new upstream release 1.0.1g
- do not include ECC ciphersuites in SSLv2 client hello (#1090952) - fail on hmac integrity check if the .hmac file is empty
This commit is contained in:
parent
e55cd2c0e4
commit
0376d8368c
1
.gitignore
vendored
1
.gitignore
vendored
@ -13,3 +13,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.0.1c-usa.tar.xz
|
||||
/openssl-1.0.1e-usa.tar.xz
|
||||
/openssl-1.0.1e-hobbled.tar.xz
|
||||
/openssl-1.0.1g-hobbled.tar.xz
|
||||
|
@ -1,345 +0,0 @@
|
||||
diff -up openssl-1.0.1e/crypto/pem/pem_info.c.backports openssl-1.0.1e/crypto/pem/pem_info.c
|
||||
--- openssl-1.0.1e/crypto/pem/pem_info.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/pem/pem_info.c 2013-08-16 15:31:35.726003892 +0200
|
||||
@@ -167,6 +167,7 @@ start:
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (strcmp(name,PEM_STRING_RSA) == 0)
|
||||
{
|
||||
+ d2i=(D2I_OF(void))d2i_RSAPrivateKey;
|
||||
if (xi->x_pkey != NULL)
|
||||
{
|
||||
if (!sk_X509_INFO_push(ret,xi)) goto err;
|
||||
diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
|
||||
--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports 2013-08-16 15:31:35.697003256 +0200
|
||||
+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-08-16 15:33:37.770673918 +0200
|
||||
@@ -582,6 +582,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CT
|
||||
pm = RSA_NO_PADDING;
|
||||
else if (!strcmp(value, "oeap"))
|
||||
pm = RSA_PKCS1_OAEP_PADDING;
|
||||
+ else if (!strcmp(value, "oaep"))
|
||||
+ pm = RSA_PKCS1_OAEP_PADDING;
|
||||
else if (!strcmp(value, "x931"))
|
||||
pm = RSA_X931_PADDING;
|
||||
else if (!strcmp(value, "pss"))
|
||||
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.backports openssl-1.0.1e/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.backports 2013-08-16 15:31:35.721003782 +0200
|
||||
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:31:35.726003892 +0200
|
||||
@@ -696,6 +696,7 @@ static int check_cert(X509_STORE_CTX *ct
|
||||
X509_CRL *crl = NULL, *dcrl = NULL;
|
||||
X509 *x;
|
||||
int ok, cnum;
|
||||
+ unsigned int last_reasons;
|
||||
cnum = ctx->error_depth;
|
||||
x = sk_X509_value(ctx->chain, cnum);
|
||||
ctx->current_cert = x;
|
||||
@@ -704,6 +705,7 @@ static int check_cert(X509_STORE_CTX *ct
|
||||
ctx->current_reasons = 0;
|
||||
while (ctx->current_reasons != CRLDP_ALL_REASONS)
|
||||
{
|
||||
+ last_reasons = ctx->current_reasons;
|
||||
/* Try to retrieve relevant CRL */
|
||||
if (ctx->get_crl)
|
||||
ok = ctx->get_crl(ctx, &crl, x);
|
||||
@@ -747,6 +749,15 @@ static int check_cert(X509_STORE_CTX *ct
|
||||
X509_CRL_free(dcrl);
|
||||
crl = NULL;
|
||||
dcrl = NULL;
|
||||
+ /* If reasons not updated we wont get anywhere by
|
||||
+ * another iteration, so exit loop.
|
||||
+ */
|
||||
+ if (last_reasons == ctx->current_reasons)
|
||||
+ {
|
||||
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
|
||||
+ ok = ctx->verify_cb(0, ctx);
|
||||
+ goto err;
|
||||
+ }
|
||||
}
|
||||
err:
|
||||
X509_CRL_free(crl);
|
||||
diff -up openssl-1.0.1e/crypto/x509/x_all.c.backports openssl-1.0.1e/crypto/x509/x_all.c
|
||||
--- openssl-1.0.1e/crypto/x509/x_all.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/x509/x_all.c 2013-08-16 15:33:25.247399940 +0200
|
||||
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, c
|
||||
|
||||
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
|
||||
{
|
||||
+ x->cert_info->enc.modified = 1;
|
||||
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
|
||||
x->cert_info->signature,
|
||||
x->sig_alg, x->signature, x->cert_info, ctx);
|
||||
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY
|
||||
|
||||
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
|
||||
{
|
||||
+ x->crl->enc.modified = 1;
|
||||
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
|
||||
x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
|
||||
}
|
||||
diff -up openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
|
||||
--- openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
|
||||
an application specific error. This will never be returned unless explicitly
|
||||
set by an application.
|
||||
|
||||
+=back
|
||||
+
|
||||
=head1 NOTES
|
||||
|
||||
The above functions should be used instead of directly referencing the fields
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports openssl-1.0.1e/doc/ssl/SSL_accept.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -44,17 +44,17 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
-=item 1
|
||||
-
|
||||
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
-established.
|
||||
-
|
||||
=item 0
|
||||
|
||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
|
||||
+=item 1
|
||||
+
|
||||
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
+established.
|
||||
+
|
||||
=item E<lt>0
|
||||
|
||||
The TLS/SSL handshake was not successful because a fatal error occurred either
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports openssl-1.0.1e/doc/ssl/SSL_connect.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -41,17 +41,17 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
-=item 1
|
||||
-
|
||||
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
-established.
|
||||
-
|
||||
=item 0
|
||||
|
||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
|
||||
+=item 1
|
||||
+
|
||||
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
+established.
|
||||
+
|
||||
=item E<lt>0
|
||||
|
||||
The TLS/SSL handshake was not successful, because a fatal error occurred either
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -66,16 +66,16 @@ values:
|
||||
|
||||
=over 4
|
||||
|
||||
-=item 1
|
||||
-
|
||||
-The operation succeeded.
|
||||
-
|
||||
=item 0
|
||||
|
||||
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
|
||||
the X509_NAME could not be extracted from B<cacert>. Check the error stack
|
||||
to find out the reason.
|
||||
|
||||
+=item 1
|
||||
+
|
||||
+The operation succeeded.
|
||||
+
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
|
||||
|
||||
Return values from the server callback are interpreted as follows:
|
||||
|
||||
+=over 4
|
||||
+
|
||||
=item > 0
|
||||
|
||||
PSK identity was found and the server callback has provided the PSK
|
||||
@@ -99,4 +101,6 @@ completely.
|
||||
PSK identity was not found. An "unknown_psk_identity" alert message
|
||||
will be sent and the connection setup fails.
|
||||
|
||||
+=back
|
||||
+
|
||||
=cut
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-08-16 15:31:35.727003914 +0200
|
||||
@@ -45,17 +45,17 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
-=item 1
|
||||
-
|
||||
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
-established.
|
||||
-
|
||||
=item 0
|
||||
|
||||
The TLS/SSL handshake was not successful but was shut down controlled and
|
||||
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
|
||||
return value B<ret> to find out the reason.
|
||||
|
||||
+=item 1
|
||||
+
|
||||
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
|
||||
+established.
|
||||
+
|
||||
=item E<lt>0
|
||||
|
||||
The TLS/SSL handshake was not successful because a fatal error occurred either
|
||||
diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
|
||||
--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports 2013-02-11 16:02:48.000000000 +0100
|
||||
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-08-16 15:31:35.728003935 +0200
|
||||
@@ -92,11 +92,6 @@ The following return values can occur:
|
||||
|
||||
=over 4
|
||||
|
||||
-=item 1
|
||||
-
|
||||
-The shutdown was successfully completed. The "close notify" alert was sent
|
||||
-and the peer's "close notify" alert was received.
|
||||
-
|
||||
=item 0
|
||||
|
||||
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
|
||||
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be per
|
||||
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
|
||||
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
|
||||
|
||||
+=item 1
|
||||
+
|
||||
+The shutdown was successfully completed. The "close notify" alert was sent
|
||||
+and the peer's "close notify" alert was received.
|
||||
+
|
||||
=item -1
|
||||
|
||||
The shutdown was not successful because a fatal error occurred either
|
||||
diff -up openssl-1.0.1e/ssl/d1_lib.c.backports openssl-1.0.1e/ssl/d1_lib.c
|
||||
--- openssl-1.0.1e/ssl/d1_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/d1_lib.c 2013-08-16 15:33:33.306576363 +0200
|
||||
@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
|
||||
pqueue_free(s->d1->buffered_app_data.q);
|
||||
|
||||
OPENSSL_free(s->d1);
|
||||
+ s->d1 = NULL;
|
||||
}
|
||||
|
||||
void dtls1_clear(SSL *s)
|
||||
diff -up openssl-1.0.1e/ssl/d1_pkt.c.backports openssl-1.0.1e/ssl/d1_pkt.c
|
||||
--- openssl-1.0.1e/ssl/d1_pkt.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/d1_pkt.c 2013-08-16 15:31:35.728003935 +0200
|
||||
@@ -847,6 +847,12 @@ start:
|
||||
}
|
||||
}
|
||||
|
||||
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
|
||||
+ {
|
||||
+ rr->length = 0;
|
||||
+ goto start;
|
||||
+ }
|
||||
+
|
||||
/* we now have a packet which can be read and processed */
|
||||
|
||||
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
|
||||
@@ -1051,6 +1057,7 @@ start:
|
||||
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
|
||||
!s->s3->renegotiate)
|
||||
{
|
||||
+ s->d1->handshake_read_seq++;
|
||||
s->new_session = 1;
|
||||
ssl3_renegotiate(s);
|
||||
if (ssl3_renegotiate_check(s))
|
||||
diff -up openssl-1.0.1e/ssl/d1_srvr.c.backports openssl-1.0.1e/ssl/d1_srvr.c
|
||||
--- openssl-1.0.1e/ssl/d1_srvr.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/d1_srvr.c 2013-08-16 15:31:35.728003935 +0200
|
||||
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
|
||||
case SSL3_ST_SW_HELLO_REQ_B:
|
||||
|
||||
s->shutdown=0;
|
||||
+ dtls1_clear_record_buffer(s);
|
||||
dtls1_start_timer(s);
|
||||
ret=dtls1_send_hello_request(s);
|
||||
if (ret <= 0) goto end;
|
||||
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
|
||||
+ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
|
||||
s->state=SSL3_ST_SW_FLUSH;
|
||||
s->init_num=0;
|
||||
|
||||
diff -up openssl-1.0.1e/ssl/s3_cbc.c.backports openssl-1.0.1e/ssl/s3_cbc.c
|
||||
--- openssl-1.0.1e/ssl/s3_cbc.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/s3_cbc.c 2013-08-16 15:31:35.729003956 +0200
|
||||
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
|
||||
unsigned padding_length, good, to_check, i;
|
||||
const unsigned overhead = 1 /* padding length byte */ + mac_size;
|
||||
/* Check if version requires explicit IV */
|
||||
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
|
||||
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
|
||||
{
|
||||
/* These lengths are all public so we can test them in
|
||||
* non-constant time.
|
||||
diff -up openssl-1.0.1e/ssl/ssl_lib.c.backports openssl-1.0.1e/ssl/ssl_lib.c
|
||||
--- openssl-1.0.1e/ssl/ssl_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/ssl_lib.c 2013-08-16 15:31:35.729003956 +0200
|
||||
@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
|
||||
|
||||
ret->extra_certs=NULL;
|
||||
- ret->comp_methods=SSL_COMP_get_compression_methods();
|
||||
+ /* No compression for DTLS */
|
||||
+ if (meth->version != DTLS1_VERSION)
|
||||
+ ret->comp_methods=SSL_COMP_get_compression_methods();
|
||||
|
||||
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
|
||||
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
|
||||
/* Fix this function so that it takes an optional type parameter */
|
||||
X509 *SSL_get_certificate(const SSL *s)
|
||||
{
|
||||
- if (s->server)
|
||||
- return(ssl_get_server_send_cert(s));
|
||||
- else if (s->cert != NULL)
|
||||
+ if (s->cert != NULL)
|
||||
return(s->cert->key->x509);
|
||||
else
|
||||
return(NULL);
|
||||
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
|
||||
index 3b6c469..e8a7518 100644
|
||||
--- a/crypto/x86cpuid.pl
|
||||
+++ b/crypto/x86cpuid.pl
|
||||
@@ -69,6 +69,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
&inc ("esi"); # number of cores
|
||||
|
||||
&mov ("eax",1);
|
||||
+ &xor ("ecx","ecx");
|
||||
&cpuid ();
|
||||
&bt ("edx",28);
|
||||
&jnc (&label("generic"));
|
||||
@@ -102,6 +103,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
|
||||
|
||||
&set_label("nocacheinfo");
|
||||
&mov ("eax",1);
|
||||
+ &xor ("ecx","ecx");
|
||||
&cpuid ();
|
||||
&and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
|
||||
&cmp ("ebp",0);
|
@ -1,33 +0,0 @@
|
||||
From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Polyakov <appro@openssl.org>
|
||||
Date: Mon, 18 Mar 2013 19:29:41 +0100
|
||||
Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
|
||||
plaforms.
|
||||
|
||||
PR: 3002
|
||||
(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
|
||||
---
|
||||
crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
index 483e04b..fb2c884 100644
|
||||
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
||||
if (res!=SHA_CBLOCK) continue;
|
||||
|
||||
- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
|
||||
+ /* j is not incremented yet */
|
||||
+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
|
||||
data->u[SHA_LBLOCK-1] |= bitlen&mask;
|
||||
sha1_block_data_order(&key->md,data,1);
|
||||
- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
|
||||
+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
|
||||
pmac->u[0] |= key->md.h0 & mask;
|
||||
pmac->u[1] |= key->md.h1 & mask;
|
||||
pmac->u[2] |= key->md.h2 & mask;
|
||||
--
|
||||
1.7.9.5
|
||||
|
@ -1,21 +0,0 @@
|
||||
Fix for TLS record tampering bug. A carefully crafted invalid
|
||||
handshake could crash OpenSSL with a NULL pointer exception.
|
||||
Thanks to Anton Johansson for reporting this issues.
|
||||
(CVE-2013-4353)
|
||||
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
|
||||
index 1e5dcab..53b9390 100644
|
||||
--- a/ssl/s3_both.c
|
||||
+++ b/ssl/s3_both.c
|
||||
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
|
||||
{
|
||||
const char *sender;
|
||||
int slen;
|
||||
-
|
||||
+ /* If no new cipher setup return immediately: other functions will
|
||||
+ * set the appropriate error.
|
||||
+ */
|
||||
+ if (s->s3->tmp.new_cipher == NULL)
|
||||
+ return;
|
||||
if (s->state & SSL_ST_CONNECT)
|
||||
{
|
||||
sender=s->method->ssl3_enc->server_finished_label;
|
@ -1,111 +0,0 @@
|
||||
Use version in SSL_METHOD not SSL structure.
|
||||
|
||||
When deciding whether to use TLS 1.2 PRF and record hash algorithms
|
||||
use the version number in the corresponding SSL_METHOD structure
|
||||
instead of the SSL structure. The SSL structure version is sometimes
|
||||
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
|
||||
(CVE-2013-6449)
|
||||
|
||||
Also preventively check EVP errors for handshake digests.
|
||||
|
||||
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
||||
index bf832bb..c4ef273 100644
|
||||
--- a/ssl/s3_lib.c
|
||||
+++ b/ssl/s3_lib.c
|
||||
@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
|
||||
long ssl_get_algorithm2(SSL *s)
|
||||
{
|
||||
long alg2 = s->s3->tmp.new_cipher->algorithm2;
|
||||
- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
|
||||
+ if (s->method->version == TLS1_2_VERSION &&
|
||||
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
|
||||
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
|
||||
return alg2;
|
||||
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
|
||||
index ead01c8..1e5dcab 100644
|
||||
--- a/ssl/s3_both.c
|
||||
+++ b/ssl/s3_both.c
|
||||
@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
|
||||
|
||||
i=s->method->ssl3_enc->final_finish_mac(s,
|
||||
sender,slen,s->s3->tmp.finish_md);
|
||||
+ if (i == 0)
|
||||
+ return 0;
|
||||
s->s3->tmp.finish_md_len = i;
|
||||
memcpy(p, s->s3->tmp.finish_md, i);
|
||||
p+=i;
|
||||
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
|
||||
index 804291e..c4bc4e7 100644
|
||||
--- a/ssl/s3_pkt.c
|
||||
+++ b/ssl/s3_pkt.c
|
||||
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
|
||||
if (version != s->version)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
|
||||
- if ((s->version & 0xFF00) == (version & 0xFF00))
|
||||
+ if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
|
||||
/* Send back error using their minor version number :-) */
|
||||
s->version = (unsigned short)version;
|
||||
al=SSL_AD_PROTOCOL_VERSION;
|
||||
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
|
||||
slen=s->method->ssl3_enc->client_finished_label_len;
|
||||
}
|
||||
|
||||
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
|
||||
+ i = s->method->ssl3_enc->final_finish_mac(s,
|
||||
sender,slen,s->s3->tmp.peer_finish_md);
|
||||
+ if (i == 0)
|
||||
+ {
|
||||
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ s->s3->tmp.peer_finish_md_len = i;
|
||||
|
||||
return(1);
|
||||
}
|
||||
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
|
||||
index e5a8b3f..52efed3 100644
|
||||
--- a/ssl/s3_srvr.c
|
||||
+++ b/ssl/s3_srvr.c
|
||||
@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
|
||||
(s->version != DTLS1_VERSION && s->client_version < s->version))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
|
||||
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
|
||||
+ if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
|
||||
+ !s->enc_write_ctx && !s->write_hash)
|
||||
{
|
||||
/* similar to ssl3_get_record, send alert using remote version number */
|
||||
s->version = s->client_version;
|
||||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
|
||||
index 809ad2e..72015f5 100644
|
||||
--- a/ssl/t1_enc.c
|
||||
+++ b/ssl/t1_enc.c
|
||||
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
|
||||
if (mask & ssl_get_algorithm2(s))
|
||||
{
|
||||
int hashsize = EVP_MD_size(md);
|
||||
- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
|
||||
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
|
||||
+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
|
||||
{
|
||||
/* internal error: 'buf' is too small for this cipersuite! */
|
||||
err = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
|
||||
- EVP_DigestFinal_ex(&ctx,q,&i);
|
||||
- if (i != (unsigned int)hashsize) /* can't really happen */
|
||||
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
|
||||
+ !EVP_DigestFinal_ex(&ctx,q,&i) ||
|
||||
+ (i != (unsigned int)hashsize))
|
||||
err = 1;
|
||||
- q+=i;
|
||||
+ q+=hashsize;
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,85 +0,0 @@
|
||||
Fix DTLS retransmission from previous session.
|
||||
|
||||
For DTLS we might need to retransmit messages from the previous session
|
||||
so keep a copy of write context in DTLS retransmission buffers instead
|
||||
of replacing it after sending CCS. CVE-2013-6450.
|
||||
|
||||
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
|
||||
index 65ec001..7a5596a 100644
|
||||
--- a/ssl/d1_both.c
|
||||
+++ b/ssl/d1_both.c
|
||||
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
|
||||
static void
|
||||
dtls1_hm_fragment_free(hm_fragment *frag)
|
||||
{
|
||||
+
|
||||
+ if (frag->msg_header.is_ccs)
|
||||
+ {
|
||||
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
|
||||
+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
|
||||
+ }
|
||||
if (frag->fragment) OPENSSL_free(frag->fragment);
|
||||
if (frag->reassembly) OPENSSL_free(frag->reassembly);
|
||||
OPENSSL_free(frag);
|
||||
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
||||
index 96ce9a7..e485907 100644
|
||||
--- a/ssl/ssl_locl.h
|
||||
+++ b/ssl/ssl_locl.h
|
||||
@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
|
||||
extern SSL3_ENC_METHOD SSLv3_enc_data;
|
||||
extern SSL3_ENC_METHOD DTLSv1_enc_data;
|
||||
|
||||
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
|
||||
+
|
||||
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
|
||||
s_get_meth) \
|
||||
const SSL_METHOD *func_name(void) \
|
||||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
|
||||
index 72015f5..56db834 100644
|
||||
--- a/ssl/t1_enc.c
|
||||
+++ b/ssl/t1_enc.c
|
||||
@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
|
||||
else
|
||||
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
|
||||
- if (s->enc_write_ctx != NULL)
|
||||
+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
|
||||
reuse_dd = 1;
|
||||
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
|
||||
+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto err;
|
||||
- else
|
||||
- /* make sure it's intialized in case we exit later with an error */
|
||||
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
|
||||
dd= s->enc_write_ctx;
|
||||
- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
|
||||
+ if (SSL_IS_DTLS(s))
|
||||
+ {
|
||||
+ mac_ctx = EVP_MD_CTX_create();
|
||||
+ if (!mac_ctx)
|
||||
+ goto err;
|
||||
+ s->write_hash = mac_ctx;
|
||||
+ }
|
||||
+ else
|
||||
+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
if (s->compress != NULL)
|
||||
{
|
||||
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
|
||||
index 6fc469f..d14e8e4 100644
|
||||
--- a/crypto/evp/digest.c
|
||||
+++ b/crypto/evp/digest.c
|
||||
@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
|
||||
|
||||
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
|
||||
{
|
||||
- EVP_MD_CTX_cleanup(ctx);
|
||||
- OPENSSL_free(ctx);
|
||||
+ if (ctx)
|
||||
+ {
|
||||
+ EVP_MD_CTX_cleanup(ctx);
|
||||
+ OPENSSL_free(ctx);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* This call frees resources associated with the context */
|
@ -1,38 +0,0 @@
|
||||
diff -up openssl-1.0.1e/apps/req.c.keylen openssl-1.0.1e/apps/req.c
|
||||
--- openssl-1.0.1e/apps/req.c.keylen 2014-02-12 14:58:29.000000000 +0100
|
||||
+++ openssl-1.0.1e/apps/req.c 2014-02-14 13:52:48.692325000 +0100
|
||||
@@ -644,6 +644,12 @@ bad:
|
||||
if (inrand)
|
||||
app_RAND_load_files(inrand);
|
||||
|
||||
+ if (newkey <= 0)
|
||||
+ {
|
||||
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
|
||||
+ newkey=DEFAULT_KEY_LENGTH;
|
||||
+ }
|
||||
+
|
||||
if (keyalg)
|
||||
{
|
||||
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
|
||||
@@ -651,12 +657,6 @@ bad:
|
||||
if (!genctx)
|
||||
goto end;
|
||||
}
|
||||
-
|
||||
- if (newkey <= 0)
|
||||
- {
|
||||
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
|
||||
- newkey=DEFAULT_KEY_LENGTH;
|
||||
- }
|
||||
|
||||
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
|
||||
{
|
||||
@@ -1649,6 +1649,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
|
||||
keylen = atol(p + 1);
|
||||
*pkeylen = keylen;
|
||||
}
|
||||
+ else
|
||||
+ keylen = *pkeylen;
|
||||
}
|
||||
else if (p)
|
||||
paramfile = p + 1;
|
17
openssl-1.0.1e-ssl2-no-ec.patch
Normal file
17
openssl-1.0.1e-ssl2-no-ec.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c
|
||||
--- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200
|
||||
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C
|
||||
long l;
|
||||
|
||||
/* We can write SSLv2 and SSLv3 ciphers */
|
||||
+ /* but no ECC ciphers */
|
||||
+ if (c->algorithm_mkey == SSL_kECDHr ||
|
||||
+ c->algorithm_mkey == SSL_kECDHe ||
|
||||
+ c->algorithm_mkey == SSL_kEECDH ||
|
||||
+ c->algorithm_auth == SSL_aECDH ||
|
||||
+ c->algorithm_auth == SSL_aECDSA)
|
||||
+ return 0;
|
||||
if (p != NULL)
|
||||
{
|
||||
l=c->id;
|
@ -1,9 +1,6 @@
|
||||
Although the real strength is rather 112 bits we use 128 here as
|
||||
we do not want to sort it behind more obscure ciphers.
|
||||
AES-128 is preferred anyway.
|
||||
diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
|
||||
--- openssl-1.0.1e/ssl/s2_lib.c.3des-strength 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/s2_lib.c 2014-01-22 16:32:45.791700322 +0100
|
||||
diff -up openssl-1.0.1g/ssl/s2_lib.c.3des-strength openssl-1.0.1g/ssl/s2_lib.c
|
||||
--- openssl-1.0.1g/ssl/s2_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/ssl/s2_lib.c 2014-05-06 16:33:45.646358418 +0200
|
||||
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
|
||||
SSL_SSLV2,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
@ -13,9 +10,9 @@ diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
|
||||
168,
|
||||
},
|
||||
|
||||
diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
|
||||
--- openssl-1.0.1e/ssl/s3_lib.c.3des-strength 2014-01-17 11:41:11.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/s3_lib.c 2014-01-22 16:31:14.713666777 +0100
|
||||
diff -up openssl-1.0.1g/ssl/s3_lib.c.3des-strength openssl-1.0.1g/ssl/s3_lib.c
|
||||
--- openssl-1.0.1g/ssl/s3_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/ssl/s3_lib.c 2014-05-06 16:38:05.887374872 +0200
|
||||
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
@ -90,7 +87,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
|
||||
|
||||
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP|SSL_HIGH,
|
||||
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
|
||||
- 168,
|
||||
+ 128,
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1e/crypto/bn/bn_rand.c
|
||||
--- openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs 2013-02-11 16:02:47.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/bn/bn_rand.c 2014-02-13 16:50:34.280893285 +0100
|
||||
diff -up openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1g/crypto/bn/bn_rand.c
|
||||
--- openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/crypto/bn/bn_rand.c 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
|
||||
goto err;
|
||||
}
|
||||
@ -17,9 +17,9 @@ diff -up openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1e/crypto/bn/b
|
||||
|
||||
if (pseudorand)
|
||||
{
|
||||
diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_gen.c
|
||||
--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs 2013-12-18 12:17:09.748636614 +0100
|
||||
+++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-12-18 12:17:09.798637687 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_gen.c
|
||||
--- openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs 2014-05-06 16:22:21.253536145 +0200
|
||||
+++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
|
||||
return 0;
|
||||
}
|
||||
@ -29,9 +29,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh
|
||||
{
|
||||
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
|
||||
goto err;
|
||||
diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h
|
||||
--- openssl-1.0.1e/crypto/dh/dh.h.fips-reqs 2013-12-18 12:17:09.748636614 +0100
|
||||
+++ openssl-1.0.1e/crypto/dh/dh.h 2013-12-18 12:17:09.798637687 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dh/dh.h.fips-reqs openssl-1.0.1g/crypto/dh/dh.h
|
||||
--- openssl-1.0.1g/crypto/dh/dh.h.fips-reqs 2014-05-06 16:22:21.253536145 +0200
|
||||
+++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -78,6 +78,7 @@
|
||||
#endif
|
||||
|
||||
@ -40,9 +40,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h
|
||||
|
||||
#define DH_FLAG_CACHE_MONT_P 0x01
|
||||
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
|
||||
diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_check.c
|
||||
--- openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/dh/dh_check.c 2013-12-18 12:17:09.799637708 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_check.c
|
||||
--- openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/crypto/dh/dh_check.c 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
|
||||
BN_sub_word(q,1);
|
||||
if (BN_cmp(pub_key,q)>=0)
|
||||
@ -77,9 +77,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/
|
||||
ok = 1;
|
||||
err:
|
||||
if (q != NULL) BN_free(q);
|
||||
diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_gen.c
|
||||
--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs 2013-12-18 12:17:09.749636636 +0100
|
||||
+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-12-18 12:17:09.799637708 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
|
||||
--- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs 2014-05-06 16:22:21.254536168 +0200
|
||||
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||
}
|
||||
|
||||
@ -88,9 +88,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa
|
||||
(bits != 2048 || qbits != 224) &&
|
||||
(bits != 2048 || qbits != 256) &&
|
||||
(bits != 3072 || qbits != 256))
|
||||
diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa.h
|
||||
--- openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs 2013-12-18 12:17:09.749636636 +0100
|
||||
+++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-12-18 12:17:09.799637708 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1g/crypto/dsa/dsa.h
|
||||
--- openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs 2014-05-06 16:22:21.254536168 +0200
|
||||
+++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:22:21.432540283 +0200
|
||||
@@ -89,6 +89,7 @@
|
||||
#endif
|
||||
|
||||
@ -112,9 +112,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa
|
||||
#define DSA_is_prime(n, callback, cb_arg) \
|
||||
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
|
||||
|
||||
diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_key.c
|
||||
--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs 2013-12-18 12:17:09.797637665 +0100
|
||||
+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-18 12:17:09.799637708 +0100
|
||||
diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_key.c
|
||||
--- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs 2014-05-06 16:22:21.427540169 +0200
|
||||
+++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:22:21.433540307 +0200
|
||||
@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
@ -124,9 +124,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa
|
||||
{
|
||||
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
|
||||
goto err;
|
||||
diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_dh_selftest.c
|
||||
--- openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs 2013-12-18 17:06:36.575114314 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/fips_dh_selftest.c 2013-12-18 17:26:14.409036334 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
|
||||
--- openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-05-06 16:22:21.433540307 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c 2014-05-06 16:22:21.433540307 +0200
|
||||
@@ -0,0 +1,162 @@
|
||||
+/* ====================================================================
|
||||
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
||||
@ -290,9 +290,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/
|
||||
+ return ret;
|
||||
+ }
|
||||
+#endif
|
||||
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
|
||||
--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs 2013-12-18 12:17:09.757636808 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-12-18 18:53:33.263711297 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
|
||||
--- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs 2014-05-06 16:22:21.263536376 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:22:21.433540307 +0200
|
||||
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
|
||||
int rv = 0;
|
||||
unsigned char *adin = NULL;
|
||||
@ -373,9 +373,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/cr
|
||||
}
|
||||
|
||||
static const RAND_METHOD rand_drbg_meth =
|
||||
diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/fips.h
|
||||
--- openssl-1.0.1e/crypto/fips/fips.h.fips-reqs 2013-12-18 12:17:09.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/fips.h 2013-12-18 17:13:00.928586689 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/fips.h.fips-reqs openssl-1.0.1g/crypto/fips/fips.h
|
||||
--- openssl-1.0.1g/crypto/fips/fips.h.fips-reqs 2014-05-06 16:22:21.421540031 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:22:21.433540307 +0200
|
||||
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
|
||||
int FIPS_selftest_dsa(void);
|
||||
int FIPS_selftest_ecdsa(void);
|
||||
@ -384,9 +384,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/
|
||||
void FIPS_corrupt_rng(void);
|
||||
void FIPS_rng_stick(void);
|
||||
void FIPS_x931_stick(int onoff);
|
||||
diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_post.c
|
||||
--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs 2013-12-18 12:17:09.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-12-18 17:12:26.721832716 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_post.c
|
||||
--- openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs 2014-05-06 16:22:21.420540008 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:22:21.433540307 +0200
|
||||
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_dsa())
|
||||
@ -396,9 +396,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/
|
||||
if (!FIPS_selftest_ecdh())
|
||||
rv = 0;
|
||||
return rv;
|
||||
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
|
||||
--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-03-14 14:47:18.809259727 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2014-03-14 15:37:26.295687852 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
|
||||
--- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-05-06 16:22:21.267536469 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:22:21.434540330 +0200
|
||||
@@ -60,69 +60,113 @@
|
||||
#ifdef OPENSSL_FIPS
|
||||
|
||||
@ -1129,9 +1129,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e
|
||||
RSA_free(key);
|
||||
return ret;
|
||||
}
|
||||
diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fips/Makefile
|
||||
--- openssl-1.0.1e/crypto/fips/Makefile.fips-reqs 2013-12-18 12:17:20.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/fips/Makefile 2013-12-18 17:14:20.348337362 +0100
|
||||
diff -up openssl-1.0.1g/crypto/fips/Makefile.fips-reqs openssl-1.0.1g/crypto/fips/Makefile
|
||||
--- openssl-1.0.1g/crypto/fips/Makefile.fips-reqs 2014-05-06 16:22:21.420540008 +0200
|
||||
+++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:22:21.434540330 +0200
|
||||
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
|
||||
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
|
||||
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
||||
@ -1150,10 +1150,10 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fip
|
||||
|
||||
LIBCRYPTO=-L.. -lcrypto
|
||||
|
||||
diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c
|
||||
--- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/modes/gcm128.c 2013-12-18 12:17:09.800637730 +0100
|
||||
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
|
||||
diff -up openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1g/crypto/modes/gcm128.c
|
||||
--- openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs 2014-04-06 17:55:01.000000000 +0200
|
||||
+++ openssl-1.0.1g/crypto/modes/gcm128.c 2014-05-06 16:22:21.434540330 +0200
|
||||
@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
|
||||
# endif
|
||||
#endif
|
||||
|
||||
@ -1164,7 +1164,7 @@ diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/mo
|
||||
#if 0
|
||||
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
|
||||
#endif
|
||||
@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
|
||||
@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
|
||||
# endif
|
||||
#endif
|
||||
|
||||
@ -1175,10 +1175,10 @@ diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/mo
|
||||
mlen += len;
|
||||
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
|
||||
return -1;
|
||||
diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h
|
||||
--- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs 2013-12-18 12:17:09.388628895 +0100
|
||||
+++ openssl-1.0.1e/crypto/modes/modes_lcl.h 2013-12-18 12:17:09.800637730 +0100
|
||||
@@ -115,6 +115,7 @@ struct gcm128_context {
|
||||
diff -up openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1g/crypto/modes/modes_lcl.h
|
||||
--- openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs 2014-05-06 16:22:20.903528054 +0200
|
||||
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h 2014-05-06 16:22:21.435540353 +0200
|
||||
@@ -112,6 +112,7 @@ struct gcm128_context {
|
||||
unsigned int mres, ares;
|
||||
block128_f block;
|
||||
void *key;
|
||||
@ -1186,9 +1186,9 @@ diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto
|
||||
};
|
||||
|
||||
struct xts128_context {
|
||||
diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/rand/md_rand.c
|
||||
--- openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs 2013-12-18 12:17:09.763636936 +0100
|
||||
+++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-12-18 12:17:09.800637730 +0100
|
||||
diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1g/crypto/rand/md_rand.c
|
||||
--- openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs 2014-05-06 16:22:21.269536515 +0200
|
||||
+++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:26:53.776836535 +0200
|
||||
@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
|
||||
static double entropy=0;
|
||||
static int initialized=0;
|
||||
@ -1209,9 +1209,9 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
- int do_not_lock;
|
||||
+ int locked;
|
||||
|
||||
/*
|
||||
* (Based on the rand(3) manpage)
|
||||
@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void *
|
||||
if (!num)
|
||||
return;
|
||||
@@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
|
||||
* hash function.
|
||||
*/
|
||||
|
||||
@ -1232,7 +1232,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
st_idx=state_index;
|
||||
|
||||
/* use our own copies of the counters so that even
|
||||
@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void *
|
||||
@@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
|
||||
|
||||
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
|
||||
|
||||
@ -1242,7 +1242,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
EVP_MD_CTX_init(&m);
|
||||
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
|
||||
@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void *
|
||||
@@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&m);
|
||||
|
||||
@ -1251,7 +1251,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
/* Don't just copy back local_md into md -- this could mean that
|
||||
* other thread's seeding remains without effect (except for
|
||||
* the incremented counter). By XORing it we keep at least as
|
||||
@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void *
|
||||
@@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
|
||||
}
|
||||
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
|
||||
entropy += add;
|
||||
@ -1261,7 +1261,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
|
||||
assert(md_c[1] == md_count[1]);
|
||||
@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
@@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
pid_t curr_pid = getpid();
|
||||
#endif
|
||||
int do_stir_pool = 0;
|
||||
@ -1269,12 +1269,16 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
#ifdef PREDICT
|
||||
if (rand_predictable)
|
||||
@@ -381,13 +367,7 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
@@ -383,17 +369,8 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
* are fed into the hash function and the results are kept in the
|
||||
* global 'md'.
|
||||
*/
|
||||
-#ifdef OPENSSL_FIPS
|
||||
- /* NB: in FIPS mode we are already under a lock */
|
||||
- if (!FIPS_mode())
|
||||
-#endif
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
-
|
||||
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
|
||||
- CRYPTO_THREADID_current(&locking_threadid);
|
||||
@ -1284,33 +1288,42 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
/* always poll for external entropy in FIPS mode, drbg provides the
|
||||
* expansion
|
||||
@@ -461,9 +441,8 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
@@ -467,12 +444,8 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
|
||||
md_count[0] += 1;
|
||||
|
||||
- /* before unlocking, we must clear 'crypto_lock_rand' */
|
||||
- crypto_lock_rand = 0;
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
-#ifdef OPENSSL_FIPS
|
||||
- if (!FIPS_mode())
|
||||
-#endif
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
+ if (locked)
|
||||
+ private_RAND_lock(0);
|
||||
|
||||
while (num > 0)
|
||||
{
|
||||
@@ -515,10 +494,11 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
@@ -524,16 +497,11 @@ static int ssleay_rand_bytes(unsigned ch
|
||||
MD_Init(&m);
|
||||
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
|
||||
MD_Update(&m,local_md,MD_DIGEST_LENGTH);
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
-#ifdef OPENSSL_FIPS
|
||||
- if (!FIPS_mode())
|
||||
-#endif
|
||||
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
||||
+ locked = private_RAND_lock(1);
|
||||
MD_Update(&m,md,MD_DIGEST_LENGTH);
|
||||
MD_Final(&m,md);
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
-#ifdef OPENSSL_FIPS
|
||||
- if (!FIPS_mode())
|
||||
-#endif
|
||||
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
||||
+ if (locked)
|
||||
+ private_RAND_lock(0);
|
||||
|
||||
EVP_MD_CTX_cleanup(&m);
|
||||
if (ok)
|
||||
@@ -548,32 +528,10 @@ static int ssleay_rand_pseudo_bytes(unsi
|
||||
@@ -563,32 +531,10 @@ static int ssleay_rand_pseudo_bytes(unsi
|
||||
|
||||
static int ssleay_rand_status(void)
|
||||
{
|
||||
@ -1345,7 +1358,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
if (!initialized)
|
||||
{
|
||||
@@ -583,13 +541,8 @@ static int ssleay_rand_status(void)
|
||||
@@ -598,13 +544,8 @@ static int ssleay_rand_status(void)
|
||||
|
||||
ret = entropy >= ENTROPY_NEEDED;
|
||||
|
||||
@ -1361,9 +1374,9 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
|
||||
|
||||
return ret;
|
||||
}
|
||||
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h
|
||||
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100
|
||||
+++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100
|
||||
diff -up openssl-1.0.1g/crypto/rand/rand.h.fips-reqs openssl-1.0.1g/crypto/rand/rand.h
|
||||
--- openssl-1.0.1g/crypto/rand/rand.h.fips-reqs 2014-05-06 16:22:21.269536515 +0200
|
||||
+++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:22:21.435540353 +0200
|
||||
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
|
||||
int RAND_init_fips(void);
|
||||
#endif
|
||||
@ -1373,9 +1386,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100
|
||||
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100
|
||||
diff -up openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1g/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs 2014-05-06 16:22:21.021530782 +0200
|
||||
+++ openssl-1.0.1g/crypto/rand/rand_lcl.h 2014-05-06 16:22:21.435540353 +0200
|
||||
@@ -112,7 +112,7 @@
|
||||
#ifndef HEADER_RAND_LCL_H
|
||||
#define HEADER_RAND_LCL_H
|
||||
@ -1385,9 +1398,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/r
|
||||
|
||||
|
||||
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
|
||||
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
|
||||
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100
|
||||
diff -up openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1g/crypto/rand/rand_lib.c
|
||||
--- openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/crypto/rand/rand_lib.c 2014-05-06 16:22:21.435540353 +0200
|
||||
@@ -181,6 +181,41 @@ int RAND_status(void)
|
||||
return 0;
|
||||
}
|
||||
@ -1447,9 +1460,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/r
|
||||
return 1;
|
||||
}
|
||||
|
||||
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
|
||||
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100
|
||||
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100
|
||||
diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa/rsa_gen.c
|
||||
--- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs 2014-05-06 16:22:21.270536538 +0200
|
||||
+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:22:21.436540376 +0200
|
||||
@@ -1,5 +1,6 @@
|
||||
/* crypto/rsa/rsa_gen.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
@ -1717,9 +1730,9 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa
|
||||
ok=1;
|
||||
err:
|
||||
if (ok == -1)
|
||||
diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c
|
||||
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100
|
||||
diff -up openssl-1.0.1g/ssl/t1_enc.c.fips-reqs openssl-1.0.1g/ssl/t1_enc.c
|
||||
--- openssl-1.0.1g/ssl/t1_enc.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
|
||||
+++ openssl-1.0.1g/ssl/t1_enc.c 2014-05-06 16:22:21.436540376 +0200
|
||||
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
|
||||
err:
|
||||
return ret;
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
|
||||
--- openssl-1.0.1-beta2/ssl/ssl.h.op-all 2012-02-02 12:49:00.828035916 +0100
|
||||
+++ openssl-1.0.1-beta2/ssl/ssl.h 2012-02-02 12:52:27.297818182 +0100
|
||||
@@ -540,7 +540,7 @@ struct ssl_session_st
|
||||
diff -up openssl-1.0.1g/ssl/ssl.h.op-all openssl-1.0.1g/ssl/ssl.h
|
||||
--- openssl-1.0.1g/ssl/ssl.h.op-all 2014-05-06 16:03:37.400554125 +0200
|
||||
+++ openssl-1.0.1g/ssl/ssl.h 2014-05-06 16:06:21.688352245 +0200
|
||||
@@ -549,7 +549,7 @@ struct ssl_session_st
|
||||
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
||||
/* Allow initial connection to servers that don't support RI */
|
||||
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
||||
@ -9,8 +9,8 @@ diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
|
||||
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
|
||||
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
||||
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
||||
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
|
||||
@@ -558,7 +558,7 @@ struct ssl_session_st
|
||||
#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
|
||||
@@ -569,7 +569,7 @@ struct ssl_session_st
|
||||
|
||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
||||
* This used to be 0x000FFFFFL before 0.9.7. */
|
@ -1,108 +0,0 @@
|
||||
From: Dr. Stephen Henson <steve@openssl.org>
|
||||
Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
|
||||
Subject: Add heartbeat extension bounds check.
|
||||
X-Git-Tag: OpenSSL_1_0_1g~3
|
||||
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902
|
||||
|
||||
Add heartbeat extension bounds check.
|
||||
|
||||
A missing bounds check in the handling of the TLS heartbeat extension
|
||||
can be used to reveal up to 64k of memory to a connected client or
|
||||
server.
|
||||
|
||||
Thanks for Neel Mehta of Google Security for discovering this bug and to
|
||||
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
|
||||
preparing the fix (CVE-2014-0160)
|
||||
---
|
||||
|
||||
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
|
||||
index 7a5596a..2e8cf68 100644
|
||||
--- a/ssl/d1_both.c
|
||||
+++ b/ssl/d1_both.c
|
||||
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
- /* Read type and payload length first */
|
||||
- hbtype = *p++;
|
||||
- n2s(p, payload);
|
||||
- pl = p;
|
||||
-
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
+ /* Read type and payload length first */
|
||||
+ if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard */
|
||||
+ hbtype = *p++;
|
||||
+ n2s(p, payload);
|
||||
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
+ pl = p;
|
||||
+
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
||||
+ unsigned int write_length = 1 /* heartbeat type */ +
|
||||
+ 2 /* heartbeat length */ +
|
||||
+ payload + padding;
|
||||
int r;
|
||||
|
||||
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
|
||||
+ return 0;
|
||||
+
|
||||
/* Allocate memory for the response, size is 1 byte
|
||||
* message type, plus 2 bytes payload length, plus
|
||||
* payload, plus padding
|
||||
*/
|
||||
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
|
||||
+ buffer = OPENSSL_malloc(write_length);
|
||||
bp = buffer;
|
||||
|
||||
/* Enter response type, length and copy payload */
|
||||
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
|
||||
/* Random padding */
|
||||
RAND_pseudo_bytes(bp, padding);
|
||||
|
||||
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
|
||||
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
|
||||
|
||||
if (r >= 0 && s->msg_callback)
|
||||
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
|
||||
- buffer, 3 + payload + padding,
|
||||
+ buffer, write_length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
OPENSSL_free(buffer);
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||
index b82fada..bddffd9 100644
|
||||
--- a/ssl/t1_lib.c
|
||||
+++ b/ssl/t1_lib.c
|
||||
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
|
||||
unsigned int payload;
|
||||
unsigned int padding = 16; /* Use minimum padding */
|
||||
|
||||
- /* Read type and payload length first */
|
||||
- hbtype = *p++;
|
||||
- n2s(p, payload);
|
||||
- pl = p;
|
||||
-
|
||||
if (s->msg_callback)
|
||||
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
|
||||
&s->s3->rrec.data[0], s->s3->rrec.length,
|
||||
s, s->msg_callback_arg);
|
||||
|
||||
+ /* Read type and payload length first */
|
||||
+ if (1 + 2 + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard */
|
||||
+ hbtype = *p++;
|
||||
+ n2s(p, payload);
|
||||
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
|
||||
+ return 0; /* silently discard per RFC 6520 sec. 4 */
|
||||
+ pl = p;
|
||||
+
|
||||
if (hbtype == TLS1_HB_REQUEST)
|
||||
{
|
||||
unsigned char *buffer, *bp;
|
36
openssl.spec
36
openssl.spec
@ -22,8 +22,8 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1e
|
||||
Release: 44%{?dist}
|
||||
Version: 1.0.1g
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -57,9 +57,9 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-0.9.6-x509.patch
|
||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||
Patch36: openssl-1.0.0e-doc-noeof.patch
|
||||
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
|
||||
Patch38: openssl-1.0.1g-ssl-op-all.patch
|
||||
Patch39: openssl-1.0.1c-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.1e-fips.patch
|
||||
Patch40: openssl-1.0.1g-fips.patch
|
||||
Patch45: openssl-1.0.1e-env-zlib.patch
|
||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||
Patch49: openssl-1.0.1a-algo-doc.patch
|
||||
@ -79,23 +79,16 @@ Patch72: openssl-1.0.1e-fips-ctor.patch
|
||||
Patch73: openssl-1.0.1e-ecc-suiteb.patch
|
||||
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
||||
Patch75: openssl-1.0.1e-compat-symbols.patch
|
||||
Patch76: openssl-1.0.1e-new-fips-reqs.patch
|
||||
Patch76: openssl-1.0.1g-new-fips-reqs.patch
|
||||
Patch77: openssl-1.0.1e-weak-ciphers.patch
|
||||
Patch78: openssl-1.0.1e-3des-strength.patch
|
||||
Patch79: openssl-1.0.1e-req-keylen.patch
|
||||
Patch78: openssl-1.0.1g-3des-strength.patch
|
||||
Patch90: openssl-1.0.1e-enc-fail.patch
|
||||
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
||||
Patch82: openssl-1.0.1e-backports.patch
|
||||
Patch83: openssl-1.0.1e-bad-mac.patch
|
||||
Patch84: openssl-1.0.1e-trusted-first.patch
|
||||
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
||||
Patch86: openssl-1.0.1e-cve-2013-6449.patch
|
||||
Patch87: openssl-1.0.1e-cve-2013-6450.patch
|
||||
Patch88: openssl-1.0.1e-cve-2013-4353.patch
|
||||
Patch89: openssl-1.0.1e-ephemeral-key-size.patch
|
||||
# upstream patch for CVE-2014-0160
|
||||
Patch100: openssl.git-96db902.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -203,6 +196,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch68 -p1 -b .secure-getenv
|
||||
%patch69 -p1 -b .dh1024
|
||||
%patch70 -p1 -b .fips-ec
|
||||
%patch71 -p1 -b .manfix
|
||||
%patch72 -p1 -b .fips-ctor
|
||||
%patch73 -p1 -b .suiteb
|
||||
%patch74 -p1 -b .no-md5-verify
|
||||
@ -210,20 +204,13 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch76 -p1 -b .fips-reqs
|
||||
%patch77 -p1 -b .weak-ciphers
|
||||
%patch78 -p1 -b .3des-strength
|
||||
%patch79 -p1 -b .keylen
|
||||
%patch90 -p1 -b .enc-fail
|
||||
%patch91 -p1 -b .ssl2noec
|
||||
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .backports
|
||||
%patch71 -p1 -b .manfix
|
||||
%patch83 -p1 -b .bad-mac
|
||||
%patch84 -p1 -b .trusted-first
|
||||
%patch85 -p1 -b .armcap
|
||||
%patch86 -p1 -b .hash-crash
|
||||
%patch87 -p1 -b .dtls1-mitm
|
||||
%patch88 -p1 -b .handshake-crash
|
||||
%patch89 -p1 -b .ephemeral
|
||||
%patch100 -p1 -b .CVE-2014-0160
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
@ -490,6 +477,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed May 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1g-1
|
||||
- new upstream release 1.0.1g
|
||||
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
|
||||
- fail on hmac integrity check if the .hmac file is empty
|
||||
|
||||
* Mon Apr 07 2014 Dennis Gilmore <dennis@ausil.us> - 1.0.1e-44
|
||||
- pull in upstream patch for CVE-2014-0160
|
||||
- removed CHANGES file portion from patch for expediency
|
||||
|
Loading…
Reference in New Issue
Block a user