[Pkg-openssl-changes] r722 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Fri Mar 20 21:04:44 UTC 2015
Author: kroeckx
Date: 2015-03-20 21:04:44 +0000 (Fri, 20 Mar 2015)
New Revision: 722
Added:
openssl/branches/squeeze/debian/patches/0001-Check-public-key-is-not-NULL.patch
openssl/branches/squeeze/debian/patches/0001-Disable-export-and-SSLv2-ciphers-by-default.patch
openssl/branches/squeeze/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
openssl/branches/squeeze/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
openssl/branches/squeeze/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
openssl/branches/squeeze/debian/patches/0001-evp-prevent-underflow-in-base64-decoding.patch
openssl/branches/squeeze/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
openssl/branches/squeeze/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch
openssl/branches/squeeze/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
openssl/branches/squeeze/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch
openssl/branches/squeeze/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
openssl/branches/squeeze/debian/patches/0009-Fix-unsigned-signed-warnings.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
0.9.8o-4squeeze20
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2015-03-20 17:43:24 UTC (rev 721)
+++ openssl/branches/squeeze/debian/changelog 2015-03-20 21:04:44 UTC (rev 722)
@@ -1,3 +1,18 @@
+openssl (0.9.8o-4squeeze20) squeeze-lts; urgency=medium
+
+ * Fix CVE-2015-0286
+ * Fix CVE-2015-0287
+ * Fix CVE-2015-0289
+ * Fix CVE-2015-0292
+ * Fix CVE-2015-0293
+ * Fix CVE-2015-0209
+ * Fix CVE-2015-0288
+ * Remove export ciphers from DEFAULT.
+ * Make DTLS always act as if read_ahead is set. This fixes a regression
+ introduce by the fix for CVE-2014-3571. (Closes: #775502)
+
+ -- Kurt Roeckx <kurt at roeckx.be> Fri, 20 Mar 2015 21:18:02 +0100
+
openssl (0.9.8o-4squeeze19) squeeze-lts; urgency=medium
* Fix CVE-2014-8275
Added: openssl/branches/squeeze/debian/patches/0001-Check-public-key-is-not-NULL.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-Check-public-key-is-not-NULL.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-Check-public-key-is-not-NULL.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,27 @@
+From 51527f1e3564f210e984fe5b654c45d34e4f03d7 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Wed, 18 Feb 2015 00:34:59 +0000
+Subject: [PATCH] Check public key is not NULL.
+
+CVE-2015-0288
+PR#3708
+
+Reviewed-by: Matt Caswell <matt at openssl.org>
+(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
+---
+ crypto/x509/x509_req.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: openssl-1.0.1e/crypto/x509/x509_req.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/x509/x509_req.c
++++ openssl-1.0.1e/crypto/x509/x509_req.c
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
+ goto err;
+
+ pktmp = X509_get_pubkey(x);
++ if (pktmp == NULL)
++ goto err;
+ i=X509_REQ_set_pubkey(ret,pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i) goto err;
Added: openssl/branches/squeeze/debian/patches/0001-Disable-export-and-SSLv2-ciphers-by-default.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-Disable-export-and-SSLv2-ciphers-by-default.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-Disable-export-and-SSLv2-ciphers-by-default.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,96 @@
+From c85c1e08ce4148b64a80497525fa5e5efc87d13a Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Sun, 8 Mar 2015 15:11:33 +0100
+Subject: [PATCH] Disable export and SSLv2 ciphers by default
+
+They are moved to the COMPLEMENTOFDEFAULT instead.
+
+Reviewed-by: Dr. Stephen Henson <steve at openssl.org>
+---
+ CHANGES | 3 ++-
+ doc/apps/ciphers.pod | 2 +-
+ ssl/ssl.h | 3 +--
+ ssl/ssl_ciph.c | 16 +++++++++++++---
+ ssl/ssl_lib.c | 1 +
+ 5 files changed, 18 insertions(+), 7 deletions(-)
+
+Index: openssl-0.9.8o/doc/apps/ciphers.pod
+===================================================================
+--- openssl-0.9.8o.orig/doc/apps/ciphers.pod
++++ openssl-0.9.8o/doc/apps/ciphers.pod
+@@ -105,7 +105,7 @@ The following is a list of all permitted
+ =item B<DEFAULT>
+
+ the default cipher list. This is determined at compile time and is normally
+-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
++B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
+ specified.
+
+ =item B<COMPLEMENTOFDEFAULT>
+Index: openssl-0.9.8o/ssl/ssl.h
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl.h
++++ openssl-0.9.8o/ssl/ssl.h
+@@ -319,7 +319,7 @@ extern "C" {
+ /* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+-#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
++#define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
+
+ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+ #define SSL_SENT_SHUTDOWN 1
+Index: openssl-0.9.8o/ssl/ssl_ciph.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl_ciph.c
++++ openssl-0.9.8o/ssl/ssl_ciph.c
+@@ -171,9 +171,9 @@ static const SSL_CIPHER cipher_aliases[]
+ /* Don't include eNULL unless specifically enabled. */
+ /* Don't include ECC in ALL because these ciphers are not yet official. */
+ {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+- /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
++ /* TODO: COMPLEMENT OF ALL does not have ECC cipher suites handled properly. */
+ {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
+- {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
++ {0,SSL_TXT_CMPDEF,0,SSL_ADH,SSL_EXP_MASK,0,0,0,SSL_AUTH_MASK,0},
+ {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
+ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
+ {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
+@@ -625,6 +625,16 @@ static void ssl_cipher_apply_rule(unsign
+
+ cp = curr->cipher;
+
++ /* Special case: only satisfied by COMPLEMENTOFDEFAULT */
++ if (algo_strength == SSL_EXP_MASK) {
++ if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
++ || cp->algorithms & SSL_aNULL)
++ && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
++ goto ok;
++ else
++ continue;
++ }
++
+ /* If explicit cipher suite, match only that one for its own protocol version.
+ * Usual selection criteria will be used for similar ciphersuites from other version! */
+
+@@ -660,6 +670,8 @@ static void ssl_cipher_apply_rule(unsign
+ else if (strength_bits != cp->strength_bits)
+ continue; /* does not apply */
+
++ ok:
++
+ #ifdef CIPHER_DEBUG
+ printf("Action = %d\n", rule);
+ #endif
+Index: openssl-0.9.8o/ssl/ssl_lib.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl_lib.c
++++ openssl-0.9.8o/ssl/ssl_lib.c
+@@ -1561,6 +1561,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
+
+ ssl_create_cipher_list(ret->method,
+ &ret->cipher_list,&ret->cipher_list_by_id,
++ meth->version == SSL2_VERSION ? "SSLv2" :
+ SSL_DEFAULT_CIPHER_LIST);
+ if (ret->cipher_list == NULL
+ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
Added: openssl/branches/squeeze/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,45 @@
+From 89117535f1bb3ea72a17933b703271587d7aaf0b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 9 Feb 2015 11:38:41 +0000
+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman at chromium.org>
+
+CVE-2015-0209
+
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+---
+ crypto/ec/ec_asn1.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1e/crypto/ec/ec_asn1.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/ec/ec_asn1.c
++++ openssl-1.0.1e/crypto/ec/ec_asn1.c
+@@ -1140,8 +1140,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+- if (a)
+- *a = ret;
+ }
+ else
+ ret = *a;
+@@ -1206,11 +1204,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ }
+ }
+
++ if (a)
++ *a = ret;
+ ok = 1;
+ err:
+ if (!ok)
+ {
+- if (ret)
++ if (ret && (a == NULL || *a != ret))
+ EC_KEY_free(ret);
+ ret = NULL;
+ }
Added: openssl/branches/squeeze/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,28 @@
+From 1895583835239bc44c3f6584e48f0279ad884f3b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Mon, 26 Jan 2015 16:47:36 +0000
+Subject: [PATCH] Make DTLS always act as if read_ahead is set. The actual
+ value of read_ahead is ignored for DTLS.
+
+RT#3657
+
+Reviewed-by: Andy Polyakov <appro at openssl.org>
+(cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa)
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: openssl-0.9.8o/ssl/s3_pkt.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s3_pkt.c
++++ openssl-0.9.8o/ssl/s3_pkt.c
+@@ -162,7 +162,8 @@ int ssl3_read_n(SSL *s, int n, int max,
+ }
+
+ /* else we need to read more data */
+- if (!s->read_ahead)
++ /* We always act like read_ahead is set for DTLS */
++ if (!s->read_ahead && !SSL_IS_DTLS(s))
+ max=n;
+
+ {
Added: openssl/branches/squeeze/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-Remove-export-ciphers-from-the-DEFAULT-cipher-list.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,81 @@
+From bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Wed, 4 Mar 2015 21:57:52 +0100
+Subject: [PATCH] Remove export ciphers from the DEFAULT cipher list
+
+They are moved to the COMPLEMENTOFDEFAULT instead.
+This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+(cherry picked from commit f417997a324037025be61737288e40e171a8218c)
+
+Conflicts:
+ ssl/ssl_ciph.c
+---
+ CHANGES | 3 ++-
+ doc/apps/ciphers.pod | 4 ++--
+ ssl/ssl.h | 2 +-
+ ssl/ssl_ciph.c | 11 ++++++++---
+ 4 files changed, 13 insertions(+), 7 deletions(-)
+
+Index: openssl-1.0.1e/doc/apps/ciphers.pod
+===================================================================
+--- openssl-1.0.1e.orig/doc/apps/ciphers.pod
++++ openssl-1.0.1e/doc/apps/ciphers.pod
+@@ -109,8 +109,8 @@ The following is a list of all permitted
+
+ =item B<DEFAULT>
+
+-the default cipher list. This is determined at compile time and, as of OpenSSL
+-1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
++the default cipher list. This is determined at compile time and
++is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
+ specified.
+
+ =item B<COMPLEMENTOFDEFAULT>
+Index: openssl-1.0.1e/ssl/ssl.h
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl.h
++++ openssl-1.0.1e/ssl/ssl.h
+@@ -332,7 +332,7 @@ extern "C" {
+ /* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
++#define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
+ /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites!
+Index: openssl-1.0.1e/ssl/ssl_ciph.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl_ciph.c
++++ openssl-1.0.1e/ssl/ssl_ciph.c
+@@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]
+ {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
+
+ /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
+- {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
++ {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, SSL_EXP_MASK, 0, 0, 0},
+
+ /* key exchange aliases
+ * (some of those using only a single bit here combine
+@@ -976,6 +976,10 @@ static void ssl_cipher_apply_rule(unsign
+ printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
+ #endif
+
++ if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
++ goto ok;
++ if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
++ goto ok;
+ if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+ continue;
+ if (alg_auth && !(alg_auth & cp->algorithm_auth))
+@@ -992,6 +996,8 @@ static void ssl_cipher_apply_rule(unsign
+ continue;
+ }
+
++ ok:
++
+ #ifdef CIPHER_DEBUG
+ printf("Action = %d\n", rule);
+ #endif
Added: openssl/branches/squeeze/debian/patches/0001-evp-prevent-underflow-in-base64-decoding.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0001-evp-prevent-underflow-in-base64-decoding.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0001-evp-prevent-underflow-in-base64-decoding.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,30 @@
+From fce3821111e3307a599d2378f2cca2ef2097c6c4 Mon Sep 17 00:00:00 2001
+From: Geoff Thorpe <geoff at openssl.org>
+Date: Sun, 4 May 2014 18:44:14 -0400
+Subject: [PATCH] evp: prevent underflow in base64 decoding
+
+This patch resolves RT ticket #2608.
+
+Thanks to Robert Dugal for originally spotting this, and to David
+Ramos for noticing that the ball had been dropped.
+
+Signed-off-by: Geoff Thorpe <geoff at openssl.org>
+---
+ crypto/evp/encode.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
+index e278a1b..a4f7674 100644
+--- a/crypto/evp/encode.c
++++ b/crypto/evp/encode.c
+@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ v=EVP_DecodeBlock(out,d,n);
+ n=0;
+ if (v < 0) { rv=0; goto end; }
++ if (eof > v) { rv=-1; goto end; }
+ ret+=(v-eof);
+ }
+ else
+--
+2.1.4
+
Added: openssl/branches/squeeze/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,58 @@
+From a9f34a7aac5fd89f33a34fb71e954b85fbf35875 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 23 Feb 2015 02:32:44 +0000
+Subject: [PATCH 2/6] Free up ADB and CHOICE if already initialised.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2015-0287
+
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+---
+ crypto/asn1/tasn_dec.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+Index: openssl-0.9.8o/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/asn1/tasn_dec.c
++++ openssl-0.9.8o/crypto/asn1/tasn_dec.c
+@@ -309,9 +309,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it))
+- {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+@@ -406,6 +413,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
Added: openssl/branches/squeeze/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0004-Fix-ASN1_TYPE_cmp.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,30 @@
+From ee5a1253285e5c9f406c8b57b0686319b70c07d8 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 9 Mar 2015 23:11:45 +0000
+Subject: [PATCH 4/6] Fix ASN1_TYPE_cmp
+
+Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
+can be triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+CVE-2015-0286
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/a_type.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: openssl-1.0.1e/crypto/asn1/a_type.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/a_type.c
++++ openssl-1.0.1e/crypto/asn1/a_type.c
+@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
Added: openssl/branches/squeeze/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,160 @@
+From 544e3e3b69d080ee87721bd03c37b4d450384fb9 Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Fri, 27 Feb 2015 16:52:23 +0100
+Subject: [PATCH] PKCS#7: avoid NULL pointer dereferences with missing content
+
+In PKCS#7, the ASN.1 content component is optional.
+This typically applies to inner content (detached signatures),
+however we must also handle unexpected missing outer content
+correctly.
+
+This patch only addresses functions reachable from parsing,
+decryption and verification, and functions otherwise associated
+with reading potentially untrusted data.
+
+Correcting all low-level API calls requires further work.
+
+CVE-2015-0289
+
+Thanks to Michal Zalewski (Google) for reporting this issue.
+
+Reviewed-by: Steve Henson <steve at openssl.org>
+
+Conflicts:
+ crypto/pkcs7/pk7_doit.c
+---
+ crypto/pkcs7/pk7_doit.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++
+ crypto/pkcs7/pk7_lib.c | 3 +++
+ 2 files changed, 60 insertions(+)
+
+Index: openssl-0.9.8o/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/pkcs7/pk7_doit.c
++++ openssl-0.9.8o/crypto/pkcs7/pk7_doit.c
+@@ -151,6 +151,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ EVP_PKEY *pkey;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -345,6 +364,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ X509_ALGOR *xalg=NULL;
+ PKCS7_RECIP_INFO *ri=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -640,6 +669,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+@@ -671,6 +710,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ /* If detached data then the content is excluded */
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -681,6 +721,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -818,6 +859,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+
+ if (!PKCS7_is_detached(p7))
+ {
++ /*
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ * digested data support is broken.
++ */
++ if (os == NULL)
++ goto err;
+ btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+ if (btmp == NULL)
+ {
+@@ -852,6 +899,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7))
+ {
+ cert=p7->d.sign->cert;
+Index: openssl-0.9.8o/crypto/pkcs7/pk7_lib.c
+===================================================================
+--- openssl-0.9.8o.orig/crypto/pkcs7/pk7_lib.c
++++ openssl-0.9.8o/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long
+
+ switch (cmd)
+ {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed)
+ {
+@@ -473,6 +474,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7))
+ {
+ return(p7->d.sign->signer_info);
Added: openssl/branches/squeeze/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0006-Fix-reachable-assert-in-SSLv2-servers.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,130 @@
+From a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2 Mon Sep 17 00:00:00 2001
+From: Emilia Kasper <emilia at openssl.org>
+Date: Wed, 4 Mar 2015 09:05:02 -0800
+Subject: [PATCH 6/6] Fix reachable assert in SSLv2 servers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This assert is reachable for servers that support SSLv2 and export ciphers.
+Therefore, such servers can be DoSed by sending a specially crafted
+SSLv2 CLIENT-MASTER-KEY.
+
+Also fix s2_srvr.c to error out early if the key lengths are malformed.
+These lengths are sent unencrypted, so this does not introduce an oracle.
+
+CVE-2015-0293
+
+This issue was discovered by Sean Burford (Google) and Emilia Käsper of
+the OpenSSL development team.
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+---
+ ssl/s2_lib.c | 2 +-
+ ssl/s2_srvr.c | 57 +++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 46 insertions(+), 13 deletions(-)
+
+Index: openssl-1.0.1e/ssl/s2_lib.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/s2_lib.c
++++ openssl-1.0.1e/ssl/s2_lib.c
+@@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s)
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ EVP_DigestUpdate(&ctx,&c,1);
+ c++;
+Index: openssl-1.0.1e/ssl/s2_srvr.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/s2_srvr.c
++++ openssl-1.0.1e/ssl/s2_srvr.c
+@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ return(-1);
+ }
+- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+
+ is_export=SSL_C_IS_EXPORT(s->session->cipher);
+
+@@ -467,21 +464,60 @@ static int get_client_master_key(SSL *s)
+ else
+ ek=5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ #if 1
+ /* If a bad decrypt, continue with protocol but with a
+ * random master secret (Bleichenbacher attack) */
+- if ((i < 0) ||
+- ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+- (unsigned int)EVP_CIPHER_key_length(c))))))
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ {
+ ERR_clear_error();
+ if (is_export)
+ i=ek;
+ else
+ i=EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p,i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ #else
+@@ -505,7 +541,8 @@ static int get_client_master_key(SSL *s)
+ }
+ #endif
+
+- if (is_export) i+=s->s2->tmp.clear;
++ if (is_export)
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
Added: openssl/branches/squeeze/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,73 @@
+From a4517be9e348634ac64f9cf093131e13e8c03e38 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 19 Mar 2015 10:16:32 +0000
+Subject: [PATCH 08/12] Fix a failure to NULL a pointer freed on error.
+
+Reported by the LibreSSL project as a follow on to CVE-2015-0209
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/asn1/x_x509.c | 12 +++++++++++-
+ crypto/ec/ec_asn1.c | 7 +++++--
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+Index: openssl-1.0.1e/crypto/asn1/x_x509.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/asn1/x_x509.c 2013-02-11 15:26:04.000000000 +0000
++++ openssl-1.0.1e/crypto/asn1/x_x509.c 2015-03-19 18:07:02.689136145 +0000
+@@ -170,8 +170,14 @@
+ {
+ const unsigned char *q;
+ X509 *ret;
++ int freeret = 0;
++
+ /* Save start position */
+ q = *pp;
++
++ if(!a || *a == NULL) {
++ freeret = 1;
++ }
+ ret = d2i_X509(a, pp, length);
+ /* If certificate unreadable then forget it */
+ if(!ret) return NULL;
+@@ -181,7 +187,11 @@
+ if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+ return ret;
+ err:
+- X509_free(ret);
++ if(freeret) {
++ X509_free(ret);
++ if (a)
++ *a = NULL;
++ }
+ return NULL;
+ }
+
+Index: openssl-1.0.1e/crypto/ec/ec_asn1.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/ec/ec_asn1.c 2015-03-19 18:06:21.000000000 +0000
++++ openssl-1.0.1e/crypto/ec/ec_asn1.c 2015-03-19 18:09:11.394282947 +0000
+@@ -1358,8 +1358,6 @@
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+- if (a)
+- *a = ret;
+ }
+ else
+ ret = *a;
+@@ -1367,9 +1365,14 @@
+ if (!d2i_ECPKParameters(&ret->group, in, len))
+ {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
++ if (a == NULL || *a != ret)
++ EC_KEY_free(ret);
+ return NULL;
+ }
+
++ if (a)
++ *a = ret;
++
+ return ret;
+ }
+
Added: openssl/branches/squeeze/debian/patches/0009-Fix-unsigned-signed-warnings.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/0009-Fix-unsigned-signed-warnings.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/0009-Fix-unsigned-signed-warnings.patch 2015-03-20 21:04:44 UTC (rev 722)
@@ -0,0 +1,55 @@
+From 8ca79fcbf45ea2ed505679be20e1a8a4c3df07cf Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 19 Mar 2015 11:35:33 +0000
+Subject: [PATCH 09/12] Fix unsigned/signed warnings
+
+Fix some unsigned/signed warnings introduced as part of the fix
+for CVE-2015-0293
+
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ ssl/s2_srvr.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+Index: openssl-0.9.8o/ssl/s2_srvr.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/s2_srvr.c
++++ openssl-0.9.8o/ssl/s2_srvr.c
+@@ -363,7 +363,8 @@ end:
+
+ static int get_client_master_key(SSL *s)
+ {
+- int is_export,i,n,keya,ek;
++ int is_export,i,n,keya;
++ unsigned int ek;
+ unsigned long len;
+ unsigned char *p;
+ SSL_CIPHER *cp;
+@@ -481,7 +482,7 @@ static int get_client_master_key(SSL *s)
+ * must be zero).
+ */
+ if ((!is_export && s->s2->tmp.clear != 0) ||
+- (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
+ return -1;
+@@ -492,7 +493,7 @@ static int get_client_master_key(SSL *s)
+ * bytes to fit the key in the buffer, stop now.
+ */
+ if ((is_export && s->s2->tmp.enc < ek) ||
+- (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
+ return -1;
+@@ -509,7 +510,7 @@ static int get_client_master_key(SSL *s)
+ /* If a bad decrypt, continue with protocol but with a
+ * random master secret (Bleichenbacher attack) */
+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
+- || (is_export && i != ek))) {
++ || (is_export && i != (int)ek))) {
+ {
+ ERR_clear_error();
+ if (is_export)
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2015-03-20 17:43:24 UTC (rev 721)
+++ openssl/branches/squeeze/debian/patches/series 2015-03-20 21:04:44 UTC (rev 722)
@@ -71,4 +71,14 @@
0011-Fix-crash-in-dtls1_get_record-whilst-in-the-listen-s.patch
0012-Follow-on-from-CVE-2014-3571.-This-fixes-the-code-th.patch
0013-Fix-typo.patch
-
+0006-Fix-reachable-assert-in-SSLv2-servers.patch
+0009-Fix-unsigned-signed-warnings.patch
+0005-PKCS-7-avoid-NULL-pointer-dereferences-with-missing-.patch
+0004-Fix-ASN1_TYPE_cmp.patch
+0002-Free-up-ADB-and-CHOICE-if-already-initialised.patch
+0001-Make-DTLS-always-act-as-if-read_ahead-is-set.-The-ac.patch
+0001-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+0001-Check-public-key-is-not-NULL.patch
+0001-evp-prevent-underflow-in-base64-decoding.patch
+0008-Fix-a-failure-to-NULL-a-pointer-freed-on-error.patch
+0001-Disable-export-and-SSLv2-ciphers-by-default.patch
More information about the Pkg-openssl-changes
mailing list