Hi, I'll be uploading a new version of openssl to proposed-updates soon. This fixes a security issue. Could you please review and approve this?
The diff is attached. Kurt
diff -u openssl-0.9.8g/debian/changelog openssl-0.9.8g/debian/changelog --- openssl-0.9.8g/debian/changelog +++ openssl-0.9.8g/debian/changelog @@ -1,3 +1,10 @@ +openssl (0.9.8g-15+lenny7) stable-security; urgency=low + + * Check return type of bn_wexpand(). Fixes CVE-2009-3245 + (Closes: #575433) + + -- Kurt Roeckx <k...@roeckx.be> Mon, 07 Jun 2010 20:30:01 +0200 + openssl (0.9.8g-15+lenny6) stable-security; urgency=low * Clean up zlib state so that it will be reinitialized on next use and only in patch2: unchanged: --- openssl-0.9.8g.orig/engines/e_ubsec.c +++ openssl-0.9.8g/engines/e_ubsec.c @@ -934,7 +934,7 @@ priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); + if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); @@ -949,7 +949,7 @@ { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); + if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; if(pub_key == NULL) goto err; } else only in patch2: unchanged: --- openssl-0.9.8g.orig/crypto/ec/ec2_smpl.c +++ openssl-0.9.8g/crypto/ec/ec2_smpl.c @@ -174,8 +174,10 @@ dest->poly[2] = src->poly[2]; dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; - bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; + if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -199,12 +201,12 @@ /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; only in patch2: unchanged: --- openssl-0.9.8g.orig/crypto/bn/bn_div.c +++ openssl-0.9.8g/crypto/bn/bn_div.c @@ -102,7 +102,7 @@ /* The next 2 are needed so we can do a dv->d[0]|=1 later * since BN_lshift1 will only work once there is a value :-) */ BN_zero(dv); - bn_wexpand(dv,1); + if(bn_wexpand(dv,1) == NULL) goto end; dv->top=1; if (!BN_lshift(D,D,nm-nd)) goto end; only in patch2: unchanged: --- openssl-0.9.8g.orig/crypto/bn/bn_mul.c +++ openssl-0.9.8g/crypto/bn/bn_mul.c @@ -1025,15 +1025,15 @@ t = BN_CTX_get(ctx); if (al > j || bl > j) { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); + if (bn_wexpand(t,k*4) == NULL) goto err; + if (bn_wexpand(rr,k*4) == NULL) goto err; bn_mul_part_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } else /* al <= j || bl <= j */ { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); + if (bn_wexpand(t,k*2) == NULL) goto err; + if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } only in patch2: unchanged: --- openssl-0.9.8g.orig/crypto/bn/bn_gf2m.c +++ openssl-0.9.8g/crypto/bn/bn_gf2m.c @@ -294,7 +294,8 @@ if (a->top < b->top) { at = b; bt = a; } else { at = a; bt = b; } - bn_wexpand(r, at->top); + if(bn_wexpand(r, at->top) == NULL) + return 0; for (i = 0; i < bt->top; i++) {