From mdtancsa@verify1.sentex.ca  Mon Sep 26 13:59:49 2005
Return-Path: <mdtancsa@verify1.sentex.ca>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE98E16A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Sep 2005 13:59:49 +0000 (GMT)
	(envelope-from mdtancsa@verify1.sentex.ca)
Received: from verify1.sentex.ca (verify1.sentex.ca [64.7.153.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5C8E643D48
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Sep 2005 13:59:48 +0000 (GMT)
	(envelope-from mdtancsa@verify1.sentex.ca)
Received: from verify1.sentex.ca (localhost.sentex.ca [127.0.0.1])
	by verify1.sentex.ca (8.13.4/8.13.4) with ESMTP id j8QDxo0V092342
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Sep 2005 09:59:50 -0400 (EDT)
	(envelope-from mdtancsa@verify1.sentex.ca)
Received: (from mdtancsa@localhost)
	by verify1.sentex.ca (8.13.4/8.13.4/Submit) id j8QDxob3092341;
	Mon, 26 Sep 2005 09:59:50 -0400 (EDT)
	(envelope-from mdtancsa)
Message-Id: <200509261359.j8QDxob3092341@verify1.sentex.ca>
Date: Mon, 26 Sep 2005 09:59:50 -0400 (EDT)
From: Mike Tancsa <mike@sentex.net>
Reply-To: Mike Tancsa <mike@sentex.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Bug in OpenSSL Padlock Engine (simple patch attached)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         86598
>Category:       bin
>Synopsis:       [patch] Bug in OpenSSL Padlock Engine
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    simon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 26 14:00:32 GMT 2005
>Closed-Date:    Sun Jul 30 14:07:09 GMT 2006
>Last-Modified:  Sun Jul 30 14:07:09 GMT 2006
>Originator:     Mike Tancsa
>Release:        FreeBSD 6.0-BETA4 i386
>Organization:
Sentex Communications
>Environment:
System: FreeBSD verify1.sentex.ca 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 12 14:22:56 EDT 2005 mdtancsa@verify1.sentex.ca:/usr/obj/usr/src/sys/verify i386


>Description:
There is a bug in the base version of OpenSSL that gets tripped when
using the padlock engine. A full discussion and analysis can be found at 

http://sourceforge.net/mailarchive/message.php?msg_id=11410111

>How-To-Repeat:
The bug gets triggered using openvpn with engine padlock. The issue will
typically show up when transmitting small packets across an openvpn tunnel. 

>Fix:

Simple patch to correct the issue at 

http://cvs.openssl.org/chngview?cn=13061

This is in the openssl cvs so the next version will incorporate the bug fix
	
	--- eng_padlock.c	2005/04/04 17:05:06	1.12
+++ eng_padlock.c	2005/04/14 07:41:29	1.13
@@ -395,10 +395,10 @@
 "	jnc	1f\n"
 "	cmp	%2,%1\n"
 "	je	1f\n"
-"	mov	%2,%0\n"
 "	popfl\n"
 "	sub	$4,%%esp\n"
-"1:	add	$4,%%esp"
+"1:	add	$4,%%esp\n"
+"	mov	%2,%0"
 	:"+m"(padlock_saved_context)
 	: "r"(padlock_saved_context), "r"(cdata) : "cc");
 }
@@ -521,10 +521,10 @@
 		jnc	skip
 		cmp	ecx,padlock_saved_context
 		je	skip
-		mov	padlock_saved_context,ecx
 		popfd
 		sub	esp,4
 	skip:	add	esp,4
+		mov	padlock_saved_context,ecx
 		}
 }



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->nectar 
Responsible-Changed-By: vs 
Responsible-Changed-When: Sat Oct 1 10:41:02 GMT 2005 
Responsible-Changed-Why:  
nectar seems to handle OpenSSL 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86598 
Responsible-Changed-From-To: nectar->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Mar 24 05:48:02 UTC 2006 
Responsible-Changed-Why:  
Reset assignee; nectar is away from FreeBSD work at the moment. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86598 
Responsible-Changed-From-To: freebsd-bugs->simon 
Responsible-Changed-By: simon 
Responsible-Changed-When: Wed Jul 12 15:45:07 UTC 2006 
Responsible-Changed-Why:  
Grab PR - I will have a look at it (but probaly first after the new 
OpenSSL is upgraded in -CURRENT). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86598 

From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/86598: [patch] Bug in OpenSSL Padlock Engine
Date: Mon, 17 Jul 2006 22:05:32 +0200

 Just for the PR database archives:
 
 A more readable version of the mail thread referenced in this PR can
 be found at:
 http://openvpn.net/archive/openvpn-users/2005-04/msg00092.html
 
 -- 
 Simon L. Nielsen
State-Changed-From-To: open->closed 
State-Changed-By: simon 
State-Changed-When: Sun Jul 30 14:04:13 UTC 2006 
State-Changed-Why:  
Fixed in -CURRENT by OpenSSL 0.9.8b import and fixed in RELENG_6 by 
applying the patch from this PR.  Thanks for the submission! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=86598 
>Unformatted:
