On Wed, May 07, 2014 at 12:13:40PM -0400, Ted Unangst wrote:
> On Wed, May 07, 2014 at 13:49, Stuart Henderson wrote:
> > On 2014/05/05 12:38, Ted Unangst wrote:
> >> CVSROOT: /cvs
> >> Module name: src
> >> Changes by: [email protected] 2014/05/05 12:38:42
> >>
> >> Modified files:
> >> lib/libssl/src/crypto/bn: bn_lib.c
> >>
> >> Log message:
> >> inspired by a cloudflare diff, cleanse old memory when expanding a bignum.
> >> however, instead of trying to audit all the places where a secret bignum
> >> is used, apply the big hammer and clear all bignums when freed.
> >> ok deraadt miod
> >>
> >
> > this breaks rsa, backout diff below.
> >
> > openssl openssl genrsa -out some.key 2048
> > openssl req -new -key some.key -out some.csr
> > <fill out the fields>
> > <hangs>
>
> After putting the diff back in, I can't reproduce any trouble. Are you
> sure? I tried both the above tests, and libcrypto and libssl regress.
I see coredumps with openssl req:
Core was generated by `openssl'.
Program terminated with signal 8, Arithmetic exception.
(no debugging symbols found)
Loaded symbols for /usr/obj/usr.sbin/openssl/openssl
Reading symbols from /usr/lib/libssl.so.24.0...done.
Loaded symbols for /usr/lib/libssl.so.24.0
Reading symbols from /usr/lib/libcrypto.so.26.1...done.
Loaded symbols for /usr/lib/libcrypto.so.26.1
Reading symbols from /usr/lib/libc.so.74.2...done.
Loaded symbols for /usr/lib/libc.so.74.2
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 0x00001012ead3ea20 in BN_div (dv=Variable "dv" is not available.
)
at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bn/bn_div.c:297
297 q=bn_div_words(n0,n1,d0);
-Otto
