From 12aab15a0382a3b52261d6f0a460d2f794b7bfa1 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 20 Nov 2012 22:33:42 +0100 Subject: [PATCH] more fixes from upstream CVS - fix DSA key pairwise check (#878597) --- openssl-1.0.1c-backports2.patch | 298 +++++++++++++++++++++++++++++++- openssl-1.0.1c-fips.patch | 2 +- openssl.spec | 6 +- 3 files changed, 296 insertions(+), 10 deletions(-) diff --git a/openssl-1.0.1c-backports2.patch b/openssl-1.0.1c-backports2.patch index a6477e7..2e849bc 100644 --- a/openssl-1.0.1c-backports2.patch +++ b/openssl-1.0.1c-backports2.patch @@ -1,6 +1,6 @@ diff -up openssl-1.0.1c/apps/cms.c.backports2 openssl-1.0.1c/apps/cms.c --- openssl-1.0.1c/apps/cms.c.backports2 2012-01-05 14:46:27.000000000 +0100 -+++ openssl-1.0.1c/apps/cms.c 2012-09-07 10:34:42.000000000 +0200 ++++ openssl-1.0.1c/apps/cms.c 2012-11-14 20:27:50.240211707 +0100 @@ -233,6 +233,8 @@ int MAIN(int argc, char **argv) else if (!strcmp(*args,"-camellia256")) cipher = EVP_camellia_256_cbc(); @@ -19,9 +19,20 @@ diff -up openssl-1.0.1c/apps/cms.c.backports2 openssl-1.0.1c/apps/cms.c if (secret_key) { +diff -up openssl-1.0.1c/crypto/asn1/a_strex.c.backports2 openssl-1.0.1c/crypto/asn1/a_strex.c +--- openssl-1.0.1c/crypto/asn1/a_strex.c.backports2 2011-01-03 02:30:58.000000000 +0100 ++++ openssl-1.0.1c/crypto/asn1/a_strex.c 2012-11-20 22:13:05.722766980 +0100 +@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char ** + if(mbflag == -1) return -1; + mbflag |= MBSTRING_FLAG; + stmp.data = NULL; ++ stmp.length = 0; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); + if(ret < 0) return ret; + *out = stmp.data; diff -up openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 openssl-1.0.1c/crypto/bn/bn_lcl.h ---- openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 2012-09-06 17:25:22.000000000 +0200 -+++ openssl-1.0.1c/crypto/bn/bn_lcl.h 2012-09-07 10:22:43.000000000 +0200 +--- openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 2012-11-14 20:27:49.696199811 +0100 ++++ openssl-1.0.1c/crypto/bn/bn_lcl.h 2012-11-14 20:27:50.240211707 +0100 @@ -282,16 +282,23 @@ extern "C" { # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) @@ -48,9 +59,30 @@ diff -up openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 openssl-1.0.1c/crypto/bn/b # endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ +diff -up openssl-1.0.1c/crypto/evp/e_aes.c.backports2 openssl-1.0.1c/crypto/evp/e_aes.c +--- openssl-1.0.1c/crypto/evp/e_aes.c.backports2 2012-11-14 20:27:50.238211664 +0100 ++++ openssl-1.0.1c/crypto/evp/e_aes.c 2012-11-20 22:10:06.350891703 +0100 +@@ -968,8 +968,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + + if (!gctx->iv_set) + return -1; +- if (!ctx->encrypt && gctx->taglen < 0) +- return -1; + if (in) + { + if (out == NULL) +@@ -1011,6 +1009,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + { + if (!ctx->encrypt) + { ++ if (gctx->taglen < 0) ++ return -1; + if (CRYPTO_gcm128_finish(&gctx->gcm, + ctx->buf, gctx->taglen) != 0) + return -1; diff -up openssl-1.0.1c/crypto/modes/gcm128.c.backports2 openssl-1.0.1c/crypto/modes/gcm128.c --- openssl-1.0.1c/crypto/modes/gcm128.c.backports2 2012-01-25 18:56:24.000000000 +0100 -+++ openssl-1.0.1c/crypto/modes/gcm128.c 2012-09-07 10:24:56.000000000 +0200 ++++ openssl-1.0.1c/crypto/modes/gcm128.c 2012-11-14 20:27:50.241211729 +0100 @@ -1398,7 +1398,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; #endif @@ -60,9 +92,57 @@ diff -up openssl-1.0.1c/crypto/modes/gcm128.c.backports2 openssl-1.0.1c/crypto/m GCM_MUL(ctx,Xi); if (is_endian.little) { +diff -up openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl.backports2 openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl +--- openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl.backports2 2012-11-14 20:27:50.293212866 +0100 ++++ openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl 2012-11-20 22:20:15.015041719 +0100 +@@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) { + $code.=<<___; + teq $Xi,sp + bne .L_00_15 @ [((11+4)*5+2)*3] ++ sub sp,sp,#25*4 + ___ + &BODY_00_15(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); +@@ -186,7 +187,6 @@ ___ + $code.=<<___; + + ldr $K,.LK_20_39 @ [+15+16*4] +- sub sp,sp,#25*4 + cmn sp,#0 @ [+3], clear carry to denote 20_39 + .L_20_39_or_60_79: + ___ +diff -up openssl-1.0.1c/ssl/s3_srvr.c.backports2 openssl-1.0.1c/ssl/s3_srvr.c +--- openssl-1.0.1c/ssl/s3_srvr.c.backports2 2012-04-15 19:23:41.000000000 +0200 ++++ openssl-1.0.1c/ssl/s3_srvr.c 2012-11-20 22:23:21.684755182 +0100 +@@ -1181,7 +1181,7 @@ int ssl3_get_client_hello(SSL *s) + goto f_err; + } + } +- if (ssl_check_clienthello_tlsext(s) <= 0) { ++ if (ssl_check_clienthello_tlsext_early(s) <= 0) { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); + goto err; + } +@@ -1403,6 +1403,16 @@ int ssl3_get_client_hello(SSL *s) + * s->tmp.new_cipher - the new cipher to use. + */ + ++ /* Handles TLS extensions that we couldn't check earlier */ ++ if (s->version >= SSL3_VERSION) ++ { ++ if (ssl_check_clienthello_tlsext_late(s) <= 0) ++ { ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); ++ goto err; ++ } ++ } ++ + if (ret < 0) ret=1; + if (0) + { diff -up openssl-1.0.1c/ssl/ssl_cert.c.backports2 openssl-1.0.1c/ssl/ssl_cert.c --- openssl-1.0.1c/ssl/ssl_cert.c.backports2 2011-05-11 15:37:52.000000000 +0200 -+++ openssl-1.0.1c/ssl/ssl_cert.c 2012-09-07 10:33:54.000000000 +0200 ++++ openssl-1.0.1c/ssl/ssl_cert.c 2012-11-14 20:27:50.241211729 +0100 @@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT { /* Set digest values to defaults */ @@ -80,10 +160,212 @@ diff -up openssl-1.0.1c/ssl/ssl_cert.c.backports2 openssl-1.0.1c/ssl/ssl_cert.c #endif } +diff -up openssl-1.0.1c/ssl/ssl_lib.c.backports2 openssl-1.0.1c/ssl/ssl_lib.c +--- openssl-1.0.1c/ssl/ssl_lib.c.backports2 2012-01-05 11:22:39.000000000 +0100 ++++ openssl-1.0.1c/ssl/ssl_lib.c 2012-11-20 22:25:29.243509755 +0100 +@@ -2287,7 +2287,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 + #endif + + /* THIS NEEDS CLEANING UP */ +-X509 *ssl_get_server_send_cert(SSL *s) ++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) + { + unsigned long alg_k,alg_a; + CERT *c; +@@ -2345,9 +2345,17 @@ X509 *ssl_get_server_send_cert(SSL *s) + SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); + return(NULL); + } +- if (c->pkeys[i].x509 == NULL) return(NULL); + +- return(c->pkeys[i].x509); ++ return c->pkeys + i; ++ } ++ ++X509 *ssl_get_server_send_cert(const SSL *s) ++ { ++ CERT_PKEY *cpk; ++ cpk = ssl_get_server_send_pkey(s); ++ if (!cpk) ++ return NULL; ++ return cpk->x509; + } + + EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) +@@ -2780,7 +2788,9 @@ void ssl_clear_cipher_ctx(SSL *s) + /* Fix this function so that it takes an optional type parameter */ + X509 *SSL_get_certificate(const SSL *s) + { +- if (s->cert != NULL) ++ if (s->server) ++ return(ssl_get_server_send_cert(s)); ++ else if (s->cert != NULL) + return(s->cert->key->x509); + else + return(NULL); +diff -up openssl-1.0.1c/ssl/ssl_locl.h.backports2 openssl-1.0.1c/ssl/ssl_locl.h +--- openssl-1.0.1c/ssl/ssl_locl.h.backports2 2012-11-14 20:27:50.056207682 +0100 ++++ openssl-1.0.1c/ssl/ssl_locl.h 2012-11-20 22:25:29.244509777 +0100 +@@ -814,7 +814,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_O + int ssl_undefined_function(SSL *s); + int ssl_undefined_void_function(void); + int ssl_undefined_const_function(const SSL *s); +-X509 *ssl_get_server_send_cert(SSL *); ++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); ++X509 *ssl_get_server_send_cert(const SSL *); + EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd); + int ssl_cert_type(X509 *x,EVP_PKEY *pkey); + void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +@@ -1065,7 +1066,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, + int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al); + int ssl_prepare_clienthello_tlsext(SSL *s); + int ssl_prepare_serverhello_tlsext(SSL *s); +-int ssl_check_clienthello_tlsext(SSL *s); ++int ssl_check_clienthello_tlsext_early(SSL *s); ++int ssl_check_clienthello_tlsext_late(SSL *s); + int ssl_check_serverhello_tlsext(SSL *s); + + #ifndef OPENSSL_NO_HEARTBEATS diff -up openssl-1.0.1c/ssl/t1_lib.c.backports2 openssl-1.0.1c/ssl/t1_lib.c --- openssl-1.0.1c/ssl/t1_lib.c.backports2 2012-03-21 22:32:57.000000000 +0100 -+++ openssl-1.0.1c/ssl/t1_lib.c 2012-09-07 10:33:54.000000000 +0200 -@@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const u ++++ openssl-1.0.1c/ssl/t1_lib.c 2012-11-20 22:25:29.244509777 +0100 +@@ -1763,7 +1763,7 @@ int ssl_prepare_serverhello_tlsext(SSL * + return 1; + } + +-int ssl_check_clienthello_tlsext(SSL *s) ++int ssl_check_clienthello_tlsext_early(SSL *s) + { + int ret=SSL_TLSEXT_ERR_NOACK; + int al = SSL_AD_UNRECOGNIZED_NAME; +@@ -1782,42 +1782,12 @@ int ssl_check_clienthello_tlsext(SSL *s) + else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) + ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); + +- /* If status request then ask callback what to do. +- * Note: this must be called after servername callbacks in case +- * the certificate has changed. +- */ +- if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) +- { +- int r; +- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); +- switch (r) +- { +- /* We don't want to send a status request response */ +- case SSL_TLSEXT_ERR_NOACK: +- s->tlsext_status_expected = 0; +- break; +- /* status request response should be sent */ +- case SSL_TLSEXT_ERR_OK: +- if (s->tlsext_ocsp_resp) +- s->tlsext_status_expected = 1; +- else +- s->tlsext_status_expected = 0; +- break; +- /* something bad happened */ +- case SSL_TLSEXT_ERR_ALERT_FATAL: +- ret = SSL_TLSEXT_ERR_ALERT_FATAL; +- al = SSL_AD_INTERNAL_ERROR; +- goto err; +- } +- } +- else +- s->tlsext_status_expected = 0; +- + #ifdef TLSEXT_TYPE_opaque_prf_input + { + /* This sort of belongs into ssl_prepare_serverhello_tlsext(), + * but we might be sending an alert in response to the client hello, +- * so this has to happen here in ssl_check_clienthello_tlsext(). */ ++ * so this has to happen here in ++ * ssl_check_clienthello_tlsext_early(). */ + + int r = 1; + +@@ -1869,8 +1839,8 @@ int ssl_check_clienthello_tlsext(SSL *s) + } + } + +-#endif + err: ++#endif + switch (ret) + { + case SSL_TLSEXT_ERR_ALERT_FATAL: +@@ -1888,6 +1858,71 @@ int ssl_check_clienthello_tlsext(SSL *s) + } + } + ++int ssl_check_clienthello_tlsext_late(SSL *s) ++ { ++ int ret = SSL_TLSEXT_ERR_OK; ++ int al; ++ ++ /* If status request then ask callback what to do. ++ * Note: this must be called after servername callbacks in case ++ * the certificate has changed, and must be called after the cipher ++ * has been chosen because this may influence which certificate is sent ++ */ ++ if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) ++ { ++ int r; ++ CERT_PKEY *certpkey; ++ certpkey = ssl_get_server_send_pkey(s); ++ /* If no certificate can't return certificate status */ ++ if (certpkey == NULL) ++ { ++ s->tlsext_status_expected = 0; ++ return 1; ++ } ++ /* Set current certificate to one we will use so ++ * SSL_get_certificate et al can pick it up. ++ */ ++ s->cert->key = certpkey; ++ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); ++ switch (r) ++ { ++ /* We don't want to send a status request response */ ++ case SSL_TLSEXT_ERR_NOACK: ++ s->tlsext_status_expected = 0; ++ break; ++ /* status request response should be sent */ ++ case SSL_TLSEXT_ERR_OK: ++ if (s->tlsext_ocsp_resp) ++ s->tlsext_status_expected = 1; ++ else ++ s->tlsext_status_expected = 0; ++ break; ++ /* something bad happened */ ++ case SSL_TLSEXT_ERR_ALERT_FATAL: ++ ret = SSL_TLSEXT_ERR_ALERT_FATAL; ++ al = SSL_AD_INTERNAL_ERROR; ++ goto err; ++ } ++ } ++ else ++ s->tlsext_status_expected = 0; ++ ++ err: ++ switch (ret) ++ { ++ case SSL_TLSEXT_ERR_ALERT_FATAL: ++ ssl3_send_alert(s,SSL3_AL_FATAL,al); ++ return -1; ++ ++ case SSL_TLSEXT_ERR_ALERT_WARNING: ++ ssl3_send_alert(s,SSL3_AL_WARNING,al); ++ return 1; ++ ++ default: ++ return 1; ++ } ++ } ++ + int ssl_check_serverhello_tlsext(SSL *s) + { + int ret=SSL_TLSEXT_ERR_NOACK; +@@ -2414,7 +2449,7 @@ int tls1_process_sigalgs(SSL *s, const u */ #ifndef OPENSSL_NO_DSA if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) @@ -92,7 +374,7 @@ diff -up openssl-1.0.1c/ssl/t1_lib.c.backports2 openssl-1.0.1c/ssl/t1_lib.c #endif #ifndef OPENSSL_NO_RSA if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) -@@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const u +@@ -2425,7 +2460,7 @@ int tls1_process_sigalgs(SSL *s, const u #endif #ifndef OPENSSL_NO_ECDSA if (!c->pkeys[SSL_PKEY_ECC].digest) diff --git a/openssl-1.0.1c-fips.patch b/openssl-1.0.1c-fips.patch index 9d56a13..e1e6200 100644 --- a/openssl-1.0.1c-fips.patch +++ b/openssl-1.0.1c-fips.patch @@ -945,7 +945,7 @@ diff -up openssl-1.0.1c/crypto/dsa/dsa_key.c.fips openssl-1.0.1c/crypto/dsa/dsa_ + unsigned char tbs[] = "DSA Pairwise Check Data"; + int ret = 0; + -+ if ((pk=EVP_PKEY_new()) != NULL) ++ if ((pk=EVP_PKEY_new()) == NULL) + goto err; + + EVP_PKEY_set1_DSA(pk, dsa); diff --git a/openssl.spec b/openssl.spec index 56df54e..530c555 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implem Name: openssl Version: 1.0.1c # Do not forget to bump SHLIB_VERSION on version upgrades -Release: 8%{?dist} +Release: 9%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -431,6 +431,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Tue Nov 20 2012 Tomas Mraz 1.0.1c-9 +- more fixes from upstream CVS +- fix DSA key pairwise check (#878597) + * Thu Nov 15 2012 Tomas Mraz 1.0.1c-8 - use 1024 bit DH parameters in s_server as 512 bit is not allowed in FIPS mode and it is quite weak anyway