[Pkg-openssl-changes] r737 - in openssl/branches/jessie/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Jun 11 21:36:29 UTC 2015
Author: kroeckx
Date: 2015-06-11 21:36:29 +0000 (Thu, 11 Jun 2015)
New Revision: 737
Added:
openssl/branches/jessie/debian/patches/CVE-2015-1788.patch
openssl/branches/jessie/debian/patches/CVE-2015-1789.patch
openssl/branches/jessie/debian/patches/CVE-2015-1790.patch
openssl/branches/jessie/debian/patches/CVE-2015-1791.patch
openssl/branches/jessie/debian/patches/CVE-2015-1792.patch
openssl/branches/jessie/debian/patches/CVE-2015-4000.patch
Modified:
openssl/branches/jessie/debian/changelog
openssl/branches/jessie/debian/patches/series
Log:
Security update
Modified: openssl/branches/jessie/debian/changelog
===================================================================
--- openssl/branches/jessie/debian/changelog 2015-06-11 17:38:18 UTC (rev 736)
+++ openssl/branches/jessie/debian/changelog 2015-06-11 21:36:29 UTC (rev 737)
@@ -1,3 +1,14 @@
+openssl (1.0.1k-3+deb8u1) jessie-security; urgency=medium
+
+ * Fix CVE-2015-1791
+ * Fix CVE-2015-1792
+ * Fix CVE-2015-1789
+ * Fix CVE-2015-1790
+ * Fix CVE-2015-1788
+ * CVE-2015-4000: Have minimum of 768 bit for DH
+
+ -- Kurt Roeckx <kurt at roeckx.be> Thu, 11 Jun 2015 20:55:20 +0200
+
openssl (1.0.1k-3) unstable; urgency=medium
* Drop patch 0003-Free-up-passed-ASN.1-structure-if-reused.patch, it at
Added: openssl/branches/jessie/debian/patches/CVE-2015-1788.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1788.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1788.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,45 @@
+From f61bbf8da532038ed0eae16a9a11771f3da22d30 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro at openssl.org>
+Date: Thu, 11 Jun 2015 00:18:01 +0200
+Subject: [PATCH] bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
+
+CVE-2015-1788
+
+Reviewed-by: Matt Caswell <matt at openssl.org>
+(cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932)
+---
+ crypto/bn/bn_gf2m.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+Index: openssl-1.0.1k/crypto/bn/bn_gf2m.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/bn/bn_gf2m.c
++++ openssl-1.0.1k/crypto/bn/bn_gf2m.c
+@@ -568,9 +568,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIG
+ }
+ #else
+ {
+- int i, ubits = BN_num_bits(u),
+- vbits = BN_num_bits(v), /* v is copy of p */
+- top = p->top;
++ int i;
++ int ubits = BN_num_bits(u);
++ int vbits = BN_num_bits(v); /* v is copy of p */
++ int top = p->top;
+ BN_ULONG *udp,*bdp,*vdp,*cdp;
+
+ bn_wexpand(u,top); udp = u->d;
+@@ -611,7 +612,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIG
+ ubits--;
+ }
+
+- if (ubits<=BN_BITS2 && udp[0]==1) break;
++ if (ubits <= BN_BITS2) {
++ if (udp[0] == 0) /* poly was reducible */
++ goto err;
++ if (udp[0] == 1)
++ break;
++ }
+
+ if (ubits<vbits)
+ {
Added: openssl/branches/jessie/debian/patches/CVE-2015-1789.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1789.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1789.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,134 @@
+From 370ac320301e28bb615cee80124c042649c95d14 Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Wed, 8 Apr 2015 16:56:43 +0200
+Subject: [PATCH] Fix length checks in X509_cmp_time to avoid out-of-bounds
+ reads.
+
+Also tighten X509_cmp_time to reject more than three fractional
+seconds in the time; and to reject trailing garbage after the offset.
+
+CVE-2015-1789
+
+Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/x509/x509_vfy.c | 57 +++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 47 insertions(+), 10 deletions(-)
+
+Index: openssl-1.0.1k/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.1k/crypto/x509/x509_vfy.c
+@@ -1712,54 +1712,93 @@ int X509_cmp_time(const ASN1_TIME *ctm,
+ ASN1_TIME atm;
+ long offset;
+ char buff1[24],buff2[24],*p;
+- int i,j;
++ int i,j,remaining;
+
+ p=buff1;
+- i=ctm->length;
++ remaining = ctm->length;
+ str=(char *)ctm->data;
++ /*
++ * Note that the following (historical) code allows much more slack in the
++ * time format than RFC5280. In RFC5280, the representation is fixed:
++ * UTCTime: YYMMDDHHMMSSZ
++ * GeneralizedTime: YYYYMMDDHHMMSSZ
++ */
+ if (ctm->type == V_ASN1_UTCTIME)
+ {
+- if ((i < 11) || (i > 17)) return 0;
++ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
++ int min_length = sizeof("YYMMDDHHMMZ") - 1;
++ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
++ if (remaining < min_length || remaining > max_length)
++ return 0;
+ memcpy(p,str,10);
+ p+=10;
+ str+=10;
++ remaining -= 10;
+ }
+ else
+ {
+- if (i < 13) return 0;
++ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
++ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
++ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
++ if (remaining < min_length || remaining > max_length)
++ return 0;
+ memcpy(p,str,12);
+ p+=12;
+ str+=12;
++ remaining -= 12;
+ }
+
+ if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+ { *(p++)='0'; *(p++)='0'; }
+ else
+ {
++ /* SS (seconds) */
++ if (remaining < 2)
++ return 0;
+ *(p++)= *(str++);
+ *(p++)= *(str++);
+- /* Skip any fractional seconds... */
+- if (*str == '.')
++ remaining -= 2;
++ /*
++ * Skip any (up to three) fractional seconds...
++ * TODO(emilia): in RFC5280, fractional seconds are forbidden.
++ * Can we just kill them altogether?
++ */
++ if (remaining && *str == '.')
+ {
+ str++;
+- while ((*str >= '0') && (*str <= '9')) str++;
++ remaining--;
++ for (i = 0; i < 3 && remaining; i++, str++, remaining--)
++ {
++ if (*str < '0' || *str > '9')
++ break;
++ }
+ }
+-
+ }
+ *(p++)='Z';
+ *(p++)='\0';
+
+- if (*str == 'Z')
+- offset=0;
+- else
+- {
+- if ((*str != '+') && (*str != '-'))
+- return 0;
+- offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+- offset+=(str[3]-'0')*10+(str[4]-'0');
+- if (*str == '-')
+- offset= -offset;
+- }
++ /* We now need either a terminating 'Z' or an offset. */
++ if (!remaining)
++ return 0;
++ if (*str == 'Z') {
++ if (remaining != 1)
++ return 0;
++ offset=0;
++ } else {
++ /* (+-)HHMM */
++ if ((*str != '+') && (*str != '-'))
++ return 0;
++ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
++ if (remaining != 5)
++ return 0;
++ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
++ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
++ return 0;
++ offset=((str[1]-'0')*10+(str[2]-'0'))*60;
++ offset+=(str[3]-'0')*10+(str[4]-'0');
++ if (*str == '-')
++ offset= -offset;
++ }
+ atm.type=ctm->type;
+ atm.flags = 0;
+ atm.length=sizeof(buff2);
Added: openssl/branches/jessie/debian/patches/CVE-2015-1790.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1790.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1790.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,67 @@
+From 5fbc59cac60db4d7c3172152b8bdafe0c675fabd Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Tue, 12 May 2015 19:00:30 +0200
+Subject: [PATCH] PKCS#7: Fix NULL dereference with missing EncryptedContent.
+
+CVE-2015-1790
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/pkcs7/pk7_doit.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+Index: openssl-1.0.1k/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.1k/crypto/pkcs7/pk7_doit.c
+@@ -468,6 +468,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ switch (i)
+ {
+ case NID_pkcs7_signed:
++ /*
++ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
++ * field and optional content.
++ * data_body is NULL if that structure has no (=detached) content
++ * or if the contentType is wrong (i.e., not "data").
++ */
+ data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+ if (!PKCS7_is_detached(p7) && data_body == NULL)
+ {
+@@ -479,6 +485,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ case NID_pkcs7_signedAndEnveloped:
+ rsk=p7->d.signed_and_enveloped->recipientinfo;
+ md_sk=p7->d.signed_and_enveloped->md_algs;
++ /* data_body is NULL if the optional EncryptedContent is missing. */
+ data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+ enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+@@ -491,6 +498,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ case NID_pkcs7_enveloped:
+ rsk=p7->d.enveloped->recipientinfo;
+ enc_alg=p7->d.enveloped->enc_data->algorithm;
++ /* data_body is NULL if the optional EncryptedContent is missing. */
+ data_body=p7->d.enveloped->enc_data->enc_data;
+ evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+ if (evp_cipher == NULL)
+@@ -504,6 +512,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ goto err;
+ }
+
++ /* Detached content must be supplied via in_bio instead. */
++ if (data_body == NULL && in_bio == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ goto err;
++ }
++
+ /* We will be checking the signature */
+ if (md_sk != NULL)
+ {
+@@ -660,7 +674,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ }
+
+ #if 1
+- if (PKCS7_is_detached(p7) || (in_bio != NULL))
++ if (in_bio != NULL)
+ {
+ bio=in_bio;
+ }
Added: openssl/branches/jessie/debian/patches/CVE-2015-1791.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1791.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1791.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,248 @@
+From 939b4960276b040fc0ed52232238fcc9e2e9ec21 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 18 May 2015 16:27:48 +0100
+Subject: [PATCH] Fix race condition in NewSessionTicket
+
+If a NewSessionTicket is received by a multi-threaded client when
+attempting to reuse a previous ticket then a race condition can occur
+potentially leading to a double free of the ticket data.
+
+CVE-2015-1791
+
+This also fixes RT#3808 where a session ID is changed for a session already
+in the client session cache. Since the session ID is the key to the cache
+this breaks the cache access.
+
+Parts of this patch were inspired by this Akamai change:
+https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)
+
+Conflicts:
+ ssl/ssl.h
+ ssl/ssl_err.c
+---
+ ssl/s3_clnt.c | 32 +++++++++++++++
+ ssl/ssl.h | 1 +
+ ssl/ssl_err.c | 1 +
+ ssl/ssl_locl.h | 1 +
+ ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 158 insertions(+)
+
+Index: openssl-1.0.1k/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/s3_clnt.c
++++ openssl-1.0.1k/ssl/s3_clnt.c
+@@ -2191,6 +2191,38 @@ int ssl3_get_new_session_ticket(SSL *s)
+ }
+
+ p=d=(unsigned char *)s->init_msg;
++
++ if (s->session->session_id_length > 0) {
++ int i = s->session_ctx->session_cache_mode;
++ SSL_SESSION *new_sess;
++ /*
++ * We reused an existing session, so we need to replace it with a new
++ * one
++ */
++ if (i & SSL_SESS_CACHE_CLIENT) {
++ /*
++ * Remove the old session from the cache
++ */
++ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
++ if (s->session_ctx->remove_session_cb != NULL)
++ s->session_ctx->remove_session_cb(s->session_ctx,
++ s->session);
++ } else {
++ /* We carry on if this fails */
++ SSL_CTX_remove_session(s->session_ctx, s->session);
++ }
++ }
++
++ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
++ al = SSL_AD_INTERNAL_ERROR;
++ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
++ goto f_err;
++ }
++
++ SSL_SESSION_free(s->session);
++ s->session = new_sess;
++ }
++
+ n2l(p, s->session->tlsext_tick_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+Index: openssl-1.0.1k/ssl/ssl.h
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl.h
++++ openssl-1.0.1k/ssl/ssl.h
+@@ -2263,6 +2263,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_READ 223
+ #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
+ #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
++#define SSL_F_SSL_SESSION_DUP 348
+ #define SSL_F_SSL_SESSION_NEW 189
+ #define SSL_F_SSL_SESSION_PRINT_FP 190
+ #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
+Index: openssl-1.0.1k/ssl/ssl_err.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl_err.c
++++ openssl-1.0.1k/ssl/ssl_err.c
+@@ -245,6 +245,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
++{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
+Index: openssl-1.0.1k/ssl/ssl_locl.h
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl_locl.h
++++ openssl-1.0.1k/ssl/ssl_locl.h
+@@ -831,6 +831,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
+ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+ int ssl_get_new_session(SSL *s, int session);
+ int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+ int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+ ssl_cipher_id);
+Index: openssl-1.0.1k/ssl/ssl_sess.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl_sess.c
++++ openssl-1.0.1k/ssl/ssl_sess.c
+@@ -224,6 +224,132 @@ SSL_SESSION *SSL_SESSION_new(void)
+ return(ss);
+ }
+
++
++/*
++ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
++ * ticket == 0 then no ticket information is duplicated, otherwise it is.
++ */
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
++{
++ SSL_SESSION *dest;
++
++ dest = OPENSSL_malloc(sizeof(*src));
++ if (dest == NULL) {
++ goto err;
++ }
++ memcpy(dest, src, sizeof(*dest));
++
++ /*
++ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
++ * the case of an error whilst halfway through constructing dest
++ */
++#ifndef OPENSSL_NO_PSK
++ dest->psk_identity_hint = NULL;
++ dest->psk_identity = NULL;
++#endif
++ dest->ciphers = NULL;
++#ifndef OPENSSL_NO_TLSEXT
++ dest->tlsext_hostname = NULL;
++# ifndef OPENSSL_NO_EC
++ dest->tlsext_ecpointformatlist = NULL;
++ dest->tlsext_ellipticcurvelist = NULL;
++# endif
++#endif
++ dest->tlsext_tick = NULL;
++#ifndef OPENSSL_NO_SRP
++ dest->srp_username = NULL;
++#endif
++ memset(&dest->ex_data, 0, sizeof(dest->ex_data));
++
++ /* We deliberately don't copy the prev and next pointers */
++ dest->prev = NULL;
++ dest->next = NULL;
++
++ dest->references = 1;
++
++ if (src->sess_cert != NULL)
++ CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
++
++ if (src->peer != NULL)
++ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
++
++#ifndef OPENSSL_NO_PSK
++ if (src->psk_identity_hint) {
++ dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
++ if (dest->psk_identity_hint == NULL) {
++ goto err;
++ }
++ }
++ if (src->psk_identity) {
++ dest->psk_identity = BUF_strdup(src->psk_identity);
++ if (dest->psk_identity == NULL) {
++ goto err;
++ }
++ }
++#endif
++
++ if(src->ciphers != NULL) {
++ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
++ if (dest->ciphers == NULL)
++ goto err;
++ }
++
++ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
++ &dest->ex_data, &src->ex_data)) {
++ goto err;
++ }
++
++#ifndef OPENSSL_NO_TLSEXT
++ if (src->tlsext_hostname) {
++ dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
++ if (dest->tlsext_hostname == NULL) {
++ goto err;
++ }
++ }
++# ifndef OPENSSL_NO_EC
++ if (src->tlsext_ecpointformatlist) {
++ dest->tlsext_ecpointformatlist =
++ BUF_memdup(src->tlsext_ecpointformatlist,
++ src->tlsext_ecpointformatlist_length);
++ if (dest->tlsext_ecpointformatlist == NULL)
++ goto err;
++ }
++ if (src->tlsext_ellipticcurvelist) {
++ dest->tlsext_ellipticcurvelist =
++ BUF_memdup(src->tlsext_ellipticcurvelist,
++ src->tlsext_ellipticcurvelist_length);
++ if (dest->tlsext_ellipticcurvelist == NULL)
++ goto err;
++ }
++# endif
++#endif
++
++ if (ticket != 0) {
++ dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
++ if(dest->tlsext_tick == NULL)
++ goto err;
++ } else {
++ dest->tlsext_tick_lifetime_hint = 0;
++ dest->tlsext_ticklen = 0;
++ }
++
++#ifndef OPENSSL_NO_SRP
++ if (src->srp_username) {
++ dest->srp_username = BUF_strdup(src->srp_username);
++ if (dest->srp_username == NULL) {
++ goto err;
++ }
++ }
++#endif
++
++ return dest;
++err:
++ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
++ SSL_SESSION_free(dest);
++ return NULL;
++}
++
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ {
+ if(len)
Added: openssl/branches/jessie/debian/patches/CVE-2015-1792.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-1792.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-1792.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,28 @@
+From dd90a91d8771fd1ad5083fd46a2b3da16a587757 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Fri, 5 Jun 2015 12:11:25 +0100
+Subject: [PATCH] Fix infinite loop in CMS
+
+Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
+to verify and a digest is not recognised. Reported by Johannes Bauer.
+
+CVE-2015-1792
+
+Reviewed-by: Matt Caswell <matt at openssl.org>
+---
+ crypto/cms/cms_smime.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openssl-1.0.1k/crypto/cms/cms_smime.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/cms/cms_smime.c
++++ openssl-1.0.1k/crypto/cms/cms_smime.c
+@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *up
+ BIO_free(f);
+ f = tbio;
+ }
+- while (f != upto);
++ while (f && f != upto);
+ }
+ else
+ BIO_free_all(f);
Added: openssl/branches/jessie/debian/patches/CVE-2015-4000.patch
===================================================================
--- openssl/branches/jessie/debian/patches/CVE-2015-4000.patch (rev 0)
+++ openssl/branches/jessie/debian/patches/CVE-2015-4000.patch 2015-06-11 21:36:29 UTC (rev 737)
@@ -0,0 +1,91 @@
+From 63830384e90d9b36d2793d4891501ec024827433 Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Tue, 19 May 2015 12:05:22 +0200
+Subject: [PATCH] client: reject handshakes with DH parameters < 768 bits.
+
+Since the client has no way of communicating her supported parameter
+range to the server, connections to servers that choose weak DH will
+simply fail.
+
+Reviewed-by: Kurt Roeckx <kurt at openssl.org>
+---
+ CHANGES | 3 ++-
+ ssl/s3_clnt.c | 22 ++++++++++++++++------
+ ssl/ssl.h | 1 +
+ ssl/ssl_err.c | 1 +
+ 4 files changed, 20 insertions(+), 7 deletions(-)
+
+Index: openssl-1.0.1k/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/s3_clnt.c
++++ openssl-1.0.1k/ssl/s3_clnt.c
+@@ -3425,25 +3425,32 @@ int ssl3_check_cert_and_algorithm(SSL *s
+ }
+ #endif
+ #ifndef OPENSSL_NO_DH
+- if ((alg_k & SSL_kEDH) &&
+- !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+- {
+- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
+- goto f_err;
+- }
+- else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+- {
+- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
+- goto f_err;
+- }
++ if ((alg_k & SSL_kEDH) && dh == NULL) {
++ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
++ goto f_err;
++ }
++ if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
++ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
++ SSL_R_MISSING_DH_RSA_CERT);
++ goto f_err;
++ }
+ #ifndef OPENSSL_NO_DSA
+- else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
++ if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
+ goto f_err;
+ }
+ #endif
+-#endif
++ /* Check DHE only: static DH not implemented. */
++ if (alg_k & SSL_kEDH) {
++ int dh_size = BN_num_bits(dh->p);
++ if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
++ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
++ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
++ goto f_err;
++ }
++ }
++#endif /* !OPENSSL_NO_DH */
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
+ {
+Index: openssl-1.0.1k/ssl/ssl.h
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl.h
++++ openssl-1.0.1k/ssl/ssl.h
+@@ -2378,6 +2378,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_DATA_LENGTH_TOO_LONG 146
+ #define SSL_R_DECRYPTION_FAILED 147
+ #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
++#define SSL_R_DH_KEY_TOO_SMALL 372
+ #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
+ #define SSL_R_DIGEST_CHECK_FAILED 149
+ #define SSL_R_DTLS_MESSAGE_TOO_BIG 334
+Index: openssl-1.0.1k/ssl/ssl_err.c
+===================================================================
+--- openssl-1.0.1k.orig/ssl/ssl_err.c
++++ openssl-1.0.1k/ssl/ssl_err.c
+@@ -363,6 +363,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
++{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+ {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
+ {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
+ {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
Modified: openssl/branches/jessie/debian/patches/series
===================================================================
--- openssl/branches/jessie/debian/patches/series 2015-06-11 17:38:18 UTC (rev 736)
+++ openssl/branches/jessie/debian/patches/series 2015-06-11 21:36:29 UTC (rev 737)
@@ -29,3 +29,9 @@
0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
0001-Check-public-key-is-not-NULL.patch
0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+CVE-2015-1791.patch
+CVE-2015-1792.patch
+CVE-2015-1789.patch
+CVE-2015-1790.patch
+CVE-2015-1788.patch
+CVE-2015-4000.patch
More information about the Pkg-openssl-changes
mailing list