[Pkg-openssl-changes] r781 - in openssl/branches/wheezy/debian: . patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Tue May 3 19:15:50 UTC 2016
Author: kroeckx
Date: 2016-05-03 19:15:50 +0000 (Tue, 03 May 2016)
New Revision: 781
Added:
openssl/branches/wheezy/debian/patches/CVE-2016-2105.patch
openssl/branches/wheezy/debian/patches/CVE-2016-2106.patch
openssl/branches/wheezy/debian/patches/CVE-2016-2107.patch
openssl/branches/wheezy/debian/patches/CVE-2016-2108.patch
openssl/branches/wheezy/debian/patches/CVE-2016-2109.patch
openssl/branches/wheezy/debian/patches/CVE-2016-2176.patch
Modified:
openssl/branches/wheezy/debian/changelog
openssl/branches/wheezy/debian/patches/series
Log:
Security fixes.
Modified: openssl/branches/wheezy/debian/changelog
===================================================================
--- openssl/branches/wheezy/debian/changelog 2016-05-03 17:11:53 UTC (rev 780)
+++ openssl/branches/wheezy/debian/changelog 2016-05-03 19:15:50 UTC (rev 781)
@@ -1,3 +1,14 @@
+openssl (1.0.1e-2+deb7u21) wheezy-security; urgency=medium
+
+ * Fix CVE-2016-2105
+ * Fix CVE-2016-2106
+ * Fix CVE-2016-2107
+ * Fix CVE-2016-2108
+ * Fix CVE-2016-2109
+ * Fix CVE-2016-2176
+
+ -- Kurt Roeckx <kurt at roeckx.be> Tue, 03 May 2016 21:14:34 +0200
+
openssl (1.0.1e-2+deb7u20) wheezy-security; urgency=medium
* Fix CVE-2016-0797
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2105.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2105.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2105.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,42 @@
+From 5b814481f3573fa9677f3a31ee51322e2a22ee6a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Fri, 4 Mar 2016 10:17:17 +0000
+Subject: [PATCH] Avoid overflow in EVP_EncodeUpdate
+
+An overflow can occur in the EVP_EncodeUpdate function which is used for
+Base64 encoding of binary data. If an attacker is able to supply very large
+amounts of input data then a length check can overflow resulting in a heap
+corruption. Due to the very large amounts of data involved this will most
+likely result in a crash.
+
+Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
+PEM_write_bio* family of functions. These are mainly used within the
+OpenSSL command line applications, so any application which processes
+data from an untrusted source and outputs it as a PEM file should be
+considered vulnerable to this issue.
+
+User applications that call these APIs directly with large amounts of
+untrusted data may also be vulnerable.
+
+Issue reported by Guido Vranken.
+
+CVE-2016-2105
+
+Reviewed-by: Richard Levitte <levitte at openssl.org>
+---
+ crypto/evp/encode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openssl-1.0.1k/crypto/evp/encode.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/evp/encode.c
++++ openssl-1.0.1k/crypto/evp/encode.c
+@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
+ *outl=0;
+ if (inl == 0) return;
+ OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+- if ((ctx->num+inl) < ctx->length)
++ if (ctx->length - ctx->num > inl)
+ {
+ memcpy(&(ctx->enc_data[ctx->num]),in,inl);
+ ctx->num+=inl;
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2106.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2106.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2106.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,60 @@
+From 56ea22458f3f5f1d0148b0a97957de4d56f3d328 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 3 Mar 2016 23:36:23 +0000
+Subject: [PATCH] Fix encrypt overflow
+
+An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
+able to supply very large amounts of input data after a previous call to
+EVP_EncryptUpdate with a partial block then a length check can overflow
+resulting in a heap corruption.
+
+Following an analysis of all OpenSSL internal usage of the
+EVP_EncryptUpdate function all usage is one of two forms.
+
+The first form is like this:
+EVP_EncryptInit()
+EVP_EncryptUpdate()
+
+i.e. where the EVP_EncryptUpdate() call is known to be the first called
+function after an EVP_EncryptInit(), and therefore that specific call
+must be safe.
+
+The second form is where the length passed to EVP_EncryptUpdate() can be
+seen from the code to be some small value and therefore there is no
+possibility of an overflow.
+
+Since all instances are one of these two forms, I believe that there can
+be no overflows in internal code due to this problem.
+
+It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
+in certain code paths. Also EVP_CipherUpdate() is a synonym for
+EVP_EncryptUpdate(). Therefore I have checked all instances of these
+calls too, and came to the same conclusion, i.e. there are no instances
+in internal usage where an overflow could occur.
+
+This could still represent a security issue for end user code that calls
+this function directly.
+
+CVE-2016-2106
+
+Issue reported by Guido Vranken.
+
+Reviewed-by: Tim Hudson <tjh at openssl.org>
+(cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)
+---
+ crypto/evp/evp_enc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: openssl-1.0.1k/crypto/evp/evp_enc.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/evp/evp_enc.c
++++ openssl-1.0.1k/crypto/evp/evp_enc.c
+@@ -343,7 +343,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
+ OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+ if (i != 0)
+ {
+- if (i+inl < bl)
++ if (bl - i > inl)
+ {
+ memcpy(&(ctx->buf[i]),in,inl);
+ ctx->buf_len+=inl;
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2107.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2107.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2107.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,38 @@
+From 4159f311671cf3bac03815e5de44681eb758304a Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Sat, 16 Apr 2016 23:08:56 +0200
+Subject: [PATCH] Check that we have enough padding characters.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Emilia Käsper <emilia at openssl.org>
+
+CVE-2016-2107
+
+MR: #2572
+---
+ crypto/evp/e_aes_cbc_hmac_sha1.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: openssl-1.0.1k/crypto/evp/e_aes_cbc_hmac_sha1.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ openssl-1.0.1k/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -59,6 +59,7 @@
+ #include <openssl/aes.h>
+ #include <openssl/sha.h>
+ #include "evp_locl.h"
++#include "constant_time_locl.h"
+
+ #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
+ #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
+@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
+ maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
+ maxpad &= 255;
+
++ ret &= constant_time_ge(maxpad, pad);
++
+ inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
+ mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
+ inp_len &= mask;
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2108.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2108.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2108.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,73 @@
+Index: openssl-1.0.1k/crypto/asn1/a_int.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/a_int.c
++++ openssl-1.0.1k/crypto/asn1/a_int.c
+@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
+ {
+ ret=a->length;
+ i=a->data[0];
++ if (ret == 1 && i == 0)
++ neg = 0;
+ if (!neg && (i > 127)) {
+ pad=1;
+ pb=0;
+@@ -157,7 +159,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
+ p += a->length - 1;
+ i = a->length;
+ /* Copy zeros to destination as long as source is zero */
+- while(!*n) {
++ while (!*n && i > 1) {
+ *(p--) = 0;
+ n--;
+ i--;
+@@ -415,7 +417,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const B
+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+- if (BN_is_negative(bn))
++ if (BN_is_negative(bn) && !BN_is_zero(bn))
+ ret->type = V_ASN1_NEG_INTEGER;
+ else ret->type=V_ASN1_INTEGER;
+ j=BN_num_bits(bn);
+Index: openssl-1.0.1k/crypto/asn1/a_type.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/a_type.c
++++ openssl-1.0.1k/crypto/asn1/a_type.c
+@@ -131,9 +131,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ result = 0; /* They do not have content. */
+ break;
+ case V_ASN1_INTEGER:
+- case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+- case V_ASN1_NEG_ENUMERATED:
+ case V_ASN1_BIT_STRING:
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_SEQUENCE:
+Index: openssl-1.0.1k/crypto/asn1/tasn_dec.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1k/crypto/asn1/tasn_dec.c
+@@ -1014,9 +1014,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
+ break;
+
+ case V_ASN1_INTEGER:
+- case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+- case V_ASN1_NEG_ENUMERATED:
+ tint = (ASN1_INTEGER **)pval;
+ if (!c2i_ASN1_INTEGER(tint, &cont, len))
+ goto err;
+Index: openssl-1.0.1k/crypto/asn1/tasn_enc.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/tasn_enc.c
++++ openssl-1.0.1k/crypto/asn1/tasn_enc.c
+@@ -643,9 +643,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
+ break;
+
+ case V_ASN1_INTEGER:
+- case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+- case V_ASN1_NEG_ENUMERATED:
+ /* These are all have the same content format
+ * as ASN1_INTEGER
+ */
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2109.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2109.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2109.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,93 @@
+From 3d411057a5e28530fffc40b257698f453c89aa87 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve at openssl.org>
+Date: Mon, 11 Apr 2016 13:57:20 +0100
+Subject: [PATCH] Harden ASN.1 BIO handling of large amounts of data.
+
+If the ASN.1 BIO is presented with a large length field read it in
+chunks of increasing size checking for EOF on each read. This prevents
+small files allocating excessive amounts of data.
+
+CVE-2016-2109
+
+Thanks to Brian Carpenter for reporting this issue.
+
+Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
+(cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)
+---
+ crypto/asn1/a_d2i_fp.c | 36 ++++++++++++++++++++++++++----------
+ 1 file changed, 26 insertions(+), 10 deletions(-)
+
+Index: openssl-1.0.1k/crypto/asn1/a_d2i_fp.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/asn1/a_d2i_fp.c
++++ openssl-1.0.1k/crypto/asn1/a_d2i_fp.c
+@@ -139,6 +139,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
+ #endif
+
+ #define HEADER_SIZE 8
++#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+ {
+ BUF_MEM *b;
+@@ -230,6 +231,8 @@ static int asn1_d2i_read_bio(BIO *in, BU
+ want=c.slen;
+ if (want > (len-off))
+ {
++ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
++
+ want-=(len-off);
+ if (want > INT_MAX /* BIO_read takes an int length */ ||
+ len+want < len)
+@@ -237,25 +240,36 @@ static int asn1_d2i_read_bio(BIO *in, BU
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+- if (!BUF_MEM_grow_clean(b,len+want))
+- {
+- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+- goto err;
+- }
+ while (want > 0)
+ {
+- i=BIO_read(in,&(b->data[len]),want);
+- if (i <= 0)
+- {
+- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+- ASN1_R_NOT_ENOUGH_DATA);
+- goto err;
+- }
+- /* This can't overflow because
+- * |len+want| didn't overflow. */
+- len+=i;
+- want-=i;
++ /*
++ * Read content in chunks of increasing size
++ * so we can return an error for EOF without
++ * having to allocate the entire content length
++ * in one go.
++ */
++ size_t chunk = want > chunk_max ? chunk_max : want;
++
++ if (!BUF_MEM_grow_clean(b, len + chunk)) {
++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
++ goto err;
+ }
++ want -= chunk;
++ while (chunk > 0) {
++ i = BIO_read(in, &(b->data[len]), chunk);
++ if (i <= 0) {
++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
++ ASN1_R_NOT_ENOUGH_DATA);
++ goto err;
++ }
++ /* This can't overflow because
++ * |len+want| didn't overflow. */
++ len+=i;
++ chunk -= i;
++ }
++ if (chunk_max < INT_MAX/2)
++ chunk_max *= 2;
++ }
+ }
+ if (off + c.slen < off)
+ {
Added: openssl/branches/wheezy/debian/patches/CVE-2016-2176.patch
===================================================================
--- openssl/branches/wheezy/debian/patches/CVE-2016-2176.patch (rev 0)
+++ openssl/branches/wheezy/debian/patches/CVE-2016-2176.patch 2016-05-03 19:15:50 UTC (rev 781)
@@ -0,0 +1,35 @@
+From 2919516136a4227d9e6d8f2fe66ef976aaf8c561 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt at openssl.org>
+Date: Thu, 28 Apr 2016 10:46:55 +0100
+Subject: [PATCH] Prevent EBCDIC overread for very long strings
+
+ASN1 Strings that are over 1024 bytes can cause an overread in
+applications using the X509_NAME_oneline() function on EBCDIC systems.
+This could result in arbitrary stack data being returned in the buffer.
+
+Issue reported by Guido Vranken.
+
+CVE-2016-2176
+
+Reviewed-by: Andy Polyakov <appro at openssl.org>
+---
+ crypto/x509/x509_obj.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+Index: openssl-1.0.1k/crypto/x509/x509_obj.c
+===================================================================
+--- openssl-1.0.1k.orig/crypto/x509/x509_obj.c
++++ openssl-1.0.1k/crypto/x509/x509_obj.c
+@@ -121,9 +121,9 @@ int i;
+ type == V_ASN1_TELETEXSTRING ||
+ type == V_ASN1_VISIBLESTRING ||
+ type == V_ASN1_IA5STRING) {
+- ascii2ebcdic(ebcdic_buf, q,
+- (num > sizeof ebcdic_buf)
+- ? sizeof ebcdic_buf : num);
++ if (num > (int)sizeof(ebcdic_buf))
++ num = sizeof(ebcdic_buf);
++ ascii2ebcdic(ebcdic_buf, q, num);
+ q=ebcdic_buf;
+ }
+ #endif
Modified: openssl/branches/wheezy/debian/patches/series
===================================================================
--- openssl/branches/wheezy/debian/patches/series 2016-05-03 17:11:53 UTC (rev 780)
+++ openssl/branches/wheezy/debian/patches/series 2016-05-03 19:15:50 UTC (rev 781)
@@ -115,4 +115,9 @@
CVE-2016-0799.patch
CVE-2016-0702.patch
CVE-2016-0705.patch
-
+CVE-2016-2108.patch
+CVE-2016-2107.patch
+CVE-2016-2105.patch
+CVE-2016-2176.patch
+CVE-2016-2106.patch
+CVE-2016-2109.patch
More information about the Pkg-openssl-changes
mailing list