16 (14 months ago)
Author:
peter
Message:

upgrade polarssl to 1.1.2

Location:
trunk/pdns/pdns
Files:
12 modified
1 moved

Legend:

Unmodified
Added
Removed

  • trunk/pdns/pdns/Makefile.am

    r2558 r2586  
    1 AM_CXXFLAGS=-DSYSCONFDIR=\"@sysconfdir@\" -DLIBDIR=\"@libdir@\" -DLOCALSTATEDIR=\"@socketdir@\" -Ibackends/bind @THREADFLAGS@ $(LUA_CFLAGS) $(SQLITE3_CFLAGS) -Iext/polarssl-1.1.1/include 
     1AM_CXXFLAGS=-DSYSCONFDIR=\"@sysconfdir@\" -DLIBDIR=\"@libdir@\" -DLOCALSTATEDIR=\"@socketdir@\" -Ibackends/bind @THREADFLAGS@ $(LUA_CFLAGS) $(SQLITE3_CFLAGS) -Iext/polarssl-1.1.2/include 
    22AM_CPPFLAGS=-Ibackends/bind $(BOOST_CPPFLAGS) @THREADFLAGS@ 
    33 
     
    88        bind-dnssec.schema.sqlite3.sql 
    99 
    10 SUBDIRS= ext/polarssl-1.1.1 backends  
     10SUBDIRS= ext/polarssl-1.1.2 backends  
    1111 
    1212BUILT_SOURCES=bind-dnssec.schema.sqlite3.sql.h 
     
    5353# 
    5454pdns_server_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@  $(BOOST_SERIALIZATION_LDFLAGS)  -rdynamic 
    55 pdns_server_LDADD= ext/polarssl-1.1.1/library/libpolarssl.a $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) 
     55pdns_server_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_SERIALIZATION_LIBS) $(LUA_LIBS) $(SQLITE3_LIBS) 
    5656 
    5757 
     
    8888 
    8989pdnssec_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@  $(BOOST_PROGRAM_OPTIONS_LDFLAGS) $(BOOST_SERIALIZATION_LDFLAGS) 
    90 pdnssec_LDADD= ext/polarssl-1.1.1/library/libpolarssl.a $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) 
     90pdnssec_LDADD= ext/polarssl-1.1.2/library/libpolarssl.a $(BOOST_PROGRAM_OPTIONS_LIBS) $(BOOST_SERIALIZATION_LIBS) $(SQLITE3_LIBS) 
    9191 
    9292if BOTAN110 
     
    131131        aes/aestab.c aes/aestab.h aes/brg_endian.h aes/brg_types.h aes/dns_random.cc \ 
    132132        randomhelper.cc dns.cc 
    133 tsig_tests_LDFLAGS= -Lext/polarssl-1.1.1/library         
     133tsig_tests_LDFLAGS= -Lext/polarssl-1.1.2/library         
    134134tsig_tests_LDADD= -lpolarssl 
    135135 

  • trunk/pdns/pdns/backends/bind/Makefile.am

    r2452 r2586  
    3535 
    3636zone2ldap_LDFLAGS=@THREADFLAGS@   
    37 zone2ldap_LDADD= ../../ext/polarssl-1.1.1/library/libpolarssl.a 
     37zone2ldap_LDADD= ../../ext/polarssl-1.1.2/library/libpolarssl.a 
    3838 
    3939zone2sql_LDFLAGS=@THREADFLAGS@   
    40 zone2sql_LDADD= ../../ext/polarssl-1.1.1/library/libpolarssl.a  
     40zone2sql_LDADD= ../../ext/polarssl-1.1.2/library/libpolarssl.a  
    4141 
    4242AM_LFLAGS = -s -i 

  • trunk/pdns/pdns/dnssecinfra.cc

    r2547 r2586  
    1010#include "dnssecinfra.hh"  
    1111#include "dnsseckeeper.hh" 
    12 #include "ext/polarssl-1.1.1/include/polarssl/sha1.h" 
     12#include "ext/polarssl-1.1.2/include/polarssl/sha1.h" 
    1313#include <boost/assign/std/vector.hpp> // for 'operator+=()' 
    1414#include <boost/assign/list_inserter.hpp> 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/ChangeLog

    r2389 r2586  
    11PolarSSL ChangeLog 
     2 
     3= Version 1.1.2 released on 2012-04-26 
     4Bugfix 
     5   * Fixed handling error in mpi_cmp_mpi() on longer B values (found by 
     6     Hui Dong) 
     7 
     8Security 
     9   * Fixed potential memory corruption on miscrafted client messages (found by 
     10     Frama-C team at CEA LIST) 
     11   * Fixed generation of DHM parameters to correct length (found by Ruslan 
     12     Yushchenko) 
    213 
    314= Version 1.1.1 released on 2012-01-23 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/include/polarssl/dhm.h

    r2389 r2586  
    3737#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */ 
    3838#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */ 
    39 #define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Makeing of the public value failed. */ 
     39#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */ 
    4040#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */ 
    4141 
     
    110110 * 
    111111 * \param ctx      DHM context 
    112  * \param x_size   private value size in bits 
     112 * \param x_size   private value size in bytes 
    113113 * \param output   destination buffer 
    114114 * \param olen     must be equal to ctx->P.len 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/include/polarssl/version.h

    r2389 r2586  
    4040#define POLARSSL_VERSION_MAJOR  1 
    4141#define POLARSSL_VERSION_MINOR  1 
    42 #define POLARSSL_VERSION_PATCH  1 
     42#define POLARSSL_VERSION_PATCH  2 
    4343 
    4444/** 
     
    4747 *    Major version | Minor version | Patch version 
    4848 */ 
    49 #define POLARSSL_VERSION_NUMBER         0x01010100 
    50 #define POLARSSL_VERSION_STRING         "1.1.1" 
    51 #define POLARSSL_VERSION_STRING_FULL    "PolarSSL 1.1.1" 
     49#define POLARSSL_VERSION_NUMBER         0x01010200 
     50#define POLARSSL_VERSION_STRING         "1.1.2" 
     51#define POLARSSL_VERSION_STRING_FULL    "PolarSSL 1.1.2" 
    5252 
    5353#if defined(POLARSSL_VERSION_C) 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/library/bignum.c

    r2389 r2586  
    688688 
    689689    if( i > j ) return(  X->s ); 
    690     if( j > i ) return( -X->s ); 
     690    if( j > i ) return( -Y->s ); 
    691691 
    692692    if( X->s > 0 && Y->s < 0 ) return(  1 ); 
     
    18141814         * pick a random A, 1 < A < |X| - 1 
    18151815         */ 
    1816         MPI_CHK( mpi_fill_random( &A, X->n, f_rng, p_rng ) ); 
     1816        MPI_CHK( mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); 
    18171817 
    18181818        if( mpi_cmp_mpi( &A, &W ) >= 0 ) 
     
    18861886    n = BITS_TO_LIMBS( nbits ); 
    18871887 
    1888     MPI_CHK( mpi_fill_random( X, n, f_rng, p_rng ) ); 
     1888    MPI_CHK( mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); 
    18891889 
    18901890    k = mpi_msb( X ); 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/library/cipher.c

    r2389 r2586  
    246246        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA; 
    247247 
    248     memset( ctx, 0, sizeof( ctx ) ); 
     248    memset( ctx, 0, sizeof( cipher_context_t ) ); 
    249249 
    250250    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/library/dhm.c

    r2389 r2586  
    6262 
    6363/* 
    64  * Verify sanity of public parameter with regards to P 
    65  * 
    66  * Public parameter should be: 2 <= public_param <= P - 2 
     64 * Verify sanity of parameter with regards to P 
     65 * 
     66 * Parameter should be: 2 <= public_param <= P - 2 
    6767 * 
    6868 * For more information on the attack, see: 
     
    7070 *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643 
    7171 */ 
    72 static int dhm_check_range( const mpi *public_param, const mpi *P ) 
     72static int dhm_check_range( const mpi *param, const mpi *P ) 
    7373{ 
    7474    mpi L, U; 
     
    7979    mpi_sub_int( &U, P, 2 ); 
    8080 
    81     if( mpi_cmp_mpi( public_param, &L ) >= 0 && 
    82         mpi_cmp_mpi( public_param, &U ) <= 0 ) 
     81    if( mpi_cmp_mpi( param, &L ) >= 0 && 
     82        mpi_cmp_mpi( param, &U ) <= 0 ) 
    8383    { 
    8484        ret = 0; 
     
    131131                     void *p_rng ) 
    132132{ 
    133     int ret, n; 
     133    int ret, count = 0; 
    134134    size_t n1, n2, n3; 
    135135    unsigned char *p; 
     
    138138     * Generate X as large as possible ( < P ) 
    139139     */ 
    140     n = x_size / sizeof( t_uint ) + 1; 
    141  
    142     mpi_fill_random( &ctx->X, n, f_rng, p_rng ); 
    143  
    144     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) 
    145            mpi_shift_r( &ctx->X, 1 ); 
     140    do 
     141    { 
     142        mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); 
     143 
     144        while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) 
     145            mpi_shift_r( &ctx->X, 1 ); 
     146 
     147        if( count++ > 10 ) 
     148            return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED ); 
     149    } 
     150    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 ); 
    146151 
    147152    /* 
     
    208213                     void *p_rng ) 
    209214{ 
    210     int ret, n; 
     215    int ret, count = 0; 
    211216 
    212217    if( ctx == NULL || olen < 1 || olen > ctx->len ) 
     
    216221     * generate X and calculate GX = G^X mod P 
    217222     */ 
    218     n = x_size / sizeof( t_uint ) + 1; 
    219  
    220     mpi_fill_random( &ctx->X, n, f_rng, p_rng ); 
    221  
    222     while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) 
    223            mpi_shift_r( &ctx->X, 1 ); 
     223    do 
     224    { 
     225        mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); 
     226 
     227        while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) 
     228            mpi_shift_r( &ctx->X, 1 ); 
     229 
     230        if( count++ > 10 ) 
     231            return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED ); 
     232    } 
     233    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 ); 
    224234 
    225235    MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/library/md.c

    r2389 r2586  
    153153int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) 
    154154{ 
    155     if( md_info == NULL ) 
    156         return POLARSSL_ERR_MD_BAD_INPUT_DATA; 
    157  
    158     if( ctx == NULL || ctx->md_ctx != NULL ) 
    159         return POLARSSL_ERR_MD_BAD_INPUT_DATA; 
     155    if( md_info == NULL || ctx == NULL ) 
     156        return POLARSSL_ERR_MD_BAD_INPUT_DATA; 
     157 
     158    memset( ctx, 0, sizeof( md_context_t ) ); 
    160159 
    161160    if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) 

  • trunk/pdns/pdns/ext/polarssl-1.1.2/library/ssl_tls.c

    r2389 r2586  
    786786     * Always compute the MAC (RFC4346, CBCTIME). 
    787787     */ 
     788    if( ssl->in_msglen <= ssl->maclen + padlen ) 
     789    { 
     790        SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", 
     791                    ssl->in_msglen, ssl->maclen, padlen ) ); 
     792        return( POLARSSL_ERR_SSL_INVALID_MAC ); 
     793    } 
     794 
    788795    ssl->in_msglen -= ( ssl->maclen + padlen ); 
    789796 

  • trunk/pdns/pdns/polarrsakeyinfra.cc

    r2396 r2586  
    1 #include "ext/polarssl-1.1.1/include/polarssl/rsa.h" 
    2 #include "ext/polarssl-1.1.1/include/polarssl/base64.h" 
    3 #include "ext/polarssl-1.1.1/include/polarssl/sha1.h" 
    4 #include "ext/polarssl-1.1.1/include/polarssl/sha2.h" 
    5 #include "ext/polarssl-1.1.1/include/polarssl/sha4.h" 
    6 #include "ext/polarssl-1.1.1/include/polarssl/havege.h" 
     1#include "ext/polarssl-1.1.2/include/polarssl/rsa.h" 
     2#include "ext/polarssl-1.1.2/include/polarssl/base64.h" 
     3#include "ext/polarssl-1.1.2/include/polarssl/sha1.h" 
     4#include "ext/polarssl-1.1.2/include/polarssl/sha2.h" 
     5#include "ext/polarssl-1.1.2/include/polarssl/sha4.h" 
     6#include "ext/polarssl-1.1.2/include/polarssl/havege.h" 
    77#include <boost/assign/std/vector.hpp> // for 'operator+=()' 
    88#include <boost/foreach.hpp>