Hello community, here is the log from the commit of package openssl for openSUSE:11.3 checked in at Wed Jan 11 17:57:30 CET 2012.
-------- --- old-versions/11.3/UPDATES/all/openssl/openssl.changes 2011-09-20 10:50:08.000000000 +0200 +++ 11.3/openssl/openssl.changes 2012-01-11 08:36:51.000000000 +0100 @@ -1,0 +2,13 @@ +Wed Jan 11 07:23:14 UTC 2012 - g...@suse.com + +- fix security bug[bnc#739719] - openssl: various security issues + DTLS Plaintext Recovery Attack (CVE-2011-4108) + Uninitialized SSL 3.0 Padding (CVE-2011-4576) + Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) + SGC Restart DoS Attack (CVE-2011-4619) + Invalid GOST parameters DoS Attack (CVE-2012-0027) + + not affected: + Double-free in Policy Checks (CVE-2011-4109) + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- CVE-2011-4108.patch CVE-2011-4576.patch CVE-2011-4577.patch CVE-2011-4619.patch CVE-2012-0027.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.PgRJW1/_old 2012-01-11 17:56:49.000000000 +0100 +++ /var/tmp/diff_new_pack.PgRJW1/_new 2012-01-11 17:56:49.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ %endif # Version: 1.0.0 -Release: 6.<RELEASE11> +Release: 6.<RELEASE13> Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -51,6 +51,11 @@ Patch8: ECDSA_signatures_timing_attack.patch Patch9: CVE-2011-3207.patch Patch10: CVE-2011-3210.patch +Patch21: CVE-2011-4108.patch +Patch22: CVE-2011-4576.patch +Patch23: CVE-2011-4577.patch +Patch24: CVE-2011-4619.patch +Patch25: CVE-2012-0027.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -188,6 +193,11 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++++++ CVE-2011-4108.patch ++++++ Index: openssl-1.0.0/ssl/d1_pkt.c =================================================================== --- openssl-1.0.0.orig/ssl/d1_pkt.c +++ openssl-1.0.0/ssl/d1_pkt.c @@ -375,6 +375,7 @@ dtls1_process_record(SSL *s) SSL3_RECORD *rr; unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; + int decryption_failed_or_bad_record_mac = 0; rr= &(s->s3->rrec); @@ -409,12 +410,10 @@ dtls1_process_record(SSL *s) enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + /* To minimize information leaked via timing, we will always + * perform all computations before discarding the message. + */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -444,7 +443,7 @@ printf("\n"); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ @@ -455,17 +454,25 @@ printf("\n"); SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* decryption failed, silently discard message */ + rr->length = 0; + s->packet_length = 0; + goto err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { ++++++ CVE-2011-4576.patch ++++++ Index: openssl-1.0.0c/ssl/s3_enc.c =================================================================== --- openssl-1.0.0c.orig/ssl/s3_enc.c +++ openssl-1.0.0c/ssl/s3_enc.c @@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); } ++++++ CVE-2011-4577.patch ++++++ Index: openssl-1.0.0c/crypto/x509v3/v3_addr.c =================================================================== --- openssl-1.0.0c.orig/crypto/x509v3/v3_addr.c +++ openssl-1.0.0c/crypto/x509v3/v3_addr.c @@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAdd * Expand the bitstring form of an address into a raw byte array. * At the moment this is coded for simplicity, not speed. */ -static void addr_expand(unsigned char *addr, +static int addr_expand(unsigned char *addr, const ASN1_BIT_STRING *bs, const int length, const unsigned char fill) { - OPENSSL_assert(bs->length >= 0 && bs->length <= length); + if (bs->length < 0 || bs->length > length) + return 0; if (bs->length > 0) { memcpy(addr, bs->data, bs->length); if ((bs->flags & 7) != 0) { @@ -159,6 +160,7 @@ static void addr_expand(unsigned char *a } } memset(addr + bs->length, fill, length - bs->length); + return 1; } /* @@ -179,11 +181,13 @@ static int i2r_address(BIO *out, switch (afi) { case IANA_AFI_IPV4: - addr_expand(addr, bs, 4, fill); + if (!addr_expand(addr, bs, 4, fill)) + return 0; BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; case IANA_AFI_IPV6: - addr_expand(addr, bs, 16, fill); + if (!addr_expand(addr, bs, 16, fill)) + return 0; for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) ; for (i = 0; i < n; i += 2) @@ -309,6 +313,12 @@ static int i2r_IPAddrBlocks(const X509V3 /* * Sort comparison function for a sequence of IPAddressOrRange * elements. + * + * There's no sane answer we can give if addr_expand() fails, and an + * assertion failure on externally supplied data is seriously uncool, + * so we just arbitrarily declare that if given invalid inputs this + * function returns -1. If this messes up your preferred sort order + * for garbage input, tough noogies. */ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, const IPAddressOrRange *b, @@ -320,22 +330,26 @@ static int IPAddressOrRange_cmp(const IP switch (a->type) { case IPAddressOrRange_addressPrefix: - addr_expand(addr_a, a->u.addressPrefix, length, 0x00); + if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) + return -1; prefixlen_a = addr_prefixlen(a->u.addressPrefix); break; case IPAddressOrRange_addressRange: - addr_expand(addr_a, a->u.addressRange->min, length, 0x00); + if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) + return -1; prefixlen_a = length * 8; break; } switch (b->type) { case IPAddressOrRange_addressPrefix: - addr_expand(addr_b, b->u.addressPrefix, length, 0x00); + if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) + return -1; prefixlen_b = addr_prefixlen(b->u.addressPrefix); break; case IPAddressOrRange_addressRange: - addr_expand(addr_b, b->u.addressRange->min, length, 0x00); + if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) + return -1; prefixlen_b = length * 8; break; } @@ -650,22 +664,22 @@ int v3_addr_add_range(IPAddrBlocks *addr /* * Extract min and max values from an IPAddressOrRange. */ -static void extract_min_max(IPAddressOrRange *aor, +static int extract_min_max(IPAddressOrRange *aor, unsigned char *min, unsigned char *max, int length) { - OPENSSL_assert(aor != NULL && min != NULL && max != NULL); + if (aor == NULL || min == NULL || max == NULL) + return 0; switch (aor->type) { case IPAddressOrRange_addressPrefix: - addr_expand(min, aor->u.addressPrefix, length, 0x00); - addr_expand(max, aor->u.addressPrefix, length, 0xFF); - return; + return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && + addr_expand(max, aor->u.addressPrefix, length, 0xFF)); case IPAddressOrRange_addressRange: - addr_expand(min, aor->u.addressRange->min, length, 0x00); - addr_expand(max, aor->u.addressRange->max, length, 0xFF); - return; + return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && + addr_expand(max, aor->u.addressRange->max, length, 0xFF)); } + return 0; } /* @@ -681,9 +695,9 @@ int v3_addr_get_range(IPAddressOrRange * if (aor == NULL || min == NULL || max == NULL || afi_length == 0 || length < afi_length || (aor->type != IPAddressOrRange_addressPrefix && - aor->type != IPAddressOrRange_addressRange)) + aor->type != IPAddressOrRange_addressRange) || + !extract_min_max(aor, min, max, afi_length)) return 0; - extract_min_max(aor, min, max, afi_length); return afi_length; } @@ -765,8 +779,9 @@ int v3_addr_is_canonical(IPAddrBlocks *a IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); - extract_min_max(a, a_min, a_max, length); - extract_min_max(b, b_min, b_max, length); + if (!extract_min_max(a, a_min, a_max, length) || + !extract_min_max(b, b_min, b_max, length)) + return 0; /* * Punt misordered list, overlapping start, or inverted range. @@ -799,8 +814,9 @@ int v3_addr_is_canonical(IPAddrBlocks *a j = sk_IPAddressOrRange_num(aors) - 1; { IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a->type == IPAddressOrRange_addressRange) { - extract_min_max(a, a_min, a_max, length); + if (a != NULL && a->type == IPAddressOrRange_addressRange) { + if (!extract_min_max(a, a_min, a_max, length)) + return 0; if (range_should_be_prefix(a_min, a_max, length) >= 0) return 0; } @@ -835,8 +851,9 @@ static int IPAddressOrRanges_canonize(IP unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; - extract_min_max(a, a_min, a_max, length); - extract_min_max(b, b_min, b_max, length); + if (!extract_min_max(a, a_min, a_max, length) || + !extract_min_max(b, b_min, b_max, length)) + return 0; /* * Punt overlaps. @@ -1096,13 +1113,15 @@ static int addr_contains(IPAddressOrRang p = 0; for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { - extract_min_max(sk_IPAddressOrRange_value(child, c), - c_min, c_max, length); + if (!extract_min_max(sk_IPAddressOrRange_value(child, c), + c_min, c_max, length)) + return -1; for (;; p++) { if (p >= sk_IPAddressOrRange_num(parent)) return 0; - extract_min_max(sk_IPAddressOrRange_value(parent, p), - p_min, p_max, length); + if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), + p_min, p_max, length)) + return 0; if (memcmp(p_max, c_max, length) < 0) continue; if (memcmp(p_min, c_min, length) > 0) ++++++ CVE-2011-4619.patch ++++++ Index: openssl-1.0.0c/ssl/s3_srvr.c =================================================================== --- openssl-1.0.0c.orig/ssl/s3_srvr.c +++ openssl-1.0.0c/ssl/s3_srvr.c @@ -258,6 +258,7 @@ int ssl3_accept(SSL *s) } s->init_num=0; + s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; if (s->state != SSL_ST_RENEGOTIATE) { @@ -755,6 +756,14 @@ int ssl3_check_client_hello(SSL *s) int ok; long n; + /* We only allow the client to restart the handshake once per + * negotiation. */ + if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) + { + SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); + return -1; + } + /* this function is called when we really expect a Certificate message, * so permit appropriate message length */ n=s->method->ssl_get_message(s, @@ -785,6 +794,7 @@ int ssl3_check_client_hello(SSL *s) s->s3->tmp.ecdh = NULL; } #endif + s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; return 2; } return 1; Index: openssl-1.0.0c/ssl/ssl.h =================================================================== --- openssl-1.0.0c.orig/ssl/ssl.h +++ openssl-1.0.0c/ssl/ssl.h @@ -1882,6 +1882,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_CALLBACK_CTRL 233 #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 #define SSL_F_SSL3_CLIENT_HELLO 131 #define SSL_F_SSL3_CONNECT 132 #define SSL_F_SSL3_CTRL 213 @@ -2139,6 +2140,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_MISSING_TMP_RSA_KEY 172 #define SSL_R_MISSING_TMP_RSA_PKEY 173 #define SSL_R_MISSING_VERIFY_MESSAGE 174 +#define SSL_R_MULTIPLE_SGC_RESTARTS 346 #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 #define SSL_R_NO_CERTIFICATES_RETURNED 176 #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 Index: openssl-1.0.0c/ssl/ssl3.h =================================================================== --- openssl-1.0.0c.orig/ssl/ssl3.h +++ openssl-1.0.0c/ssl/ssl3.h @@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st #define SSL3_FLAGS_POP_BUFFER 0x0004 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + +/* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us + * from restarting the handshake in a loop. It's reset on a + * renegotiation, so effectively limits the client to one restart + * per negotiation. This limits the possibility of a DDoS + * attack where the client handshakes in a loop using SGC to + * restart. Servers which permit renegotiation can still be + * effected, but we can't prevent that. + */ +#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 typedef struct ssl3_state_st { Index: openssl-1.0.0c/ssl/ssl_err.c =================================================================== --- openssl-1.0.0c.orig/ssl/ssl_err.c +++ openssl-1.0.0c/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -137,6 +137,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, +{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, @@ -397,6 +398,7 @@ static ERR_STRING_DATA SSL_str_reasons[] {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, +{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, ++++++ CVE-2012-0027.patch ++++++ Index: openssl-1.0.0c/engines/ccgost/gost2001_keyx.c =================================================================== --- openssl-1.0.0c.orig/engines/ccgost/gost2001_keyx.c +++ openssl-1.0.0c/engines/ccgost/gost2001_keyx.c @@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX * } param = get_encryption_params(gkt->key_agreement_info->cipher); + if(!param){ + goto err; + } + gost_init(&ctx,param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); Index: openssl-1.0.0c/engines/ccgost/gost94_keyx.c =================================================================== --- openssl-1.0.0c.orig/engines/ccgost/gost94_keyx.c +++ openssl-1.0.0c/engines/ccgost/gost94_keyx.c @@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX * } param = get_encryption_params(gkt->key_agreement_info->cipher); + if(!param){ + goto err; + } + gost_init(&cctx,param->sblock); OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
