CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Thu Oct 27 16:20:23 UTC 2022 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: ssl_ciph.c Log Message: merge upstream commit 9b3219ba544db82cdad3058b9872058739559944: If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Thu Oct 27 16:20:23 UTC 2022 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: ssl_ciph.c Log Message: merge upstream commit 9b3219ba544db82cdad3058b9872058739559944: If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.21 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.22 --- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.21 Fri Jan 7 10:50:11 2022 +++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Thu Oct 27 12:20:23 2022 @@ -1026,9 +1026,7 @@ static int ssl_cipher_process_rulestr(co * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND); -retval = found = 0; -l++; -break; + return 0; } if (rule == CIPHER_SPECIAL) {
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Thu May 15 12:53:52 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c Log Message: Avoid NULL dereference. (FreeBSD SA14:10) To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.14 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.15 --- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.14 Sun Apr 13 09:14:15 2014 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Thu May 15 08:53:52 2014 @@ -658,6 +658,10 @@ static int do_ssl3_write(SSL *s, int typ if (i = 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb-buf == NULL) + if (!ssl3_setup_write_buffer(s)) +return -1; } if (len == 0 !create_empty_fragment)
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Thu May 15 12:53:52 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c Log Message: Avoid NULL dereference. (FreeBSD SA14:10) To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Sun Apr 13 13:14:15 UTC 2014 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c Log Message: Fix use after free: https://rt.openssl.org/Ticket/Display.html?id=2167user=guestpass=guest https://rt.openssl.org/Ticket/Display.html?id=3265user=guestpass=guest To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: christos Date: Fri Jul 27 21:22:55 UTC 2012 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: remove extra parens that make clang bitchy. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.6 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.7 --- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.6 Thu Jul 26 15:58:40 2012 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Fri Jul 27 17:22:55 2012 @@ -1527,7 +1527,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char selected_len; /* We must have requested it. */ - if ((s-ctx-next_proto_select_cb == NULL)) + if (s-ctx-next_proto_select_cb == NULL) { *al = TLS1_AD_UNSUPPORTED_EXTENSION; return 0;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Fri May 11 18:07:34 UTC 2012 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: d1_enc.c t1_enc.c Log Message: pull in upstream rev.22547: Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. (CVE-2012-2333) To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.1.1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c:1.1.1.3 Sun Jun 5 15:00:31 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c Fri May 11 18:07:33 2012 @@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ - if (i (int)rec-length) + if (i + bs (int)rec-length) { /* Incorrect padding. SSLerr() and ssl3_alert are done * by caller: we don't want to reveal whether this is Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.4 --- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.3 Sun Jun 5 23:09:49 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Fri May 11 18:07:34 2012 @@ -823,6 +823,8 @@ int tls1_enc(SSL *s, int send) if (s-version = TLS1_1_VERSION EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE) { +if (bs (int)rec-length) + return -1; rec-data += bs;/* skip the explicit IV */ rec-input += bs; rec-length -= bs;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Fri May 11 18:07:34 UTC 2012 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: d1_enc.c t1_enc.c Log Message: pull in upstream rev.22547: Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. (CVE-2012-2333) To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/d1_enc.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Wed Jan 18 20:08:50 UTC 2012 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: d1_pkt.c Log Message: pull in rev.22050 from upstream CVS, following secadv_20120118.txt: Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.3 --- src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2 Thu Jan 5 17:32:02 2012 +++ src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Wed Jan 18 20:08:49 2012 @@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= (s-s3-rrec); @@ -450,19 +451,15 @@ printf(\n); #endif } /* check the MAC for rr-input (it's in mac_size bytes at the tail) */ - if (rr-length mac_size) + if (rr-length = mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr-length -= mac_size; + mac = rr-data[rr-length]; } - rr-length-=mac_size; + else + rr-length = 0; i=s-method-ssl3_enc-mac(s,md,0); - if (i 0 || memcmp(md,(rr-data[rr-length]),mac_size) != 0) + if (i 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; }
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Thu Jul 7 18:11:19 UTC 2011 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_lib.c s3_pkt.c s3_srvr.c ssl_locl.h Log Message: remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses another mechanism now, and these remainders break renogotiation with (at least) tor and postgres To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.6 --- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.5 Sun Jun 5 23:09:48 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Thu Jul 7 18:11:18 2011 @@ -3727,9 +3727,6 @@ if (s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); - if (!(s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - return(0); - s-s3-renegotiate=1; return(1); } Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.8 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.9 --- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.8 Sun Jun 5 23:09:48 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Thu Jul 7 18:11:19 2011 @@ -1108,7 +1108,6 @@ if (SSL_is_init_finished(s) !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) !s-s3-renegotiate) { ssl3_renegotiate(s); @@ -1278,8 +1277,7 @@ if ((s-s3-handshake_fragment_len = 4) !s-in_handshake) { if (((s-stateSSL_ST_MASK) == SSL_ST_OK) - !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.7 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.8 --- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.7 Sun Jun 5 23:09:49 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jul 7 18:11:19 2011 @@ -877,14 +877,6 @@ #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; - if (s-new_session - !(s-s3-flagsSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - goto f_err; - } - /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.3 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.4 --- src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.3 Sun Jun 5 23:09:49 2011 +++ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Thu Jul 7 18:11:19 2011 @@ -459,8 +459,6 @@ #define NAMED_CURVE_TYPE 3 #endif /* OPENSSL_NO_EC */ -#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 - typedef struct cert_pkey_st { X509 *x509;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Thu Jul 7 18:11:19 UTC 2011 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_lib.c s3_pkt.c s3_srvr.c ssl_locl.h Log Message: remove SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -- openssl uses another mechanism now, and these remainders break renogotiation with (at least) tor and postgres To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: spz Date: Thu Feb 10 06:04:54 UTC 2011 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL) patch taken from http://www.openssl.org/news/secadv_20110208.txt To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.4 --- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.3 Tue Dec 7 10:03:29 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Thu Feb 10 06:04:54 2011 @@ -916,6 +916,7 @@ } n2s(data, idsize); dsize -= 2 + idsize; + size -= 2 + idsize; if (dsize 0) { *al = SSL_AD_DECODE_ERROR; @@ -954,9 +955,14 @@ } /* Read in request_extensions */ +if (size 2) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } n2s(data,dsize); size -= 2; -if (dsize size) +if (dsize != size) { *al = SSL_AD_DECODE_ERROR; return 0;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: spz Date: Thu Feb 10 06:04:54 UTC 2011 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL) patch taken from http://www.openssl.org/news/secadv_20110208.txt To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Dec 7 09:10:22 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_clnt.c s3_srvr.c Log Message: openssl security patch of the day: Fix a flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicous clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. See http://www.openssl.org/news/secadv_20101202.txt (CVE-2010-4180) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.3 --- src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.2 Tue Aug 10 11:01:00 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Tue Dec 7 09:10:21 2010 @@ -870,8 +870,11 @@ s-session-cipher_id = s-session-cipher-id; if (s-hit (s-session-cipher_id != c-id)) { +/* Workaround is now obsolete */ +#if 0 if (!(s-options SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.6 --- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.5 Fri Apr 9 04:34:13 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Tue Dec 7 09:10:21 2010 @@ -975,6 +975,10 @@ break; } } +/* Disabled because it can be used in a ciphersuite downgrade + * attack: CVE-2010-4180. + */ +#if 0 if (j == 0 (s-options SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) (sk_SSL_CIPHER_num(ciphers) == 1)) { /* Special case as client bug workaround: the previously used cipher may @@ -989,6 +993,7 @@ j = 1; } } +#endif if (j == 0) { /* we need to have the cipher in the cipher
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Dec 7 10:03:29 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: fix bug introduced by last security patch, from upstream CVS: Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.3 --- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.2 Wed Nov 17 12:09:34 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Tue Dec 7 10:03:29 2010 @@ -778,8 +778,8 @@ { if(s-session-tlsext_ecpointformatlist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; + OPENSSL_free(s-session-tlsext_ecpointformatlist); + s-session-tlsext_ecpointformatlist = NULL; } s-session-tlsext_ecpointformatlist_length = 0; if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Dec 7 09:10:22 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_clnt.c s3_srvr.c Log Message: openssl security patch of the day: Fix a flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicous clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. See http://www.openssl.org/news/secadv_20101202.txt (CVE-2010-4180) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Dec 7 10:03:29 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: fix bug introduced by last security patch, from upstream CVS: Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Wed Nov 17 12:09:34 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: apply patch from http://www.openssl.org/news/secadv_20101116.txt to fix a race condition which can be exploited in a buffer overrun attack (CVE-2010-3864) To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.1.1.2 Sat Dec 26 23:34:36 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Wed Nov 17 12:09:34 2010 @@ -713,14 +713,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s-session-tlsext_hostname == NULL) + if (!s-hit) { - if (len TLSEXT_MAXLEN_host_name || - ((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s-session-tlsext_hostname) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s-session-tlsext_hostname, sdata, len); s-session-tlsext_hostname[len]='\0'; if (strlen(s-session-tlsext_hostname) != len) { @@ -733,7 +742,8 @@ } else - s-servername_done = strlen(s-session-tlsext_hostname) == len + s-servername_done = s-session-tlsext_hostname + strlen(s-session-tlsext_hostname) == len strncmp(s-session-tlsext_hostname, (char *)sdata, len) == 0; break; @@ -764,15 +774,22 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - s-session-tlsext_ecpointformatlist_length = 0; - if (s-session-tlsext_ecpointformatlist != NULL) OPENSSL_free(s-session-tlsext_ecpointformatlist); - if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s-hit) { -*al = TLS1_AD_INTERNAL_ERROR; -return 0; +if(s-session-tlsext_ecpointformatlist) + { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } +s-session-tlsext_ecpointformatlist_length = 0; +if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } +s-session-tlsext_ecpointformatlist_length = ecpointformatlist_length; +memcpy(s-session-tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s-session-tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s-session-tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,ssl_parse_clienthello_tlsext s-session-tlsext_ecpointformatlist (length=%i) , s-session-tlsext_ecpointformatlist_length); sdata = s-session-tlsext_ecpointformatlist; @@ -793,15 +810,22 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - s-session-tlsext_ellipticcurvelist_length = 0; - if (s-session-tlsext_ellipticcurvelist != NULL) OPENSSL_free(s-session-tlsext_ellipticcurvelist); - if ((s-session-tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + if (!s-hit) { -*al = TLS1_AD_INTERNAL_ERROR; -return 0; +if(s-session-tlsext_ellipticcurvelist) + { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } +s-session-tlsext_ellipticcurvelist_length = 0; +if ((s-session-tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } +s-session-tlsext_ellipticcurvelist_length = ellipticcurvelist_length; +memcpy(s-session-tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } - s-session-tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s-session-tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); #if 0 fprintf(stderr,ssl_parse_clienthello_tlsext s-session-tlsext_ellipticcurvelist (length=%i) , s-session-tlsext_ellipticcurvelist_length); sdata = s-session-tlsext_ellipticcurvelist;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Wed Nov 17 12:09:34 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: t1_lib.c Log Message: apply patch from http://www.openssl.org/news/secadv_20101116.txt to fix a race condition which can be exploited in a buffer overrun attack (CVE-2010-3864) To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Aug 10 11:01:01 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_clnt.c Log Message: fix a double free() in error case, see the thread openssl-1.0.0a and glibc detected sthg ;) in openssl-dev. I was getting a SEGV with the example posted there. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c:1.1.1.2 Sat Dec 26 23:34:23 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Tue Aug 10 11:01:00 2010 @@ -1489,6 +1489,7 @@ s-session-sess_cert-peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; }
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: drochner Date: Tue Aug 10 11:01:01 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_clnt.c Log Message: fix a double free() in error case, see the thread openssl-1.0.0a and glibc detected sthg ;) in openssl-dev. I was getting a SEGV with the example posted there. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: bouyer Date: Fri Apr 9 04:34:13 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_enc.c s3_srvr.c t1_enc.c Log Message: Fix crash in openssl (I suspect caused by malformed packets): handshake_dgst[] may be used without being allocated, causing NULL pointer dereference. Fix by checking that handshake_dgst is not NULL before use. Reported to openssl as ticket openssl.org #2214. Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with freeradius (fixing segmentation fault in both cases). To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.1.1.1 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.1.1.1 Sun Jul 19 23:05:47 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c Fri Apr 9 04:34:13 2010 @@ -578,7 +578,7 @@ { BIO_write (s-s3-handshake_buffer,(void *)buf,len); } - else + else if (s-s3-handshake_dgst != NULL) { int i; for (i=0;i SSL_MAX_DIGEST;i++) Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.4 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.5 --- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.4 Sun Jan 10 16:39:10 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Fri Apr 9 04:34:13 2010 @@ -537,20 +537,22 @@ if (s-s3-handshake_buffer) if (!ssl3_digest_cached_records(s)) return -1; -for (dgst_num=0; dgst_numSSL_MAX_DIGEST;dgst_num++) - if (s-s3-handshake_dgst[dgst_num]) - { - int dgst_size; - - s-method-ssl3_enc-cert_verify_mac(s,EVP_MD_CTX_type(s-s3-handshake_dgst[dgst_num]),(s-s3-tmp.cert_verify_md[offset])); - dgst_size=EVP_MD_CTX_size(s-s3-handshake_dgst[dgst_num]); - if (dgst_size 0) +if (s-s3-handshake_dgst != NULL) { + for (dgst_num=0; dgst_numSSL_MAX_DIGEST;dgst_num++) + if (s-s3-handshake_dgst[dgst_num]) { - ret = -1; - goto end; - } - offset+=dgst_size; - } + int dgst_size; + + s-method-ssl3_enc-cert_verify_mac(s,EVP_MD_CTX_type(s-s3-handshake_dgst[dgst_num]),(s-s3-tmp.cert_verify_md[offset])); + dgst_size=EVP_MD_CTX_size(s-s3-handshake_dgst[dgst_num]); + if (dgst_size 0) +{ +ret = -1; +goto end; +} + offset+=dgst_size; + } + } } break; Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.1.1.2 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.1.1.2 Sat Dec 26 23:34:36 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Fri Apr 9 04:34:13 2010 @@ -788,14 +788,16 @@ if (!ssl3_digest_cached_records(s)) return 0; - for (i=0;iSSL_MAX_DIGEST;i++) - { - if (s-s3-handshake_dgst[i]EVP_MD_CTX_type(s-s3-handshake_dgst[i])==md_nid) - { - d=s-s3-handshake_dgst[i]; - break; + if (s-s3-handshake_dgst) { + for (i=0;iSSL_MAX_DIGEST;i++) + { + if (s-s3-handshake_dgst[i]EVP_MD_CTX_type(s-s3-handshake_dgst[i])==md_nid) +{ +d=s-s3-handshake_dgst[i]; +break; +} } - } + } if (!d) { SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST); return 0; @@ -833,7 +835,7 @@ if (mask s-s3-tmp.new_cipher-algorithm2) { int hashsize = EVP_MD_size(md); - if (hashsize 0 || hashsize (int)(sizeof buf - (size_t)(q-buf))) + if (hashsize 0 || hashsize (int)(sizeof buf - (size_t)(q-buf)) || s-s3-handshake_dgst == NULL) { /* internal error: 'buf' is too small for this cipersuite! */ err = 1;
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: bouyer Date: Fri Apr 9 04:34:13 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_enc.c s3_srvr.c t1_enc.c Log Message: Fix crash in openssl (I suspect caused by malformed packets): handshake_dgst[] may be used without being allocated, causing NULL pointer dereference. Fix by checking that handshake_dgst is not NULL before use. Reported to openssl as ticket openssl.org #2214. Fix tested on netbsd-5 by Luke Mewburn with apache, and by me with freeradius (fixing segmentation fault in both cases). To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: bouyer Date: Sun Mar 28 11:32:29 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c Log Message: Apply patchset 19476 from openssl repository, fixing CVE-2010-0740. from http://www.openssl.org/news/secadv_20100324.txt: In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.7 --- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.6 Sun Jan 10 16:39:10 2010 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Sun Mar 28 11:32:29 2010 @@ -337,9 +337,9 @@ if (version != s-version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); -/* Send back error using their - * version number :-) */ -s-version=version; +if ((s-version 0xFF00) == (version 0xFF00)) + /* Send back error using their minor version number :-) */ + s-version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; }
CVS commit: src/crypto/external/bsd/openssl/dist/ssl
Module Name:src Committed By: tonnerre Date: Sun Jan 10 16:39:10 UTC 2010 Modified Files: src/crypto/external/bsd/openssl/dist/ssl: s3_lib.c s3_pkt.c s3_srvr.c ssl_locl.h Log Message: Instead of unconditionally disabling SSL3 renegociation, add the flag SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set by the software which needs unsafe renegociation. Patch from OpenSSL CVS. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c \ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c cvs rdiff -u -r1.1.1.2 -r1.2 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.4 --- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.3 Sun Dec 27 00:48:56 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Sun Jan 10 16:39:10 2010 @@ -3298,6 +3298,9 @@ if (s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) return(0); + if (!(s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + return(0); + s-s3-renegotiate=1; return(1); } Index: src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.3 src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.4 --- src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c:1.3 Sun Dec 27 00:48:56 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Sun Jan 10 16:39:10 2010 @@ -776,6 +776,14 @@ #endif STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s-new_session + !(s-s3-flagsSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.5 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.6 --- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.5 Sun Dec 27 00:48:56 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c Sun Jan 10 16:39:10 2010 @@ -1105,6 +1105,7 @@ if (SSL_is_init_finished(s) !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) + (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) !s-s3-renegotiate) { ssl3_renegotiate(s); @@ -1270,7 +1271,8 @@ if ((s-s3-handshake_fragment_len = 4) !s-in_handshake) { if (((s-stateSSL_ST_MASK) == SSL_ST_OK) - !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) + (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.1.1.2 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.2 --- src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.1.1.2 Sat Dec 26 23:34:32 2009 +++ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Sun Jan 10 16:39:10 2010 @@ -453,6 +453,8 @@ #define NAMED_CURVE_TYPE 3 #endif /* OPENSSL_NO_EC */ +#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 + typedef struct cert_pkey_st { X509 *x509;