[Pkg-openssl-changes] r721 - in openssl/branches/1.0.1/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Fri Mar 20 17:43:24 UTC 2015
Author: kroeckx
Date: 2015-03-20 17:43:24 +0000 (Fri, 20 Mar 2015)
New Revision: 721
Added:
openssl/branches/1.0.1/debian/patches/0001-Check-public-key-is-not-NULL.patch
openssl/branches/1.0.1/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
openssl/branches/1.0.1/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
openssl/branches/1.0.1/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
openssl/branches/1.0.1/debian/patches/0001-fix-warning.patch
openssl/branches/1.0.1/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
openssl/branches/1.0.1/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch
openssl/branches/1.0.1/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch
openssl/branches/1.0.1/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
openssl/branches/1.0.1/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch
openssl/branches/1.0.1/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
Modified:
openssl/branches/1.0.1/debian/changelog
openssl/branches/1.0.1/debian/patches/series
Log:
1.0.1k-2
Modified: openssl/branches/1.0.1/debian/changelog
===================================================================
--- openssl/branches/1.0.1/debian/changelog 2015-03-19 18:23:22 UTC (rev 720)
+++ openssl/branches/1.0.1/debian/changelog 2015-03-20 17:43:24 UTC (rev 721)
@@ -1,3 +1,17 @@
+openssl (1.0.1k-2) unstable; urgency=high
+
+ * Fix CVE-2015-0286
+ * Fix CVE-2015-0287
+ * Fix CVE-2015-0289
+ * Fix CVE-2015-0293 (not affected, SSLv2 disabled)
+ * Fix CVE-2015-0209
+ * Fix CVE-2015-0288
+ * Remove export ciphers from DEFAULT.
+ * Make DTLS always act as if read_ahead is set. This fixes a regression
+ introduce by the fix for CVE-2014-3571. (Closes: #775502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 20 Mar 2015 18:24:15 +0100
+
openssl (1.0.1k-1) unstable; urgency=medium
* New upstream version
Added: openssl/branches/1.0.1/debian/patches/0001-Check-public-key-is-not-NULL.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0001-Check-public-key-is-not-NULL.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0001-Check-public-key-is-not-NULL.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,27 @@
+From 51527f1e3564f210e984fe5b654c45d34e4f03d7 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 18 Feb 2015 00:34:59 +0000
+Subject: [PATCH] Check public key is not NULL.
+
+CVE-2015-0288
+PR#3708
+
+Reviewed-by: Matt Caswell <matt at openssl.org>
+(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
+---
+ crypto/x509/x509_req.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: openssl-1.0.1e/crypto/x509/x509_req.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/x509/x509_req.c
++++ openssl-1.0.1e/crypto/x509/x509_req.c
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
+ goto err;
+
+ pktmp = X509_get_pubkey(x);
++ if (pktmp == NULL)
++ goto err;
+ i=X509_REQ_set_pubkey(ret,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i) goto err;
Added: openssl/branches/1.0.1/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,45 @@
+From 89117535f1bb3ea72a17933b703271587d7aaf0b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 9 Feb 2015 11:38:41 +0000
+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman at chromium.org>
+
+CVE-2015-0209
+
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+---
+ crypto/ec/ec_asn1.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1k/crypto/ec/ec_asn1.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/ec/ec_asn1.c
++++ openssl-1.0.1k/crypto/ec/ec_asn1.c
+@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+- if (a)
+- *a = ret;
+ }
+ else
+ ret = *a;
+@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+ }
+
++ if (a)
++ *a = ret;
+ ok = 1;
+ err:
+ if (!ok)
+ {
+- if (ret)
++ if (ret && (a == NULL || *a != ret))
+ EC_KEY_free(ret);
+ ret = NULL;
+ }
Added: openssl/branches/1.0.1/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,28 @@
+From 1895583835239bc44c3f6584e48f0279ad884f3b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 26 Jan 2015 16:47:36 +0000
+Subject: [PATCH] Make DTLS always act as if read_ahead is set. The actual
+ value of read_ahead is ignored for DTLS.
+
+RT#3657
+
+Reviewed-by: Andy Polyakov <appro at openssl.org>
+(cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: openssl-1.0.1e/ssl/s3_pkt.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/s3_pkt.c
++++ openssl-1.0.1e/ssl/s3_pkt.c
+@@ -217,7 +217,8 @@ int ssl3_read_n(SSL *s, int n, int max,
+ return -1;
+ }
+
+- if (!s->read_ahead)
++ /* We always act like read_ahead is set for DTLS */
++ if (!s->read_ahead && !SSL_IS_DTLS(s))
+ /* ignore max parameter */
+ max = n;
+ else
Added: openssl/branches/1.0.1/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,81 @@
+From bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Wed, 4 Mar 2015 21:57:52 +0100
+Subject: [PATCH] Remove export ciphers from the DEFAULT cipher list
+
+They are moved to the COMPLEMENTOFDEFAULT instead.
+This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+(cherry picked from commit f417997a324037025be61737288e40e171a8218c)
+
+Conflicts:
+ ssl/ssl_ciph.c
+---
+ CHANGES | 3 ++-
+ doc/apps/ciphers.pod | 4 ++--
+ ssl/ssl.h | 2 +-
+ ssl/ssl_ciph.c | 11 ++++++++---
+ 4 files changed, 13 insertions(+), 7 deletions(-)
+
+Index: openssl-1.0.1k/doc/apps/ciphers.pod
+===================================================================
+--- openssl-1.0.1k.orig/doc/apps/ciphers.pod
++++ openssl-1.0.1k/doc/apps/ciphers.pod
+@@ -109,8 +109,8 @@ The following is a list of all permitted
+
+ =item B<DEFAULT>
+
+-the default cipher list. This is determined at compile time and, as of OpenSSL
+-1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
++the default cipher list. This is determined at compile time and
++is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
+ specified.
+
+ =item B<COMPLEMENTOFDEFAULT>
+Index: openssl-1.0.1k/ssl/ssl.h
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl.h
++++ openssl-1.0.1k/ssl/ssl.h
+@@ -332,7 +332,7 @@ extern "C" {
+ /* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
++#define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
+ /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites!
+Index: openssl-1.0.1k/ssl/ssl_ciph.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl_ciph.c
++++ openssl-1.0.1k/ssl/ssl_ciph.c
+@@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]
+ {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
+
+ /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
+- {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
++ {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, SSL_EXP_MASK, 0, 0, 0},
+
+ /* key exchange aliases
+ * (some of those using only a single bit here combine
+@@ -980,6 +980,10 @@ static void ssl_cipher_apply_rule(unsign
+ fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
+ #endif
+
++ if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
++ goto ok;
++ if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
++ goto ok;
+ if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+ continue;
+ if (alg_auth && !(alg_auth & cp->algorithm_auth))
+@@ -996,6 +1000,8 @@ static void ssl_cipher_apply_rule(unsign
+ continue;
+ }
+
++ ok:
++
+ #ifdef CIPHER_DEBUG
+ fprintf(stderr, "Action = %d\n", rule);
+ #endif
Added: openssl/branches/1.0.1/debian/patches/0001-fix-warning.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0001-fix-warning.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0001-fix-warning.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,29 @@
+From a67303954caa923e8bf2f2bdf04882e9cbc45cc1 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Sun, 8 Mar 2015 17:31:48 +0000
+Subject: [PATCH 1/6] fix warning
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+(cherry picked from commit d6ca1cee8b6efac5906ac66443d1ca67fe689ff8)
+---
+ ssl/ssl_locl.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1e/ssl/ssl_locl.h
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl_locl.h
++++ openssl-1.0.1e/ssl/ssl_locl.h
+@@ -346,10 +346,10 @@
+ #define SSL_AEAD 0x00000040L
+
+ /* Bits for algorithm_ssl (protocol version) */
+-#define SSL_SSLV2 0x00000001L
+-#define SSL_SSLV3 0x00000002L
++#define SSL_SSLV2 0x00000001UL
++#define SSL_SSLV3 0x00000002UL
+ #define SSL_TLSV1 SSL_SSLV3 /* for now */
+-#define SSL_TLSV1_2 0x00000004L
++#define SSL_TLSV1_2 0x00000004UL
+
+
+ /* Bits for algorithm2 (handshake digests and other extra flags) */
Added: openssl/branches/1.0.1/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,58 @@
+From a9f34a7aac5fd89f33a34fb71e954b85fbf35875 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 23 Feb 2015 02:32:44 +0000
+Subject: [PATCH 2/6] Free up ADB and CHOICE if already initialised.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2015-0287
+
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+---
+ crypto/asn1/tasn_dec.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1e/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1e/crypto/asn1/tasn_dec.c
+@@ -317,9 +317,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it))
+- {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+@@ -413,6 +420,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
Added: openssl/branches/1.0.1/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0003-Free-up-passed-ASN.1-structure-if-reused.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,75 @@
+From 1a87b757b9f755f687492f6b9f685be8e0cd82b0 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 23 Feb 2015 12:57:50 +0000
+Subject: [PATCH 3/6] Free up passed ASN.1 structure if reused.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change the "reuse" behaviour in ASN1_item_d2i: if successful the old
+structure is freed and a pointer to the new one used. If it is not
+successful then the passed structure is untouched.
+
+Exception made for primitive types so ssl_asn1.c still works.
+
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+---
+ crypto/asn1/tasn_dec.c | 14 ++++++++++----
+ doc/crypto/d2i_X509.pod | 9 +++++++--
+ 2 files changed, 17 insertions(+), 6 deletions(-)
+
+Index: openssl-1.0.1e/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1e/crypto/asn1/tasn_dec.c
+@@ -130,11 +130,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **p
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+- if (!pval)
+- pval = &ptmpval;
+ asn1_tlc_clear_nc(&c);
+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+- return *pval;
++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++ ptmpval = *pval;
++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++ if (*pval)
++ ASN1_item_free(*pval, it);
++ *pval = ptmpval;
++ }
++ return ptmpval;
++ }
+ return NULL;
+ }
+
+Index: openssl-1.0.1e/doc/crypto/d2i_X509.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/crypto/d2i_X509.pod
++++ openssl-1.0.1e/doc/crypto/d2i_X509.pod
+@@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -210,7 +216,9 @@ always succeed.
+
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>.
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
Added: openssl/branches/1.0.1/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,30 @@
+From ee5a1253285e5c9f406c8b57b0686319b70c07d8 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 9 Mar 2015 23:11:45 +0000
+Subject: [PATCH 4/6] Fix ASN1_TYPE_cmp
+
+Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
+can be triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+CVE-2015-0286
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/a_type.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: openssl-1.0.1e/crypto/asn1/a_type.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/a_type.c
++++ openssl-1.0.1e/crypto/asn1/a_type.c
+@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
Added: openssl/branches/1.0.1/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,195 @@
+From d3d52c73544bba800c2a8f5ef3376358158cf2ca Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Fri, 27 Feb 2015 16:52:23 +0100
+Subject: [PATCH 5/6] PKCS#7: avoid NULL pointer dereferences with missing
+ content
+
+In PKCS#7, the ASN.1 content component is optional.
+This typically applies to inner content (detached signatures),
+however we must also handle unexpected missing outer content
+correctly.
+
+This patch only addresses functions reachable from parsing,
+decryption and verification, and functions otherwise associated
+with reading potentially untrusted data.
+
+Correcting all low-level API calls requires further work.
+
+CVE-2015-0289
+
+Thanks to Michal Zalewski (Google) for reporting this issue.
+
+Reviewed-by: Steve Henson <steve at openssl.org>
+---
+ crypto/pkcs7/pk7_doit.c | 87 +++++++++++++++++++++++++++++++++++++++++--------
+ crypto/pkcs7/pk7_lib.c | 3 ++
+ 2 files changed, 76 insertions(+), 14 deletions(-)
+
+Index: openssl-1.0.1e/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.1e/crypto/pkcs7/pk7_doit.c
+@@ -272,6 +272,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ PKCS7_RECIP_INFO *ri=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -433,6 +452,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ unsigned char *ek = NULL, *tkey = NULL;
+ int eklen = 0, tkeylen = 0;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -747,6 +776,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+@@ -791,6 +830,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ /* If detached data then the content is excluded */
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -801,6 +841,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -873,24 +914,31 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ }
+
+- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
+- {
+- char *cont;
+- long contlen;
+- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+- if (btmp == NULL)
+- {
+- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+- goto err;
+- }
+- contlen = BIO_get_mem_data(btmp, &cont);
+- /* Mark the BIO read only then we can use its copy of the data
+- * instead of making an extra copy.
+- */
+- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+- BIO_set_mem_eof_return(btmp, 0);
+- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+- }
++ if (!PKCS7_is_detached(p7)) {
++ /*
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ * digested data support is broken.
++ */
++ if (os == NULL)
++ goto err;
++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
++ char *cont;
++ long contlen;
++ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++ if (btmp == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++ goto err;
++ }
++ contlen = BIO_get_mem_data(btmp, &cont);
++ /*
++ * Mark the BIO read only then we can use its copy of the data
++ * instead of making an extra copy.
++ */
++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++ BIO_set_mem_eof_return(btmp, 0);
++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++ }
++ }
+ ret=1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx_tmp);
+@@ -965,6 +1013,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7))
+ {
+ cert=p7->d.sign->cert;
+Index: openssl-1.0.1e/crypto/pkcs7/pk7_lib.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.1e/crypto/pkcs7/pk7_lib.c
+@@ -71,6 +71,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long
+
+ switch (cmd)
+ {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed)
+ {
+@@ -459,6 +460,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7))
+ {
+ return(p7->d.sign->signer_info);
Added: openssl/branches/1.0.1/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,130 @@
+From a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2 Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Wed, 4 Mar 2015 09:05:02 -0800
+Subject: [PATCH 6/6] Fix reachable assert in SSLv2 servers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This assert is reachable for servers that support SSLv2 and export ciphers.
+Therefore, such servers can be DoSed by sending a specially crafted
+SSLv2 CLIENT-MASTER-KEY.
+
+Also fix s2_srvr.c to error out early if the key lengths are malformed.
+These lengths are sent unencrypted, so this does not introduce an oracle.
+
+CVE-2015-0293
+
+This issue was discovered by Sean Burford (Google) and Emilia Käsper of
+the OpenSSL development team.
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+---
+ ssl/s2_lib.c | 2 +-
+ ssl/s2_srvr.c | 57 +++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 46 insertions(+), 13 deletions(-)
+
+Index: openssl-1.0.1e/ssl/s2_lib.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/s2_lib.c
++++ openssl-1.0.1e/ssl/s2_lib.c
+@@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s)
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ EVP_DigestUpdate(&ctx,&c,1);
+ c++;
+Index: openssl-1.0.1e/ssl/s2_srvr.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/s2_srvr.c
++++ openssl-1.0.1e/ssl/s2_srvr.c
+@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ return(-1);
+ }
+- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+
+ is_export=SSL_C_IS_EXPORT(s->session->cipher);
+
+@@ -467,21 +464,60 @@ static int get_client_master_key(SSL *s)
+ else
+ ek=5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ #if 1
+ /* If a bad decrypt, continue with protocol but with a
+ * random master secret (Bleichenbacher attack) */
+- if ((i < 0) ||
+- ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+- (unsigned int)EVP_CIPHER_key_length(c))))))
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ {
+ ERR_clear_error();
+ if (is_export)
+ i=ek;
+ else
+ i=EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p,i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ #else
+@@ -505,7 +541,8 @@ static int get_client_master_key(SSL *s)
+ }
+ #endif
+
+- if (is_export) i+=s->s2->tmp.clear;
++ if (is_export)
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
Added: openssl/branches/1.0.1/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
===================================================================
--- openssl/branches/1.0.1/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch (rev 0)
+++ openssl/branches/1.0.1/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch 2015-03-20 17:43:24 UTC (rev 721)
@@ -0,0 +1,73 @@
+From a4517be9e348634ac64f9cf093131e13e8c03e38 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 19 Mar 2015 10:16:32 +0000
+Subject: [PATCH 08/12] Fix a failure to NULL a pointer freed on error.
+
+Reported by the LibreSSL project as a follow on to CVE-2015-0209
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/x_x509.c | 12 +++++++++++-
+ crypto/ec/ec_asn1.c | 7 +++++--
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1e/crypto/asn1/x_x509.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/x_x509.c 2013-02-11 15:26:04.000000000 +0000
++++ openssl-1.0.1e/crypto/asn1/x_x509.c 2015-03-19 18:07:02.689136145 +0000
+@@ -170,8 +170,14 @@
+ {
+ const unsigned char *q;
+ X509 *ret;
++ int freeret = 0;
++
+ /* Save start position */
+ q = *pp;
++
++ if(!a || *a == NULL) {
++ freeret = 1;
++ }
+ ret = d2i_X509(a, pp, length);
+ /* If certificate unreadable then forget it */
+ if(!ret) return NULL;
+@@ -181,7 +187,11 @@
+ if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+ return ret;
+ err:
+- X509_free(ret);
++ if(freeret) {
++ X509_free(ret);
++ if (a)
++ *a = NULL;
++ }
+ return NULL;
+ }
+
+Index: openssl-1.0.1e/crypto/ec/ec_asn1.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/ec/ec_asn1.c 2015-03-19 18:06:21.000000000 +0000
++++ openssl-1.0.1e/crypto/ec/ec_asn1.c 2015-03-19 18:09:11.394282947 +0000
+@@ -1358,8 +1358,6 @@
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+- if (a)
+- *a = ret;
+ }
+ else
+ ret = *a;
+@@ -1367,9 +1365,14 @@
+ if (!d2i_ECPKParameters(&ret->group, in, len))
+ {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
++ if (a == NULL || *a != ret)
++ EC_KEY_free(ret);
+ return NULL;
+ }
+
++ if (a)
++ *a = ret;
++
+ return ret;
+ }
+
Modified: openssl/branches/1.0.1/debian/patches/series
===================================================================
--- openssl/branches/1.0.1/debian/patches/series 2015-03-19 18:23:22 UTC (rev 720)
+++ openssl/branches/1.0.1/debian/patches/series 2015-03-20 17:43:24 UTC (rev 721)
@@ -19,4 +19,14 @@
defaults.patch
openssl_fix_for_x32.patch
ppc64el.patch
-
+0006-Fix-reachable-assert-in-SSLv2-servers.patch
+0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
+0004-Fix-ASN1_TYPE_cmp.patch
+0003-Free-up-passed-ASN.1-structure-if-reused.patch
+0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
+0001-fix-warning.patch
+0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
+0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
+0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+0001-Check-public-key-is-not-NULL.patch
+0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
More information about the Pkg-openssl-changes
mailing list