[Pkg-openssl-changes] r522 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Sat Jan 14 21:21:00 UTC 2012
Author: kroeckx
Date: 2012-01-14 21:21:00 +0000 (Sat, 14 Jan 2012)
New Revision: 522
Added:
openssl/branches/squeeze/debian/patches/CVE-2011-1945.patch
openssl/branches/squeeze/debian/patches/CVE-2011-3210.patch
openssl/branches/squeeze/debian/patches/block_digicert_malaysia.patch
openssl/branches/squeeze/debian/patches/block_diginotar.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
Add old uploads by security team
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2012-01-12 18:17:11 UTC (rev 521)
+++ openssl/branches/squeeze/debian/changelog 2012-01-14 21:21:00 UTC (rev 522)
@@ -1,3 +1,27 @@
+openssl (0.9.8o-4squeeze4) squeeze-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
+ as revoked.
+
+ -- Raphael Geissert <geissert at debian.org> Sun, 06 Nov 2011 11:24:18 -0600
+
+openssl (0.9.8o-4squeeze3) squeeze; urgency=low
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2011-3210: SSL memory handling for (EC)DH ciphersuites
+
+ -- Raphael Geissert <geissert at debian.org> Sat, 24 Sep 2011 18:57:14 -0500
+
+openssl (0.9.8o-4squeeze2) squeeze-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Block DigiNotar certificates
+ * Fix CVE-2011-1945: timing attacks against ECDHE_ECDSA makes
+ it easier to determine private keys.
+
+ -- Raphael Geissert <geissert at debian.org> Mon, 12 Sep 2011 19:49:18 -0500
+
openssl (0.9.8o-4squeeze1) stable-security; urgency=low
* Fix OCSP stapling parse error (CVE-2011-0014)
Added: openssl/branches/squeeze/debian/patches/CVE-2011-1945.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2011-1945.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2011-1945.patch 2012-01-14 21:21:00 UTC (rev 522)
@@ -0,0 +1,23 @@
+Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes
+ it easier to determine private keys.
+Origin: http://cvs.openssl.org/chngview?cn=20892
+
+Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c
++++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
+@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke
+ }
+ while (BN_is_zero(k));
+
++ /* We do not want timing information to leak the length of k,
++ * so we compute G*k using an equivalent scalar of fixed
++ * bit-length. */
++
++ if (!BN_add(k, k, order)) goto err;
++ if (BN_num_bits(k) <= BN_num_bits(order))
++ if (!BN_add(k, k, order)) goto err;
++
+ /* compute r the x-coordinate of generator * k */
+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
+ {
Added: openssl/branches/squeeze/debian/patches/CVE-2011-3210.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2011-3210.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2011-3210.patch 2012-01-14 21:21:00 UTC (rev 522)
@@ -0,0 +1,98 @@
+Description: Fix SSL memory handling for (EC)DH ciphersuites, in
+ particular for multi-threaded use of ECDH.
+Origin: http://cvs.openssl.org/chngview?cn=21334
+
+Index: openssl-0.9.8o/ssl/s3_lib.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_lib.c
++++ openssl-0.9.8o/ssl/s3_lib.c
+@@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s)
+ }
+ #ifndef OPENSSL_NO_DH
+ if (s->s3->tmp.dh != NULL)
++ {
+ DH_free(s->s3->tmp.dh);
++ s->s3->tmp.dh = NULL;
++ }
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
++ {
+ EC_KEY_free(s->s3->tmp.ecdh);
++ s->s3->tmp.ecdh = NULL;
++ }
+ #endif
+
+ rp = s->s3->rbuf.buf;
+Index: openssl-0.9.8o/ssl/s3_srvr.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_srvr.c
++++ openssl-0.9.8o/ssl/s3_srvr.c
+@@ -710,9 +710,7 @@ int ssl3_check_client_hello(SSL *s)
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+ {
+ /* Throw away what we have done so far in the current handshake,
+- * which will now be aborted. (A full SSL_clear would be too much.)
+- * I hope that tmp.dh is the only thing that may need to be cleared
+- * when a handshake is not completed ... */
++ * which will now be aborted. (A full SSL_clear would be too much.) */
+ #ifndef OPENSSL_NO_DH
+ if (s->s3->tmp.dh != NULL)
+ {
+@@ -720,6 +718,13 @@ int ssl3_check_client_hello(SSL *s)
+ s->s3->tmp.dh = NULL;
+ }
+ #endif
++#ifndef OPENSSL_NO_ECDH
++ if (s->s3->tmp.ecdh != NULL)
++ {
++ EC_KEY_free(s->s3->tmp.ecdh);
++ s->s3->tmp.ecdh = NULL;
++ }
++#endif
+ return 2;
+ }
+ return 1;
+@@ -1329,7 +1334,6 @@ int ssl3_send_server_key_exchange(SSL *s
+
+ if (s->s3->tmp.dh != NULL)
+ {
+- DH_free(dh);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+@@ -1390,7 +1394,6 @@ int ssl3_send_server_key_exchange(SSL *s
+
+ if (s->s3->tmp.ecdh != NULL)
+ {
+- EC_KEY_free(s->s3->tmp.ecdh);
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+@@ -1401,12 +1404,11 @@ int ssl3_send_server_key_exchange(SSL *s
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+- if (!EC_KEY_up_ref(ecdhp))
++ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+ goto err;
+ }
+- ecdh = ecdhp;
+
+ s->s3->tmp.ecdh=ecdh;
+ if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+@@ -2262,6 +2264,12 @@ int ssl3_get_client_key_exchange(SSL *s)
+ /* Get encoded point length */
+ i = *p;
+ p += 1;
++ if (n != 1 + i)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ ERR_R_EC_LIB);
++ goto err;
++ }
+ if (EC_POINT_oct2point(group,
+ clnt_ecpoint, p, i, bn_ctx) == 0)
+ {
Added: openssl/branches/squeeze/debian/patches/block_digicert_malaysia.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/block_digicert_malaysia.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/block_digicert_malaysia.patch 2012-01-14 21:21:00 UTC (rev 522)
@@ -0,0 +1,26 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-06
+
+Index: openssl-0.9.8o/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/x509/x509_vfy.c
++++ openssl-0.9.8o/crypto/x509/x509_vfy.c
+@@ -673,10 +673,11 @@ static int check_ca_blacklist(X509_STORE
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+- /* Mark DigiNotar certificates as revoked, no matter
+- * where in the chain they are.
++ /* Mark certificates containing the following names as
++ * revoked, no matter where in the chain they are.
+ */
+- if (x->name && strstr(x->name, "DigiNotar"))
++ if (x->name && (strstr(x->name, "DigiNotar") ||
++ strstr(x->name, "Digicert Sdn. Bhd.")))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
Added: openssl/branches/squeeze/debian/patches/block_diginotar.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/block_diginotar.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/block_diginotar.patch 2012-01-14 21:21:00 UTC (rev 522)
@@ -0,0 +1,59 @@
+From: Raphael Geissert <geissert at debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2011-09-07
+Bug: http://bugs.debian.org/639744
+
+diff -urpN openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c
+--- openssl-0.9.8o-4squeeze1.orig/crypto/x509/x509_vfy.c 2009-06-26 06:34:21.000000000 -0500
++++ openssl-0.9.8o-4squeeze1/crypto/x509/x509_vfy.c 2011-09-07 21:23:58.000000000 -0500
+@@ -78,6 +78,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+ static int internal_verify(X509_STORE_CTX *ctx);
+ const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
+
+@@ -312,6 +313,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ ok=internal_verify(ctx);
+ if(!ok) goto end;
+
++ ok = check_ca_blacklist(ctx);
++ if(!ok) goto end;
++
+ #ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -661,6 +665,29 @@ static int check_crl_time(X509_STORE_CTX
+ return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++ {
++ X509 *x;
++ int i;
++ /* Check all certificates against the blacklist */
++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++ {
++ x = sk_X509_value(ctx->chain, i);
++ /* Mark DigiNotar certificates as revoked, no matter
++ * where in the chain they are.
++ */
++ if (x->name && strstr(x->name, "DigiNotar"))
++ {
++ ctx->error = X509_V_ERR_CERT_REVOKED;
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ if (!ctx->verify_cb(0,ctx))
++ return 0;
++ }
++ }
++ return 1;
++ }
++
+ /* Lookup CRLs from the supplied list. Look for matching isser name
+ * and validity. If we can't find a valid CRL return the last one
+ * with matching name. This gives more meaningful error codes. Otherwise
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2012-01-12 18:17:11 UTC (rev 521)
+++ openssl/branches/squeeze/debian/patches/series 2012-01-14 21:21:00 UTC (rev 522)
@@ -22,3 +22,7 @@
CVE-2010-3864.patch
CVE-2010-4180.patch
CVE-2011-0014.patch
+block_diginotar.patch
+block_digicert_malaysia.patch
+CVE-2011-1945.patch
+CVE-2011-3210.patch
More information about the Pkg-openssl-changes
mailing list