[Pkg-openssl-changes] r720 - openssl/branches/wheezy/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Thu Mar 19 18:23:22 UTC 2015
Author: kroeckx
Date: 2015-03-19 18:23:22 +0000 (Thu, 19 Mar 2015)
New Revision: 720
Removed:
openssl/branches/wheezy/debian/patches/0001-Avoid-double-free-when-processing-DTLS-packets.patch
openssl/branches/wheezy/debian/patches/0002-Added-comment-for-the-frag-reassembly-NULL-case-as-p.patch
openssl/branches/wheezy/debian/patches/0003-Fix-DTLS-handshake-message-size-checks.patch
openssl/branches/wheezy/debian/patches/0004-Fix-memory-leak-from-zero-length-DTLS-fragments.patch
openssl/branches/wheezy/debian/patches/0005-Fix-return-code-for-truncated-DTLS-fragment.patch
openssl/branches/wheezy/debian/patches/0006-Applying-same-fix-as-in-dtls1_process_out_of_seq_mes.patch
openssl/branches/wheezy/debian/patches/0007-Remove-some-duplicate-DTLS-code.patch
openssl/branches/wheezy/debian/patches/0008-Fix-protocol-downgrade-bug-in-case-of-fragmented-pac.patch
openssl/branches/wheezy/debian/patches/0009-Fix-DTLS-anonymous-EC-DH-denial-of-service.patch
Log:
Remove duplicate unused patches.
Deleted: openssl/branches/wheezy/debian/patches/0001-Avoid-double-free-when-processing-DTLS-packets.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0001-Avoid-double-free-when-processing-DTLS-packets.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0001-Avoid-double-free-when-processing-DTLS-packets.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,52 +0,0 @@
-From 4a5adb49d716864b3452ad039bb36ee9e6025ceb Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl at imperialviolet.org>
-Date: Fri, 6 Jun 2014 14:19:21 -0700
-Subject: [PATCH 01/10] Avoid double free when processing DTLS packets.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The |item| variable, in both of these cases, may contain a pointer to a
-|pitem| structure within |s->d1->buffered_messages|. It was being freed
-in the error case while still being in |buffered_messages|. When the
-error later caused the |SSL*| to be destroyed, the item would be double
-freed.
-
-Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was
-inconsistent with the other error paths (but correct).
-
-Fixes CVE-2014-3505
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index fe3a96c..b808f04 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -687,8 +687,7 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-- if (frag != NULL) dtls1_hm_fragment_free(frag);
-- if (item != NULL) OPENSSL_free(item);
-+ if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
- *ok = 0;
- return i;
- }
-@@ -772,8 +771,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-- if ( frag != NULL) dtls1_hm_fragment_free(frag);
-- if ( item != NULL) OPENSSL_free(item);
-+ if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
- *ok = 0;
- return i;
- }
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0002-Added-comment-for-the-frag-reassembly-NULL-case-as-p.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0002-Added-comment-for-the-frag-reassembly-NULL-case-as-p.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0002-Added-comment-for-the-frag-reassembly-NULL-case-as-p.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,31 +0,0 @@
-From 2feb3f6dc5f774089673947b8054da05ef5a8acd Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt at openssl.org>
-Date: Thu, 24 Jul 2014 23:33:34 +0100
-Subject: [PATCH 02/10] Added comment for the frag->reassembly == NULL case as
- per feedback from Emilia
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index b808f04..9bc416c 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -633,7 +633,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-
-
- /* If message is already reassembled, this must be a
-- * retransmit and can be dropped.
-+ * retransmit and can be dropped. In this case item != NULL and so frag
-+ * does not need to be freed.
- */
- if (frag->reassembly == NULL)
- {
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0003-Fix-DTLS-handshake-message-size-checks.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0003-Fix-DTLS-handshake-message-size-checks.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0003-Fix-DTLS-handshake-message-size-checks.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,87 +0,0 @@
-From 59942ead835a57fed92b175a4ade50e41b33f8f8 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt at openssl.org>
-Date: Fri, 6 Jun 2014 14:25:52 -0700
-Subject: [PATCH 03/10] Fix DTLS handshake message size checks.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In |dtls1_reassemble_fragment|, the value of
-|msg_hdr->frag_off+frag_len| was being checked against the maximum
-handshake message size, but then |msg_len| bytes were allocated for the
-fragment buffer. This means that so long as the fragment was within the
-allowed size, the pending handshake message could consume 16MB + 2MB
-(for the reassembly bitmap). Approx 10 outstanding handshake messages
-are allowed, meaning that an attacker could consume ~180MB per DTLS
-connection.
-
-In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
-check was applied.
-
-Fixes CVE-2014-3506
-
-Wholly based on patch by Adam Langley with one minor amendment.
-
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 29 ++++++++++++++++-------------
- 1 file changed, 16 insertions(+), 13 deletions(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 9bc416c..e0eed12 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -581,6 +581,16 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
- return 0;
- }
-
-+/* dtls1_max_handshake_message_len returns the maximum number of bytes
-+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
-+ * be greater if the maximum certificate list size requires it. */
-+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
-+ {
-+ unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-+ if (max_len < (unsigned long)s->max_cert_list)
-+ return s->max_cert_list;
-+ return max_len;
-+ }
-
- static int
- dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-@@ -589,20 +599,10 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- pitem *item = NULL;
- int i = -1, is_complete;
- PQ_64BIT seq64;
-- unsigned long frag_len = msg_hdr->frag_len, max_len;
--
-- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
-- goto err;
--
-- /* Determine maximum allowed message size. Depends on (user set)
-- * maximum certificate length, but 16k is minimum.
-- */
-- if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
-- max_len = s->max_cert_list;
-- else
-- max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-+ unsigned long frag_len = msg_hdr->frag_len;
-
-- if ((msg_hdr->frag_off+frag_len) > max_len)
-+ if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len ||
-+ msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
- goto err;
-
- /* Try to find item in queue */
-@@ -743,6 +743,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- if (frag_len && frag_len < msg_hdr->msg_len)
- return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
-+ if (frag_len > dtls1_max_handshake_message_len(s))
-+ goto err;
-+
- frag = dtls1_hm_fragment_new(frag_len, 0);
- if ( frag == NULL)
- goto err;
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0004-Fix-memory-leak-from-zero-length-DTLS-fragments.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0004-Fix-memory-leak-from-zero-length-DTLS-fragments.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0004-Fix-memory-leak-from-zero-length-DTLS-fragments.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,82 +0,0 @@
-From 0a2b055b7719b832b0027fd16793dd000825effb Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl at imperialviolet.org>
-Date: Fri, 6 Jun 2014 14:30:33 -0700
-Subject: [PATCH 04/10] Fix memory leak from zero-length DTLS fragments.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The |pqueue_insert| function can fail if one attempts to insert a
-duplicate sequence number. When handling a fragment of an out of
-sequence message, |dtls1_process_out_of_seq_message| would not call
-|dtls1_reassemble_fragment| if the fragment's length was zero. It would
-then allocate a fresh fragment and attempt to insert it, but ignore the
-return value, leaking the fragment.
-
-This allows an attacker to exhaust the memory of a DTLS peer.
-
-Fixes CVE-2014-3507
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index e0eed12..99325e8 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -605,6 +605,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
- goto err;
-
-+ if (frag_len == 0)
-+ return DTLS1_HM_FRAGMENT_RETRY;
-+
- /* Try to find item in queue */
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
-@@ -682,7 +685,12 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- goto err;
- }
-
-- pqueue_insert(s->d1->buffered_messages, item);
-+ item = pqueue_insert(s->d1->buffered_messages, item);
-+ /* pqueue_insert fails iff a duplicate item is inserted.
-+ * However, |item| cannot be a duplicate. If it were,
-+ * |pqueue_find|, above, would have returned it and control
-+ * would never have reached this branch. */
-+ OPENSSL_assert(item != NULL);
- }
-
- return DTLS1_HM_FRAGMENT_RETRY;
-@@ -740,7 +748,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- }
- else
- {
-- if (frag_len && frag_len < msg_hdr->msg_len)
-+ if (frag_len < msg_hdr->msg_len)
- return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
- if (frag_len > dtls1_max_handshake_message_len(s))
-@@ -769,7 +777,15 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- if ( item == NULL)
- goto err;
-
-- pqueue_insert(s->d1->buffered_messages, item);
-+ item = pqueue_insert(s->d1->buffered_messages, item);
-+ /* pqueue_insert fails iff a duplicate item is inserted.
-+ * However, |item| cannot be a duplicate. If it were,
-+ * |pqueue_find|, above, would have returned it. Then, either
-+ * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
-+ * to NULL and it will have been processed with
-+ * |dtls1_reassemble_fragment|, above, or the record will have
-+ * been discarded. */
-+ OPENSSL_assert(item != NULL);
- }
-
- return DTLS1_HM_FRAGMENT_RETRY;
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0005-Fix-return-code-for-truncated-DTLS-fragment.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0005-Fix-return-code-for-truncated-DTLS-fragment.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0005-Fix-return-code-for-truncated-DTLS-fragment.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,43 +0,0 @@
-From 0b3b1167e1d72a568dae7bb5778de377250e6280 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl at imperialviolet.org>
-Date: Fri, 6 Jun 2014 14:44:20 -0700
-Subject: [PATCH 05/10] Fix return code for truncated DTLS fragment.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Previously, a truncated DTLS fragment in
-|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
-the return value would still be the number of bytes read. This would
-cause |dtls1_get_message| not to consider it an error and it would
-continue processing as normal until the calling function noticed that
-*ok was zero.
-
-I can't see an exploit here because |dtls1_get_message| uses
-|s->init_num| as the length, which will always be zero from what I can
-see.
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 99325e8..961ac51 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -765,7 +765,9 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- /* read the body of the fragment (header has already been read) */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
-- if (i<=0 || (unsigned long)i!=frag_len)
-+ if ((unsigned long)i!=frag_len)
-+ i = -1;
-+ if (i<=0)
- goto err;
- }
-
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0006-Applying-same-fix-as-in-dtls1_process_out_of_seq_mes.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0006-Applying-same-fix-as-in-dtls1_process_out_of_seq_mes.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0006-Applying-same-fix-as-in-dtls1_process_out_of_seq_mes.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,36 +0,0 @@
-From 202dd6345a24df561b1feea60a77d1406983196d Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt at openssl.org>
-Date: Thu, 24 Jul 2014 23:54:28 +0100
-Subject: [PATCH 06/10] Applying same fix as in
- dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok
- to be clear, but the return value would still be the number of bytes read.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Problem identified by Emilia Käsper, based on previous issue/patch by Adam
-Langley.
-
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 961ac51..3a4819f 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -657,7 +657,9 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- /* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment + msg_hdr->frag_off,frag_len,0);
-- if (i<=0 || (unsigned long)i!=frag_len)
-+ if ((unsigned long)i!=frag_len)
-+ i=-1;
-+ if (i<=0)
- goto err;
-
- RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0007-Remove-some-duplicate-DTLS-code.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0007-Remove-some-duplicate-DTLS-code.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0007-Remove-some-duplicate-DTLS-code.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,62 +0,0 @@
-From 9cfb1ed70502b6ea0bd963b2ec278b70d5f11190 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl at imperialviolet.org>
-Date: Fri, 6 Jun 2014 14:47:07 -0700
-Subject: [PATCH 07/10] Remove some duplicate DTLS code.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In |dtls1_process_out_of_seq_message|, we know that
-|frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len <
-msg_hdr->msg_len| can be more clearly written as |frag_len !=
-msg_hdr->msg_len|, since that's the only remaining case.
-
-Reviewed-by: Matt Caswell <matt at openssl.org>
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
----
- ssl/d1_both.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 3a4819f..d2bbb6b 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -593,7 +593,7 @@ static unsigned long dtls1_max_handshake_message_len(const SSL *s)
- }
-
- static int
--dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
- {
- hm_fragment *frag = NULL;
- pitem *item = NULL;
-@@ -705,7 +705,7 @@ err:
-
-
- static int
--dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
- {
- int i=-1;
- hm_fragment *frag = NULL;
-@@ -725,7 +725,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- /* If we already have an entry and this one is a fragment,
- * don't discard it and rather try to reassemble it.
- */
-- if (item != NULL && frag_len < msg_hdr->msg_len)
-+ if (item != NULL && frag_len != msg_hdr->msg_len)
- item = NULL;
-
- /* Discard the message if sequence number was already there, is
-@@ -750,7 +750,7 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
- }
- else
- {
-- if (frag_len < msg_hdr->msg_len)
-+ if (frag_len != msg_hdr->msg_len)
- return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
- if (frag_len > dtls1_max_handshake_message_len(s))
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0008-Fix-protocol-downgrade-bug-in-case-of-fragmented-pac.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0008-Fix-protocol-downgrade-bug-in-case-of-fragmented-pac.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0008-Fix-protocol-downgrade-bug-in-case-of-fragmented-pac.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,86 +0,0 @@
-From 91a5ef1e22bd41b2567faa90f016b460d973a974 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Wed, 23 Jul 2014 22:32:21 +0200
-Subject: [PATCH 08/10] Fix protocol downgrade bug in case of fragmented
- packets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2014-3511
-
-Reviewed-by: Emilia Käsper <emilia at openssl.org>
-Reviewed-by: Bodo Möller <bodo at openssl.org>
----
- ssl/s23_srvr.c | 30 +++++++++++++++++++++++-------
- 1 file changed, 23 insertions(+), 7 deletions(-)
-
-diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
-index be05911..e544853 100644
---- a/ssl/s23_srvr.c
-+++ b/ssl/s23_srvr.c
-@@ -328,23 +328,19 @@ int ssl23_get_client_hello(SSL *s)
- * Client Hello message, this would be difficult, and we'd have
- * to read more records to find out.
- * No known SSL 3.0 client fragments ClientHello like this,
-- * so we simply assume TLS 1.0 to avoid protocol version downgrade
-- * attacks. */
-+ * so we simply reject such connections to avoid
-+ * protocol version downgrade attacks. */
- if (p[3] == 0 && p[4] < 6)
- {
--#if 0
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
- goto err;
--#else
-- v[1] = TLS1_VERSION_MINOR;
--#endif
- }
- /* if major version number > 3 set minor to a value
- * which will use the highest version 3 we support.
- * If TLS 2.0 ever appears we will need to revise
- * this....
- */
-- else if (p[9] > SSL3_VERSION_MAJOR)
-+ if (p[9] > SSL3_VERSION_MAJOR)
- v[1]=0xff;
- else
- v[1]=p[10]; /* minor version according to client_version */
-@@ -412,14 +408,34 @@ int ssl23_get_client_hello(SSL *s)
- v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
- v[1] = p[4];
-
-+ /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
-+ * header is sent directly on the wire, not wrapped as a TLS
-+ * record. It's format is:
-+ * Byte Content
-+ * 0-1 msg_length
-+ * 2 msg_type
-+ * 3-4 version
-+ * 5-6 cipher_spec_length
-+ * 7-8 session_id_length
-+ * 9-10 challenge_length
-+ * ... ...
-+ */
- n=((p[0]&0x7f)<<8)|p[1];
- if (n > (1024*4))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
- goto err;
- }
-+ if (n < 9)
-+ {
-+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
-+ goto err;
-+ }
-
- j=ssl23_read_bytes(s,n+2);
-+ /* We previously read 11 bytes, so if j > 0, we must have
-+ * j == n+2 == s->packet_length. We have at least 11 valid
-+ * packet bytes. */
- if (j <= 0) return(j);
-
- ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
---
-2.0.1
-
Deleted: openssl/branches/wheezy/debian/patches/0009-Fix-DTLS-anonymous-EC-DH-denial-of-service.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/0009-Fix-DTLS-anonymous-EC-DH-denial-of-service.patch 2015-03-19 18:12:07 UTC (rev 719)
+++ openssl/branches/wheezy/debian/patches/0009-Fix-DTLS-anonymous-EC-DH-denial-of-service.patch 2015-03-19 18:23:22 UTC (rev 720)
@@ -1,72 +0,0 @@
-From e01e4b5f0181ddfc6a1923cd539a6ad81651dccc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Emilia=20K=C3=A4sper?= <emilia at openssl.org>
-Date: Thu, 24 Jul 2014 22:15:29 +0200
-Subject: [PATCH 09/10] Fix DTLS anonymous EC(DH) denial of service
-
-CVE-2014-3510
-
-Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
----
- ssl/d1_clnt.c | 16 ++++++++++++++--
- ssl/s3_clnt.c | 7 +++++++
- 2 files changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
-index ac24bfb..58a3b46 100644
---- a/ssl/d1_clnt.c
-+++ b/ssl/d1_clnt.c
-@@ -796,6 +796,13 @@ int dtls1_send_client_key_exchange(SSL *s)
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-+ if (s->session->sess_cert == NULL)
-+ {
-+ /* We should always have a server certificate with SSL_kRSA. */
-+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
-@@ -986,6 +993,13 @@ int dtls1_send_client_key_exchange(SSL *s)
- {
- DH *dh_srvr,*dh_clnt;
-
-+ if (s->session->sess_cert == NULL)
-+ {
-+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-+ goto err;
-+ }
-+
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
-@@ -1226,5 +1240,3 @@ int dtls1_send_client_certificate(SSL *s)
- /* SSL3_ST_CW_CERT_D */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
--
--
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 4b41a2b..c11048e 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -1916,6 +1916,13 @@ int ssl3_send_client_key_exchange(SSL *s)
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-+ if (s->session->sess_cert == NULL)
-+ {
-+ /* We should always have a server certificate with SSL_kRSA. */
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
---
-2.0.1
-
More information about the Pkg-openssl-changes
mailing list