[Pkg-openssl-changes] r635 - in openssl/branches/wheezy/debian: . patches

Mon Dec 23 16:41:41 UTC 2013

Author: kroeckx
Date: 2013-12-23 16:41:41 +0000 (Mon, 23 Dec 2013)
New Revision: 635

Added:
   openssl/branches/wheezy/debian/patches/CVE-2013-6449.patch
Modified:
   openssl/branches/wheezy/debian/changelog
   openssl/branches/wheezy/debian/patches/series
Log:
Fix CVE-2013-6449


Modified: openssl/branches/wheezy/debian/changelog
===================================================================

--- openssl/branches/wheezy/debian/changelog	2013-12-23 14:47:46 UTC (rev 634)
+++ openssl/branches/wheezy/debian/changelog	2013-12-23 16:41:41 UTC (rev 635)
@@ -1,3 +1,9 @@
+openssl (1.0.1e-2+deb7u1) stable-security; urgency=medium
+
+  * Fix CVE-2013-6449 (Closes: #732754)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Mon, 23 Dec 2013 15:47:52 +0100
+
 openssl (1.0.1e-2) unstable; urgency=high
 
   * Bump shlibs.  It's needed for the udeb.

Added: openssl/branches/wheezy/debian/patches/CVE-2013-6449.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2013-6449.patch	                        (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2013-6449.patch	2013-12-23 16:41:41 UTC (rev 635)
@@ -0,0 +1,83 @@
+Author: Dr. Stephen Henson <steve at openssl.org>
+Date:   Thu Dec 19 14:37:39 2013 +0000
+Subject: Fix CVE-2013-6449
+
+This is a combination of upstream commits:
+0294b2be5f4c11e60620c0018674ff0e17b14238
+ca989269a2876bae79393bd54c3e72d49975fc75
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index ead01c8..1e5dcab 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+ 
+ 		i=s->method->ssl3_enc->final_finish_mac(s,
+ 			sender,slen,s->s3->tmp.finish_md);
++		if (i == 0)
++			return 0;
+ 		s->s3->tmp.finish_md_len = i;
+ 		memcpy(p, s->s3->tmp.finish_md, i);
+ 		p+=i;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 804291e..c4bc4e7 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ 		slen=s->method->ssl3_enc->client_finished_label_len;
+ 		}
+ 
+-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
++	i = s->method->ssl3_enc->final_finish_mac(s,
+ 		sender,slen,s->s3->tmp.peer_finish_md);
++	if (i == 0)
++		{
++		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
++		return 0;
++		}
++	s->s3->tmp.peer_finish_md_len = i;
+ 
+ 	return(1);
+ 	}
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 809ad2e..72015f5 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
+ 		if (mask & ssl_get_algorithm2(s))
+ 			{
+ 			int hashsize = EVP_MD_size(md);
+-			if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
++			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
++			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ 				{
+ 				/* internal error: 'buf' is too small for this cipersuite! */
+ 				err = 1;
+ 				}
+ 			else
+ 				{
+-				EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
+-				EVP_DigestFinal_ex(&ctx,q,&i);
+-				if (i != (unsigned int)hashsize) /* can't really happen */
++				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
++					!EVP_DigestFinal_ex(&ctx,q,&i) ||
++					(i != (unsigned int)hashsize))
+ 					err = 1;
+-				q+=i;
++				q+=hashsize;
+ 				}
+ 			}
+ 		}
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ 	{
+ 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
+-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
++	if (s->method->version == TLS1_2_VERSION &&
+ 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ 	return alg2;

Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series	2013-12-23 14:47:46 UTC (rev 634)
+++ openssl/branches/wheezy/debian/patches/series	2013-12-23 16:41:41 UTC (rev 635)
@@ -36,3 +36,4 @@
 aesni-mac.patch
 dtls_version.patch
 get_certificate.patch
+CVE-2013-6449.patch


