[Pkg-openssl-changes] r532 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Tue Mar 13 20:49:37 UTC 2012
Author: kroeckx
Date: 2012-03-13 20:49:37 +0000 (Tue, 13 Mar 2012)
New Revision: 532
Added:
openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/CVE-2011-4619.patch
openssl/branches/squeeze/debian/patches/series
Log:
* Fix CVE-2012-0884
* Updated patch for CVE-2011-4619
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2012-03-13 20:28:41 UTC (rev 531)
+++ openssl/branches/squeeze/debian/changelog 2012-03-13 20:49:37 UTC (rev 532)
@@ -1,3 +1,10 @@
+openssl (0.9.8o-4squeeze8) squeeze-security; urgency=low
+
+ * Fix CVE-2012-0884
+ * Updated patch for CVE-2011-4619
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 13 Mar 2012 21:47:38 +0100
+
openssl (0.9.8o-4squeeze7) squeeze-security; urgency=low
* Re-upload with new version number.
Modified: openssl/branches/squeeze/debian/patches/CVE-2011-4619.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2011-4619.patch 2012-03-13 20:28:41 UTC (rev 531)
+++ openssl/branches/squeeze/debian/patches/CVE-2011-4619.patch 2012-03-13 20:49:37 UTC (rev 532)
@@ -1,8 +1,8 @@
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index 4850a9a..f610212 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -235,6 +235,7 @@ int ssl3_accept(SSL *s)
+Index: openssl-0.9.8o/ssl/s3_srvr.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_srvr.c 2012-03-13 21:44:39.000000000 +0100
++++ openssl-0.9.8o/ssl/s3_srvr.c 2012-03-13 21:44:42.000000000 +0100
+@@ -235,6 +235,7 @@
}
s->init_num=0;
@@ -10,22 +10,21 @@
if (s->state != SSL_ST_RENEGOTIATE)
{
-@@ -697,6 +698,14 @@ int ssl3_check_client_hello(SSL *s)
- int ok;
- long n;
-
-+ /* We only allow the client to restart the handshake once per
-+ * negotiation. */
-+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-+ {
-+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
-+ return -1;
-+ }
-+
- /* this function is called when we really expect a Certificate message,
- * so permit appropriate message length */
- n=s->method->ssl_get_message(s,
-@@ -725,6 +734,7 @@ int ssl3_check_client_hello(SSL *s)
+@@ -709,6 +710,13 @@
+ s->s3->tmp.reuse_message = 1;
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+ {
++ /* We only allow the client to restart the handshake once per
++ * negotiation. */
++ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
++ {
++ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
++ return -1;
++ }
+ /* Throw away what we have done so far in the current handshake,
+ * which will now be aborted. (A full SSL_clear would be too much.) */
+ #ifndef OPENSSL_NO_DH
+@@ -725,6 +733,7 @@
s->s3->tmp.ecdh = NULL;
}
#endif
@@ -33,11 +32,11 @@
return 2;
}
return 1;
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 7d4e46e..590a369 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void);
+Index: openssl-0.9.8o/ssl/ssl.h
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl.h 2012-03-13 21:44:39.000000000 +0100
++++ openssl-0.9.8o/ssl/ssl.h 2012-03-13 21:44:42.000000000 +0100
+@@ -1739,6 +1739,7 @@
#define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
@@ -45,7 +44,7 @@
#define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_CONNECT 132
#define SSL_F_SSL3_CTRL 213
-@@ -1974,6 +1975,7 @@ void ERR_load_SSL_strings(void);
+@@ -1974,6 +1975,7 @@
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
@@ -53,11 +52,11 @@
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index 2f579c2..b9a85ef 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -333,6 +333,17 @@ typedef struct ssl3_buffer_st
+Index: openssl-0.9.8o/ssl/ssl3.h
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl3.h 2012-03-13 21:44:39.000000000 +0100
++++ openssl-0.9.8o/ssl/ssl3.h 2012-03-13 21:44:42.000000000 +0100
+@@ -333,6 +333,17 @@
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
@@ -75,10 +74,10 @@
typedef struct ssl3_state_st
{
-diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
-index 7eb5202..bd52c98 100644
---- a/ssl/ssl_err.c
-+++ b/ssl/ssl_err.c
+Index: openssl-0.9.8o/ssl/ssl_err.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl_err.c 2012-03-13 21:44:39.000000000 +0100
++++ openssl-0.9.8o/ssl/ssl_err.c 2012-03-13 21:44:42.000000000 +0100
@@ -1,6 +1,6 @@
/* ssl/ssl_err.c */
/* ====================================================================
@@ -87,7 +86,7 @@
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
-@@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+@@ -137,6 +137,7 @@
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
@@ -95,7 +94,7 @@
{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
-@@ -375,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
+@@ -375,6 +376,7 @@
{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
Added: openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-0884.patch 2012-03-13 20:49:37 UTC (rev 532)
@@ -0,0 +1,395 @@
+diff --git a/CHANGES b/CHANGES
+index 59de463..a2409ac 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -4,6 +4,17 @@
+
+ Changes between 0.9.8t and 0.9.8u [xx XXX xxxx]
+
++ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
++ in CMS and PKCS7 code. When RSA decryption fails use a random key for
++ content decryption and always return the same error. Note: this attack
++ needs on average 2^20 messages so it only affects automated senders. The
++ old behaviour can be reenabled in the CMS code by setting the
++ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
++ an MMA defence is not necessary.
++ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
++ this issue. (CVE-2012-0884)
++ [Steve Henson]
++
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+diff --git a/apps/cms.c b/apps/cms.c
+index 7407ae1..b8c0ee8 100644
+--- a/apps/cms.c
++++ b/apps/cms.c
+@@ -226,6 +226,8 @@ int MAIN(int argc, char **argv)
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+ #endif
++ else if (!strcmp (*args, "-debug_decrypt"))
++ flags |= CMS_DEBUG_DECRYPT;
+ else if (!strcmp (*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+@@ -1013,6 +1015,8 @@ int MAIN(int argc, char **argv)
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
++ if (flags & CMS_DEBUG_DECRYPT)
++ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+ if (secret_key)
+ {
+diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
+index 25f8874..75e3be0 100644
+--- a/crypto/cms/cms.h
++++ b/crypto/cms/cms.h
+@@ -110,6 +110,7 @@ DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+ #define CMS_PARTIAL 0x4000
+ #define CMS_REUSE_DIGEST 0x8000
+ #define CMS_USE_KEYID 0x10000
++#define CMS_DEBUG_DECRYPT 0x20000
+
+ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+
+diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
+index bab2623..580083b 100644
+--- a/crypto/cms/cms_enc.c
++++ b/crypto/cms/cms_enc.c
+@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+ const EVP_CIPHER *ciph;
+ X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+ unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
++ unsigned char *tkey = NULL;
++ size_t tkeylen;
+
+ int ok = 0;
+
+@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+-
+-
+- if (enc && !ec->key)
++ /* Generate random session key */
++ if (!enc || !ec->key)
+ {
+- /* Generate random key */
+- if (!ec->keylen)
+- ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+- ec->key = OPENSSL_malloc(ec->keylen);
+- if (!ec->key)
++ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
++ tkey = OPENSSL_malloc(tkeylen);
++ if (!tkey)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+- if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
++ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+ goto err;
+- keep_key = 1;
+ }
+- else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
++
++ if (!ec->key)
++ {
++ ec->key = tkey;
++ ec->keylen = tkeylen;
++ tkey = NULL;
++ if (enc)
++ keep_key = 1;
++ else
++ ERR_clear_error();
++
++ }
++
++ if (ec->keylen != tkeylen)
+ {
+ /* If necessary set key length */
+ if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+ {
+- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+- CMS_R_INVALID_KEY_LENGTH);
+- goto err;
++ /* Only reveal failure if debugging so we don't
++ * leak information which may be useful in MMA.
++ */
++ if (ec->debug)
++ {
++ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
++ CMS_R_INVALID_KEY_LENGTH);
++ goto err;
++ }
++ else
++ {
++ /* Use random key */
++ OPENSSL_cleanse(ec->key, ec->keylen);
++ OPENSSL_free(ec->key);
++ ec->key = tkey;
++ ec->keylen = tkeylen;
++ tkey = NULL;
++ ERR_clear_error();
++ }
+ }
+ }
+
+@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ }
++ if (tkey)
++ {
++ OPENSSL_cleanse(tkey, tkeylen);
++ OPENSSL_free(tkey);
++ }
+ if (ok)
+ return b;
+ BIO_free(b);
+diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
+index d499ae8..b8685fa 100644
+--- a/crypto/cms/cms_env.c
++++ b/crypto/cms/cms_env.c
+@@ -352,6 +352,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+ unsigned char *ek = NULL;
+ int eklen;
+ int ret = 0;
++ CMS_EncryptedContentInfo *ec;
++ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ if (ktri->pkey == NULL)
+ {
+@@ -382,8 +384,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+
+ ret = 1;
+
+- cms->d.envelopedData->encryptedContentInfo->key = ek;
+- cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
++ if (ec->key)
++ {
++ OPENSSL_cleanse(ec->key, ec->keylen);
++ OPENSSL_free(ec->key);
++ }
++
++ ec->key = ek;
++ ec->keylen = eklen;
+
+ err:
+ if (!ret && ek)
+diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
+index 7d60fac..ce65d6e 100644
+--- a/crypto/cms/cms_lcl.h
++++ b/crypto/cms/cms_lcl.h
+@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
+ const EVP_CIPHER *cipher;
+ unsigned char *key;
+ size_t keylen;
++ /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
++ int debug;
+ };
+
+ struct CMS_RecipientInfo_st
+diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
+index f35883a..2be07c2 100644
+--- a/crypto/cms/cms_smime.c
++++ b/crypto/cms/cms_smime.c
+@@ -622,7 +622,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
++ int debug = 0;
+ ris = CMS_get0_RecipientInfos(cms);
++ if (ris)
++ debug = cms->d.envelopedData->encryptedContentInfo->debug;
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+@@ -636,17 +639,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+ CMS_RecipientInfo_set0_pkey(ri, pk);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_pkey(ri, NULL);
+- if (r > 0)
+- return 1;
+ if (cert)
+ {
++ /* If not debugging clear any error and
++ * return success to avoid leaking of
++ * information useful to MMA
++ */
++ if (!debug)
++ {
++ ERR_clear_error();
++ return 1;
++ }
++ if (r > 0)
++ return 1;
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+ CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+- ERR_clear_error();
++ /* If no cert and not debugging don't leave loop
++ * after first successful decrypt. Always attempt
++ * to decrypt all recipients to avoid leaking timing
++ * of a successful decrypt.
++ */
++ else if (r > 0 && debug)
++ return 1;
+ }
+ }
++ /* If no cert and not debugging always return success */
++ if (!cert && !debug)
++ {
++ ERR_clear_error();
++ return 1;
++ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+@@ -705,9 +729,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+ }
+ if (!dcont && !check_content(cms))
+ return 0;
++ if (flags & CMS_DEBUG_DECRYPT)
++ cms->d.envelopedData->encryptedContentInfo->debug = 1;
++ else
++ cms->d.envelopedData->encryptedContentInfo->debug = 0;
++ if (!pk && !cert && !dcont && !out)
++ return 1;
+ if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+ return 0;
+-
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
+index c8f1eb1..8b3024e 100644
+--- a/crypto/pkcs7/pk7_doit.c
++++ b/crypto/pkcs7/pk7_doit.c
+@@ -420,6 +420,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+ int max;
+ X509_OBJECT ret;
+ #endif
++ unsigned char *tkey = NULL;
++ int tkeylen;
+ int jj;
+
+ if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+@@ -461,36 +463,42 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+
+ if (pcert == NULL)
+ {
++ /* Temporary storage in case EVP_PKEY_decrypt
++ * overwrites output buffer on error.
++ */
++ unsigned char *tmp2;
++ tmp2 = OPENSSL_malloc(jj);
++ if (!tmp2)
++ goto err;
++ jj = -1;
++ /* Always attempt to decrypt all cases to avoid
++ * leaking timing information about a successful
++ * decrypt.
++ */
+ for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+ {
++ int tret;
+ ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+- jj=EVP_PKEY_decrypt(tmp,
++ tret=EVP_PKEY_decrypt(tmp2,
+ M_ASN1_STRING_data(ri->enc_key),
+ M_ASN1_STRING_length(ri->enc_key),
+ pkey);
+- if (jj > 0)
+- break;
++ if (tret > 0)
++ {
++ memcpy(tmp, tmp2, tret);
++ OPENSSL_cleanse(tmp2, tret);
++ jj = tret;
++ }
+ ERR_clear_error();
+- ri = NULL;
+- }
+- if (ri == NULL)
+- {
+- PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+- PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
+- goto err;
+ }
++ OPENSSL_free(tmp2);
+ }
+ else
+ {
+ jj=EVP_PKEY_decrypt(tmp,
+ M_ASN1_STRING_data(ri->enc_key),
+ M_ASN1_STRING_length(ri->enc_key), pkey);
+- if (jj <= 0)
+- {
+- PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+- ERR_R_EVP_LIB);
+- goto err;
+- }
++ ERR_clear_error();
+ }
+
+ evp_ctx=NULL;
+@@ -499,24 +507,49 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+ goto err;
+ if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+ goto err;
++ /* Generate random key to counter MMA */
++ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
++ tkey = OPENSSL_malloc(tkeylen);
++ if (!tkey)
++ goto err;
++ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
++ goto err;
++ /* If we have no key use random key */
++ if (jj <= 0)
++ {
++ OPENSSL_free(tmp);
++ jj = tkeylen;
++ tmp = tkey;
++ tkey = NULL;
++ }
+
+- if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
++ if (jj != tkeylen) {
+ /* Some S/MIME clients don't use the same key
+ * and effective key length. The key length is
+ * determined by the size of the decrypted RSA key.
+ */
+ if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+ {
+- PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+- PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+- goto err;
++ /* As MMA defence use random key instead */
++ OPENSSL_cleanse(tmp, jj);
++ OPENSSL_free(tmp);
++ jj = tkeylen;
++ tmp = tkey;
++ tkey = NULL;
+ }
+ }
++ ERR_clear_error();
+ if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+ goto err;
+
+ OPENSSL_cleanse(tmp,jj);
+
++ if (tkey)
++ {
++ OPENSSL_cleanse(tkey, tkeylen);
++ OPENSSL_free(tkey);
++ }
++
+ if (out == NULL)
+ out=etmp;
+ else
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2012-03-13 20:28:41 UTC (rev 531)
+++ openssl/branches/squeeze/debian/patches/series 2012-03-13 20:49:37 UTC (rev 532)
@@ -33,3 +33,4 @@
CVE-2011-4577.patch
dtls-fragment-alert.patch
CVE-2012-0050.patch
+CVE-2012-0884.patch
More information about the Pkg-openssl-changes
mailing list