CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: riz
Date: Tue May 22 18:52:40 UTC 2012
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: d1_enc.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1762):
crypto/dist/openssl/ssl/d1_enc.c: patch
pull in upstream rev.22547:
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1
and DTLS to fix DoS attack.
(CVE-2012-2333)
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 src/crypto/dist/openssl/ssl/d1_enc.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/d1_enc.c
diff -u src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3 src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3.8.1
--- src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3 Fri May 9 21:34:43 2008
+++ src/crypto/dist/openssl/ssl/d1_enc.c Tue May 22 18:52:40 2012
@@ -254,7 +254,7 @@ int dtls1_enc(SSL *s, int send)
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i (int)rec-length)
+ if (i + bs (int)rec-length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: riz
Date: Wed Jan 25 18:55:04 UTC 2012
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: d1_pkt.c
Log Message:
Apply patch (requested by drochner in ticket #1710):
crypto/dist/openssl/ssl/d1_pkt.c
Address CVS-2012-0050.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5.8.1 -r1.1.1.5.8.2 src/crypto/dist/openssl/ssl/d1_pkt.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/d1_pkt.c
diff -u src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.8.1 src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.8.2
--- src/crypto/dist/openssl/ssl/d1_pkt.c:1.1.1.5.8.1 Sun Jul 5 00:31:20 2009
+++ src/crypto/dist/openssl/ssl/d1_pkt.c Wed Jan 25 18:55:04 2012
@@ -375,6 +375,8 @@ dtls1_process_record(SSL *s)
SSL3_RECORD *rr;
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= (s-s3-rrec);
@@ -409,12 +411,10 @@ dtls1_process_record(SSL *s)
enc_err = s-method-ssl3_enc-enc(s,0);
if (enc_err = 0)
{
- if (enc_err == 0)
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
-
- /* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
+ /* To minimize information leaked via timing, we will always
+ * perform all computations before discarding the message.
+ */
+ decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
@@ -440,28 +440,32 @@ printf(\n);
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr-input (it's in mac_size bytes at the tail) */
- if (rr-length mac_size)
+ if (rr-length = mac_size)
{
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- goto decryption_failed_or_bad_record_mac;
-#endif
+ rr-length -= mac_size;
+ mac = rr-data[rr-length];
}
- rr-length-=mac_size;
+ else
+ rr-length = 0;
i=s-method-ssl3_enc-mac(s,md,0);
- if (memcmp(md,(rr-data[rr-length]),mac_size) != 0)
+ if (i 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* decryption failed, silently discard message */
+ rr-length = 0;
+ s-packet_length = 0;
+ goto err;
+ }
+
/* r-length is now just compressed */
if (s-expand != NULL)
{
@@ -500,14 +504,6 @@ printf(\n);
dtls1_record_bitmap_update(s, (s-d1-bitmap));/* Mark receipt of record. */
return(1);
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src Committed By: riz Date: Wed Jan 25 20:34:26 UTC 2012 Modified Files: src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_enc.c Log Message: Apply patch (requested by drochner in ticket #1713): crypto/dist/openssl/ssl/s3_enc.cpatch Address CVE-2011-4576. [drochner, ticket #1713] To generate a diff of this commit: cvs rdiff -u -r1.1.1.12.8.1 -r1.1.1.12.8.2 \ src/crypto/dist/openssl/ssl/s3_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/ssl/s3_enc.c diff -u src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.8.1 src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.8.2 --- src/crypto/dist/openssl/ssl/s3_enc.c:1.1.1.12.8.1 Mon Apr 12 00:46:57 2010 +++ src/crypto/dist/openssl/ssl/s3_enc.c Wed Jan 25 20:34:26 2012 @@ -504,6 +504,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(rec-input[rec-length], 0, i); rec-length+=i; rec-input[l-1]=(i-1); }
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: bouyer
Date: Wed Feb 16 21:00:32 UTC 2011
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: t1_lib.c
Log Message:
Pull up following revision(s) (requested by spz in ticket #1545):
crypto/external/bsd/openssl/dist/ssl/t1_lib.c: revision 1.4 via patch
fix for CVE-2011-0014 (OCSP stapling vulnerability in OpenSSL)
patch taken from http://www.openssl.org/news/secadv_20110208.txt
To generate a diff of this commit:
cvs rdiff -u -r1.2.8.2 -r1.2.8.3 src/crypto/dist/openssl/ssl/t1_lib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/t1_lib.c
diff -u src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.2 src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.3
--- src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.2 Fri Dec 10 21:44:33 2010
+++ src/crypto/dist/openssl/ssl/t1_lib.c Wed Feb 16 21:00:32 2011
@@ -810,6 +810,7 @@
}
n2s(data, idsize);
dsize -= 2 + idsize;
+ size -= 2 + idsize;
if (dsize 0)
{
*al = SSL_AD_DECODE_ERROR;
@@ -848,9 +849,14 @@
}
/* Read in request_extensions */
+if (size 2)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
n2s(data,dsize);
size -= 2;
-if (dsize size)
+if (dsize != size)
{
*al = SSL_AD_DECODE_ERROR;
return 0;
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: bouyer
Date: Fri Dec 10 21:42:43 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_clnt.c s3_srvr.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1509):
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c: revision 1.6 via patch
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c: revision 1.3 via patch
openssl security patch of the day:
Fix a flaw in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections. See
http://www.openssl.org/news/secadv_20101202.txt
(CVE-2010-4180)
To generate a diff of this commit:
cvs rdiff -u -r1.12.4.1.2.1 -r1.12.4.1.2.2 \
src/crypto/dist/openssl/ssl/s3_clnt.c
cvs rdiff -u -r1.15.4.1.2.2 -r1.15.4.1.2.3 \
src/crypto/dist/openssl/ssl/s3_srvr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/s3_clnt.c
diff -u src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1.2.1 src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1.2.2
--- src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1.2.1 Tue Sep 7 19:31:04 2010
+++ src/crypto/dist/openssl/ssl/s3_clnt.c Fri Dec 10 21:42:43 2010
@@ -842,8 +842,11 @@
s-session-cipher_id = s-session-cipher-id;
if (s-hit (s-session-cipher_id != c-id))
{
+/* Workaround is now obsolete */
+#if 0
if (!(s-options
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
Index: src/crypto/dist/openssl/ssl/s3_srvr.c
diff -u src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1.2.2 src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1.2.3
--- src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1.2.2 Mon Apr 12 00:46:57 2010
+++ src/crypto/dist/openssl/ssl/s3_srvr.c Fri Dec 10 21:42:43 2010
@@ -959,12 +959,17 @@
}
if (j == 0)
{
+/* Disabled because it can be used in a ciphersuite downgrade
+ * attack: CVE-2010-4180.
+ */
+#if 0
if ((s-options SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Very bad for multi-threading */
s-session-cipher=sk_SSL_CIPHER_value(ciphers, 0);
}
else
+#endif
{
/* we need to have the cipher in the cipher
* list if we are asked to reuse it */
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: bouyer
Date: Fri Dec 10 21:44:33 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: t1_lib.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1510):
crypto/external/bsd/openssl/dist/ssl/t1_lib.c: revision 1.3 via patch
fix bug introduced by last security patch, from upstream CVS:
Don't assume a decode error if session tlsext_ecpointformatlist is
not NULL: it can be legitimately set elsewhere.
To generate a diff of this commit:
cvs rdiff -u -r1.2.8.1 -r1.2.8.2 src/crypto/dist/openssl/ssl/t1_lib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/t1_lib.c
diff -u src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.1 src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.2
--- src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.1 Fri Nov 19 21:12:02 2010
+++ src/crypto/dist/openssl/ssl/t1_lib.c Fri Dec 10 21:44:33 2010
@@ -689,8 +689,8 @@
{
if(s-session-tlsext_ecpointformatlist)
{
- *al = TLS1_AD_DECODE_ERROR;
- return 0;
+ OPENSSL_free(s-session-tlsext_ecpointformatlist);
+ s-session-tlsext_ecpointformatlist = NULL;
}
s-session-tlsext_ecpointformatlist_length = 0;
if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: riz
Date: Fri Nov 19 21:12:02 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: t1_lib.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1479):
crypto/dist/openssl/ssl/t1_lib.c: patch
apply patch from a rel=nofollow
href=http://www.openssl.org/news/secadv_20101116.txt;http://www.openssl.org/news/secadv_20101116.txt/a
to fix a race condition which can be exploited in a buffer
overrun attack (CVE-2010-3864)
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.8.1 src/crypto/dist/openssl/ssl/t1_lib.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/t1_lib.c
diff -u src/crypto/dist/openssl/ssl/t1_lib.c:1.2 src/crypto/dist/openssl/ssl/t1_lib.c:1.2.8.1
--- src/crypto/dist/openssl/ssl/t1_lib.c:1.2 Thu Jun 5 15:30:10 2008
+++ src/crypto/dist/openssl/ssl/t1_lib.c Fri Nov 19 21:12:02 2010
@@ -625,14 +625,23 @@
switch (servname_type)
{
case TLSEXT_NAMETYPE_host_name:
- if (s-session-tlsext_hostname == NULL)
+ if (!s-hit)
{
- if (len TLSEXT_MAXLEN_host_name ||
- ((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+ if(s-session-tlsext_hostname)
+ {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (len TLSEXT_MAXLEN_host_name)
{
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
+ if ((s-session-tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+ {
+ *al = TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
memcpy(s-session-tlsext_hostname, sdata, len);
s-session-tlsext_hostname[len]='\0';
if (strlen(s-session-tlsext_hostname) != len) {
@@ -645,7 +654,8 @@
}
else
- s-servername_done = strlen(s-session-tlsext_hostname) == len
+ s-servername_done = s-session-tlsext_hostname
+ strlen(s-session-tlsext_hostname) == len
strncmp(s-session-tlsext_hostname, (char *)sdata, len) == 0;
break;
@@ -675,15 +685,22 @@
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
- s-session-tlsext_ecpointformatlist_length = 0;
- if (s-session-tlsext_ecpointformatlist != NULL) OPENSSL_free(s-session-tlsext_ecpointformatlist);
- if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+ if (!s-hit)
{
-*al = TLS1_AD_INTERNAL_ERROR;
-return 0;
+if(s-session-tlsext_ecpointformatlist)
+ {
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
+ }
+s-session-tlsext_ecpointformatlist_length = 0;
+if ((s-session-tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+ {
+ *al = TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
+s-session-tlsext_ecpointformatlist_length = ecpointformatlist_length;
+memcpy(s-session-tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
}
- s-session-tlsext_ecpointformatlist_length = ecpointformatlist_length;
- memcpy(s-session-tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
#if 0
fprintf(stderr,ssl_parse_clienthello_tlsext s-session-tlsext_ecpointformatlist (length=%i) , s-session-tlsext_ecpointformatlist_length);
sdata = s-session-tlsext_ecpointformatlist;
@@ -703,15 +720,22 @@
*al = TLS1_AD_DECODE_ERROR;
return 0;
}
- s-session-tlsext_ellipticcurvelist_length = 0;
- if (s-session-tlsext_ellipticcurvelist != NULL) OPENSSL_free(s-session-tlsext_ellipticcurvelist);
- if ((s-session-tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+ if (!s-hit)
{
-*al = TLS1_AD_INTERNAL_ERROR;
-return 0;
+if(s-session-tlsext_ellipticcurvelist)
+ {
+ *al = TLS1_AD_DECODE_ERROR;
+ return 0;
+ }
+s-session-tlsext_ellipticcurvelist_length = 0;
+if ((s-session-tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+ {
+ *al = TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
+s-session-tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
+memcpy(s-session-tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
}
- s-session-tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
- memcpy(s-session-tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
#if 0
fprintf(stderr,ssl_parse_clienthello_tlsext s-session-tlsext_ellipticcurvelist (length=%i) , s-session-tlsext_ellipticcurvelist_length);
sdata = s-session-tlsext_ellipticcurvelist;
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src Committed By: bouyer Date: Tue Sep 7 19:31:04 UTC 2010 Modified Files: src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_clnt.c Log Message: Pull up following revision(s) (requested by drochner in ticket #1447): crypto/external/bsd/openssl/dist/ssl/s3_clnt.c: revision 1.2 via patch fix a double free() in error case, see the thread openssl-1.0.0a and glibc detected sthg ;) in openssl-dev. I was getting a SEGV with the example posted there. To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.1.2.1 src/crypto/dist/openssl/ssl/s3_clnt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/ssl/s3_clnt.c diff -u src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1 src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1.2.1 --- src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.1 Tue Jan 20 21:28:09 2009 +++ src/crypto/dist/openssl/ssl/s3_clnt.c Tue Sep 7 19:31:04 2010 @@ -1460,6 +1460,7 @@ s-session-sess_cert-peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; }
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: snj
Date: Sun Mar 28 15:22:01 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_pkt.c
Log Message:
Apply patch (requested by bouyer in ticket #1355):
Apply patchset 19476 from openssl repository, fixing CVE-2010-0740.
from http://www.openssl.org/news/secadv_20100324.txt:
In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL.
To generate a diff of this commit:
cvs rdiff -u -r1.9.8.2 -r1.9.8.3 src/crypto/dist/openssl/ssl/s3_pkt.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/s3_pkt.c
diff -u src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.2 src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.3
--- src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.2 Tue Jan 12 09:08:45 2010
+++ src/crypto/dist/openssl/ssl/s3_pkt.c Sun Mar 28 15:22:01 2010
@@ -313,9 +313,9 @@
if (version != s-version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-/* Send back error using their
- * version number :-) */
-s-version=version;
+if ((s-version 0xFF00) == (version 0xFF00))
+ /* Send back error using their minor version number :-) */
+ s-version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: snj
Date: Tue Jan 12 09:08:45 UTC 2010
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: s3_lib.c s3_pkt.c s3_srvr.c
ssl_locl.h
Log Message:
Apply patch (requested by tonnerre in ticket #1237):
Disable OpenSSL renegotiation, thus avoiding CVE-2009-3555.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.14.8.1 src/crypto/dist/openssl/ssl/s3_lib.c
cvs rdiff -u -r1.9.8.1 -r1.9.8.2 src/crypto/dist/openssl/ssl/s3_pkt.c
cvs rdiff -u -r1.15.4.1 -r1.15.4.1.2.1 src/crypto/dist/openssl/ssl/s3_srvr.c
cvs rdiff -u -r1.13 -r1.13.8.1 src/crypto/dist/openssl/ssl/ssl_locl.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/s3_lib.c
diff -u src/crypto/dist/openssl/ssl/s3_lib.c:1.14 src/crypto/dist/openssl/ssl/s3_lib.c:1.14.8.1
--- src/crypto/dist/openssl/ssl/s3_lib.c:1.14 Tue Jun 10 19:45:00 2008
+++ src/crypto/dist/openssl/ssl/s3_lib.c Tue Jan 12 09:08:44 2010
@@ -3289,6 +3289,9 @@
if (s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return(0);
+ if (!(s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ return(0);
+
s-s3-renegotiate=1;
return(1);
}
Index: src/crypto/dist/openssl/ssl/s3_pkt.c
diff -u src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.1 src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.2
--- src/crypto/dist/openssl/ssl/s3_pkt.c:1.9.8.1 Sun Jul 5 00:31:20 2009
+++ src/crypto/dist/openssl/ssl/s3_pkt.c Tue Jan 12 09:08:45 2010
@@ -1041,6 +1041,7 @@
if (SSL_is_init_finished(s)
!(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+ (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
!s-s3-renegotiate)
{
ssl3_renegotiate(s);
@@ -1173,7 +1174,8 @@
if ((s-s3-handshake_fragment_len = 4) !s-in_handshake)
{
if (((s-stateSSL_ST_MASK) == SSL_ST_OK)
- !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+ !(s-s3-flags SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+ (s-s3-flags SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
#if 0 /* worked only because C operator preferences are not as expected (and
* because this is not really needed for clients except for detecting
Index: src/crypto/dist/openssl/ssl/s3_srvr.c
diff -u src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1 src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1.2.1
--- src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.1 Tue Jan 20 21:28:09 2009
+++ src/crypto/dist/openssl/ssl/s3_srvr.c Tue Jan 12 09:08:45 2010
@@ -763,6 +763,14 @@
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ if (s-new_session
+ !(s-s3-flagsSSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
+ {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ }
+
/* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
Index: src/crypto/dist/openssl/ssl/ssl_locl.h
diff -u src/crypto/dist/openssl/ssl/ssl_locl.h:1.13 src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.8.1
--- src/crypto/dist/openssl/ssl/ssl_locl.h:1.13 Tue Jun 10 19:45:00 2008
+++ src/crypto/dist/openssl/ssl/ssl_locl.h Tue Jan 12 09:08:45 2010
@@ -450,6 +450,8 @@
#define NAMED_CURVE_TYPE 3
#endif /* OPENSSL_NO_EC */
+#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
+
typedef struct cert_pkey_st
{
X509 *x509;
CVS commit: [netbsd-5-0] src/crypto/dist/openssl/ssl
Module Name:src
Committed By: snj
Date: Sun Jul 5 14:19:35 UTC 2009
Modified Files:
src/crypto/dist/openssl/ssl [netbsd-5-0]: d1_both.c
Log Message:
Pull up following revision(s) (requested by tonnerre in ticket #850):
crypto/dist/openssl/ssl/d1_both.c: revision 1.4
Forgot to commit this last night with the rest of ticket 850. Sigh.
Fix various vulnerabilities in OpenSSL which have not previously been
addressed: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386
and CVE-2009-1387.
Changes deal mostly with size checking of various elements and fixes
to various error paths.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.3.8.1 src/crypto/dist/openssl/ssl/d1_both.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/ssl/d1_both.c
diff -u src/crypto/dist/openssl/ssl/d1_both.c:1.3 src/crypto/dist/openssl/ssl/d1_both.c:1.3.8.1
--- src/crypto/dist/openssl/ssl/d1_both.c:1.3 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/ssl/d1_both.c Sun Jul 5 14:19:35 2009
@@ -518,6 +518,7 @@
if ( s-d1-handshake_read_seq == frag-msg_header.seq)
{
+ unsigned long frag_len = frag-msg_header.frag_len;
pqueue_pop(s-d1-buffered_messages);
al=dtls1_preprocess_fragment(s,frag-msg_header,max);
@@ -535,7 +536,7 @@
if (al==0)
{
*ok = 1;
- return frag-msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -560,7 +561,16 @@
if ((msg_hdr-frag_off+frag_len) msg_hdr-msg_len)
goto err;
- if (msg_hdr-seq = s-d1-handshake_read_seq)
+ /* Try to find item in queue, to prevent duplicate entries */
+ memset(seq64be,0,sizeof(seq64be));
+ seq64be[6] = (unsigned char) (msg_hdr-seq8);
+ seq64be[7] = (unsigned char) msg_hdr-seq;
+ item = pqueue_find(s-d1-buffered_messages, seq64be);
+
+ /* Discard the message if sequence number was already there, is
+ * too far in the future or the fragment is already in the queue */
+ if (msg_hdr-seq = s-d1-handshake_read_seq ||
+ msg_hdr-seq s-d1-handshake_read_seq + 10 || item != NULL)
{
unsigned char devnull [256];
@@ -574,30 +584,31 @@
}
}
- frag = dtls1_hm_fragment_new(frag_len);
- if ( frag == NULL)
- goto err;
+ if (frag_len)
+ {
+ frag = dtls1_hm_fragment_new(frag_len);
+ if ( frag == NULL)
+ goto err;
- memcpy((frag-msg_header), msg_hdr, sizeof(*msg_hdr));
+ memcpy((frag-msg_header), msg_hdr, sizeof(*msg_hdr));
- if (frag_len)
- {
/* read the body of the fragment (header has already been read */
i = s-method-ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
frag-fragment,frag_len,0);
if (i=0 || (unsigned long)i!=frag_len)
goto err;
- }
- memset(seq64be,0,sizeof(seq64be));
- seq64be[6] = (unsigned char)(msg_hdr-seq8);
- seq64be[7] = (unsigned char)(msg_hdr-seq);
+ pq_64bit_init(seq64);
+ pq_64bit_assign_word(seq64, msg_hdr-seq);
- item = pitem_new(seq64be, frag);
- if ( item == NULL)
- goto err;
+ item = pitem_new(seq64be, frag);
+ pq_64bit_free(seq64);
+ if ( item == NULL)
+ goto err;
+
+ pqueue_insert(s-d1-buffered_messages, item);
+ }
- pqueue_insert(s-d1-buffered_messages, item);
return DTLS1_HM_FRAGMENT_RETRY;
err:
