new upstream release 1.0.1g

- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
This commit is contained in:
Tomas Mraz 2014-05-07 11:42:32 +02:00
parent e55cd2c0e4
commit 0376d8368c
15 changed files with 482 additions and 1253 deletions

1
.gitignore vendored
View File

@ -13,3 +13,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1c-usa.tar.xz /openssl-1.0.1c-usa.tar.xz
/openssl-1.0.1e-usa.tar.xz /openssl-1.0.1e-usa.tar.xz
/openssl-1.0.1e-hobbled.tar.xz /openssl-1.0.1e-hobbled.tar.xz
/openssl-1.0.1g-hobbled.tar.xz

View File

@ -1,345 +0,0 @@
diff -up openssl-1.0.1e/crypto/pem/pem_info.c.backports openssl-1.0.1e/crypto/pem/pem_info.c
--- openssl-1.0.1e/crypto/pem/pem_info.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/pem/pem_info.c 2013-08-16 15:31:35.726003892 +0200
@@ -167,6 +167,7 @@ start:
#ifndef OPENSSL_NO_RSA
if (strcmp(name,PEM_STRING_RSA) == 0)
{
+ d2i=(D2I_OF(void))d2i_RSAPrivateKey;
if (xi->x_pkey != NULL)
{
if (!sk_X509_INFO_push(ret,xi)) goto err;
diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports 2013-08-16 15:31:35.697003256 +0200
+++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c 2013-08-16 15:33:37.770673918 +0200
@@ -582,6 +582,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CT
pm = RSA_NO_PADDING;
else if (!strcmp(value, "oeap"))
pm = RSA_PKCS1_OAEP_PADDING;
+ else if (!strcmp(value, "oaep"))
+ pm = RSA_PKCS1_OAEP_PADDING;
else if (!strcmp(value, "x931"))
pm = RSA_X931_PADDING;
else if (!strcmp(value, "pss"))
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.backports openssl-1.0.1e/crypto/x509/x509_vfy.c
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.backports 2013-08-16 15:31:35.721003782 +0200
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:31:35.726003892 +0200
@@ -696,6 +696,7 @@ static int check_cert(X509_STORE_CTX *ct
X509_CRL *crl = NULL, *dcrl = NULL;
X509 *x;
int ok, cnum;
+ unsigned int last_reasons;
cnum = ctx->error_depth;
x = sk_X509_value(ctx->chain, cnum);
ctx->current_cert = x;
@@ -704,6 +705,7 @@ static int check_cert(X509_STORE_CTX *ct
ctx->current_reasons = 0;
while (ctx->current_reasons != CRLDP_ALL_REASONS)
{
+ last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
if (ctx->get_crl)
ok = ctx->get_crl(ctx, &crl, x);
@@ -747,6 +749,15 @@ static int check_cert(X509_STORE_CTX *ct
X509_CRL_free(dcrl);
crl = NULL;
dcrl = NULL;
+ /* If reasons not updated we wont get anywhere by
+ * another iteration, so exit loop.
+ */
+ if (last_reasons == ctx->current_reasons)
+ {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+ ok = ctx->verify_cb(0, ctx);
+ goto err;
+ }
}
err:
X509_CRL_free(crl);
diff -up openssl-1.0.1e/crypto/x509/x_all.c.backports openssl-1.0.1e/crypto/x509/x_all.c
--- openssl-1.0.1e/crypto/x509/x_all.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/x509/x_all.c 2013-08-16 15:33:25.247399940 +0200
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, c
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
+ x->cert_info->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
+ x->crl->enc.modified = 1;
return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
}
diff -up openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
--- openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-08-16 15:31:35.727003914 +0200
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports openssl-1.0.1e/doc/ssl/SSL_accept.pod
--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-08-16 15:31:35.727003914 +0200
@@ -44,17 +44,17 @@ The following return values can occur:
=over 4
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports openssl-1.0.1e/doc/ssl/SSL_connect.pod
--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-08-16 15:31:35.727003914 +0200
@@ -41,17 +41,17 @@ The following return values can occur:
=over 4
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful, because a fatal error occurred either
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-08-16 15:31:35.727003914 +0200
@@ -66,16 +66,16 @@ values:
=over 4
-=item 1
-
-The operation succeeded.
-
=item 0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
+=item 1
+
+The operation succeeded.
+
=back
=head1 EXAMPLES
diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-08-16 15:31:35.727003914 +0200
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
Return values from the server callback are interpreted as follows:
+=over 4
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -99,4 +101,6 @@ completely.
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-08-16 15:31:35.727003914 +0200
@@ -45,17 +45,17 @@ The following return values can occur:
=over 4
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
=item 0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
=item E<lt>0
The TLS/SSL handshake was not successful because a fatal error occurred either
diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-08-16 15:31:35.728003935 +0200
@@ -92,11 +92,6 @@ The following return values can occur:
=over 4
-=item 1
-
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
=item 0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be per
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+=item 1
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
=item -1
The shutdown was not successful because a fatal error occurred either
diff -up openssl-1.0.1e/ssl/d1_lib.c.backports openssl-1.0.1e/ssl/d1_lib.c
--- openssl-1.0.1e/ssl/d1_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/d1_lib.c 2013-08-16 15:33:33.306576363 +0200
@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
pqueue_free(s->d1->buffered_app_data.q);
OPENSSL_free(s->d1);
+ s->d1 = NULL;
}
void dtls1_clear(SSL *s)
diff -up openssl-1.0.1e/ssl/d1_pkt.c.backports openssl-1.0.1e/ssl/d1_pkt.c
--- openssl-1.0.1e/ssl/d1_pkt.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/d1_pkt.c 2013-08-16 15:31:35.728003935 +0200
@@ -847,6 +847,12 @@ start:
}
}
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+ {
+ rr->length = 0;
+ goto start;
+ }
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@ start:
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->d1->handshake_read_seq++;
s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
diff -up openssl-1.0.1e/ssl/d1_srvr.c.backports openssl-1.0.1e/ssl/d1_srvr.c
--- openssl-1.0.1e/ssl/d1_srvr.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/d1_srvr.c 2013-08-16 15:31:35.728003935 +0200
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_HELLO_REQ_B:
s->shutdown=0;
+ dtls1_clear_record_buffer(s);
dtls1_start_timer(s);
ret=dtls1_send_hello_request(s);
if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+ s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
s->state=SSL3_ST_SW_FLUSH;
s->init_num=0;
diff -up openssl-1.0.1e/ssl/s3_cbc.c.backports openssl-1.0.1e/ssl/s3_cbc.c
--- openssl-1.0.1e/ssl/s3_cbc.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s3_cbc.c 2013-08-16 15:31:35.729003956 +0200
@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
unsigned padding_length, good, to_check, i;
const unsigned overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
{
/* These lengths are all public so we can test them in
* non-constant time.
diff -up openssl-1.0.1e/ssl/ssl_lib.c.backports openssl-1.0.1e/ssl/ssl_lib.c
--- openssl-1.0.1e/ssl/ssl_lib.c.backports 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/ssl_lib.c 2013-08-16 15:31:35.729003956 +0200
@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs=NULL;
- ret->comp_methods=SSL_COMP_get_compression_methods();
+ /* No compression for DTLS */
+ if (meth->version != DTLS1_VERSION)
+ ret->comp_methods=SSL_COMP_get_compression_methods();
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s)
{
- if (s->server)
- return(ssl_get_server_send_cert(s));
- else if (s->cert != NULL)
+ if (s->cert != NULL)
return(s->cert->key->x509);
else
return(NULL);
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
index 3b6c469..e8a7518 100644
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -69,6 +69,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&inc ("esi"); # number of cores
&mov ("eax",1);
+ &xor ("ecx","ecx");
&cpuid ();
&bt ("edx",28);
&jnc (&label("generic"));
@@ -102,6 +103,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&set_label("nocacheinfo");
&mov ("eax",1);
+ &xor ("ecx","ecx");
&cpuid ();
&and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0
&cmp ("ebp",0);

View File

@ -1,33 +0,0 @@
From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 18 Mar 2013 19:29:41 +0100
Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
plaforms.
PR: 3002
(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
---
crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b..fb2c884 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (res!=SHA_CBLOCK) continue;
- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+ /* j is not incremented yet */
+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
data->u[SHA_LBLOCK-1] |= bitlen&mask;
sha1_block_data_order(&key->md,data,1);
- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
pmac->u[0] |= key->md.h0 & mask;
pmac->u[1] |= key->md.h1 & mask;
pmac->u[2] |= key->md.h2 & mask;
--
1.7.9.5

View File

@ -1,21 +0,0 @@
Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 1e5dcab..53b9390 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
{
const char *sender;
int slen;
-
+ /* If no new cipher setup return immediately: other functions will
+ * set the appropriate error.
+ */
+ if (s->s3->tmp.new_cipher == NULL)
+ return;
if (s->state & SSL_ST_CONNECT)
{
sender=s->method->ssl3_enc->server_finished_label;

View File

@ -1,111 +0,0 @@
Use version in SSL_METHOD not SSL structure.
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
Also preventively check EVP errors for handshake digests.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bf832bb..c4ef273 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+ if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index ead01c8..1e5dcab 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
i=s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.finish_md);
+ if (i == 0)
+ return 0;
s->s3->tmp.finish_md_len = i;
memcpy(p, s->s3->tmp.finish_md, i);
p+=i;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 804291e..c4bc4e7 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
if (version != s->version)
{
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- if ((s->version & 0xFF00) == (version & 0xFF00))
+ if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
/* Send back error using their minor version number :-) */
s->version = (unsigned short)version;
al=SSL_AD_PROTOCOL_VERSION;
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
slen=s->method->ssl3_enc->client_finished_label_len;
}
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ i = s->method->ssl3_enc->final_finish_mac(s,
sender,slen,s->s3->tmp.peer_finish_md);
+ if (i == 0)
+ {
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->s3->tmp.peer_finish_md_len = i;
return(1);
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e5a8b3f..52efed3 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
(s->version != DTLS1_VERSION && s->client_version < s->version))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+ if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
+ !s->enc_write_ctx && !s->write_hash)
{
/* similar to ssl3_get_record, send alert using remote version number */
s->version = s->client_version;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 809ad2e..72015f5 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
if (mask & ssl_get_algorithm2(s))
{
int hashsize = EVP_MD_size(md);
- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
{
/* internal error: 'buf' is too small for this cipersuite! */
err = 1;
}
else
{
- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
- EVP_DigestFinal_ex(&ctx,q,&i);
- if (i != (unsigned int)hashsize) /* can't really happen */
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+ !EVP_DigestFinal_ex(&ctx,q,&i) ||
+ (i != (unsigned int)hashsize))
err = 1;
- q+=i;
+ q+=hashsize;
}
}
}
--
1.8.3.1

View File

@ -1,85 +0,0 @@
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 65ec001..7a5596a 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
static void
dtls1_hm_fragment_free(hm_fragment *frag)
{
+
+ if (frag->msg_header.is_ccs)
+ {
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+ }
if (frag->fragment) OPENSSL_free(frag->fragment);
if (frag->reassembly) OPENSSL_free(frag->reassembly);
OPENSSL_free(frag);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 96ce9a7..e485907 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD SSLv3_enc_data;
extern SSL3_ENC_METHOD DTLSv1_enc_data;
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
+
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
s_get_meth) \
const SSL_METHOD *func_name(void) \
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 72015f5..56db834 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
- if (s->enc_write_ctx != NULL)
+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
dd= s->enc_write_ctx;
- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ if (SSL_IS_DTLS(s))
+ {
+ mac_ctx = EVP_MD_CTX_create();
+ if (!mac_ctx)
+ goto err;
+ s->write_hash = mac_ctx;
+ }
+ else
+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 6fc469f..d14e8e4 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
+ if (ctx)
+ {
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
}
/* This call frees resources associated with the context */

View File

@ -1,38 +0,0 @@
diff -up openssl-1.0.1e/apps/req.c.keylen openssl-1.0.1e/apps/req.c
--- openssl-1.0.1e/apps/req.c.keylen 2014-02-12 14:58:29.000000000 +0100
+++ openssl-1.0.1e/apps/req.c 2014-02-14 13:52:48.692325000 +0100
@@ -644,6 +644,12 @@ bad:
if (inrand)
app_RAND_load_files(inrand);
+ if (newkey <= 0)
+ {
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+ newkey=DEFAULT_KEY_LENGTH;
+ }
+
if (keyalg)
{
genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -651,12 +657,6 @@ bad:
if (!genctx)
goto end;
}
-
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
{
@@ -1649,6 +1649,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO
keylen = atol(p + 1);
*pkeylen = keylen;
}
+ else
+ keylen = *pkeylen;
}
else if (p)
paramfile = p + 1;

View File

@ -0,0 +1,17 @@
diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c
--- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200
@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C
long l;
/* We can write SSLv2 and SSLv3 ciphers */
+ /* but no ECC ciphers */
+ if (c->algorithm_mkey == SSL_kECDHr ||
+ c->algorithm_mkey == SSL_kECDHe ||
+ c->algorithm_mkey == SSL_kEECDH ||
+ c->algorithm_auth == SSL_aECDH ||
+ c->algorithm_auth == SSL_aECDSA)
+ return 0;
if (p != NULL)
{
l=c->id;

View File

@ -1,9 +1,6 @@
Although the real strength is rather 112 bits we use 128 here as diff -up openssl-1.0.1g/ssl/s2_lib.c.3des-strength openssl-1.0.1g/ssl/s2_lib.c
we do not want to sort it behind more obscure ciphers. --- openssl-1.0.1g/ssl/s2_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
AES-128 is preferred anyway. +++ openssl-1.0.1g/ssl/s2_lib.c 2014-05-06 16:33:45.646358418 +0200
diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
--- openssl-1.0.1e/ssl/s2_lib.c.3des-strength 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s2_lib.c 2014-01-22 16:32:45.791700322 +0100
@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip @@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
SSL_SSLV2, SSL_SSLV2,
SSL_NOT_EXP|SSL_HIGH, SSL_NOT_EXP|SSL_HIGH,
@ -13,9 +10,9 @@ diff -up openssl-1.0.1e/ssl/s2_lib.c.3des-strength openssl-1.0.1e/ssl/s2_lib.c
168, 168,
}, },
diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c diff -up openssl-1.0.1g/ssl/s3_lib.c.3des-strength openssl-1.0.1g/ssl/s3_lib.c
--- openssl-1.0.1e/ssl/s3_lib.c.3des-strength 2014-01-17 11:41:11.000000000 +0100 --- openssl-1.0.1g/ssl/s3_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1e/ssl/s3_lib.c 2014-01-22 16:31:14.713666777 +0100 +++ openssl-1.0.1g/ssl/s3_lib.c 2014-05-06 16:38:05.887374872 +0200
@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
@ -90,7 +87,7 @@ diff -up openssl-1.0.1e/ssl/s3_lib.c.3des-strength openssl-1.0.1e/ssl/s3_lib.c
@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] @@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_EXP|SSL_HIGH, SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 168, - 168,
+ 128, + 128,

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
diff -up openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1e/crypto/bn/bn_rand.c diff -up openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1g/crypto/bn/bn_rand.c
--- openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs 2013-02-11 16:02:47.000000000 +0100 --- openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1e/crypto/bn/bn_rand.c 2014-02-13 16:50:34.280893285 +0100 +++ openssl-1.0.1g/crypto/bn/bn_rand.c 2014-05-06 16:22:21.432540283 +0200
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM @@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
goto err; goto err;
} }
@ -17,9 +17,9 @@ diff -up openssl-1.0.1e/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1e/crypto/bn/b
if (pseudorand) if (pseudorand)
{ {
diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_gen.c diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_gen.c
--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs 2013-12-18 12:17:09.748636614 +0100 --- openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs 2014-05-06 16:22:21.253536145 +0200
+++ openssl-1.0.1e/crypto/dh/dh_gen.c 2013-12-18 12:17:09.798637687 +0100 +++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:22:21.432540283 +0200
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret, @@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
return 0; return 0;
} }
@ -29,9 +29,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1e/crypto/dh/dh
{ {
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err; goto err;
diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h diff -up openssl-1.0.1g/crypto/dh/dh.h.fips-reqs openssl-1.0.1g/crypto/dh/dh.h
--- openssl-1.0.1e/crypto/dh/dh.h.fips-reqs 2013-12-18 12:17:09.748636614 +0100 --- openssl-1.0.1g/crypto/dh/dh.h.fips-reqs 2014-05-06 16:22:21.253536145 +0200
+++ openssl-1.0.1e/crypto/dh/dh.h 2013-12-18 12:17:09.798637687 +0100 +++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:22:21.432540283 +0200
@@ -78,6 +78,7 @@ @@ -78,6 +78,7 @@
#endif #endif
@ -40,9 +40,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh.h.fips-reqs openssl-1.0.1e/crypto/dh/dh.h
#define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/dh_check.c diff -up openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_check.c
--- openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 --- openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1e/crypto/dh/dh_check.c 2013-12-18 12:17:09.799637708 +0100 +++ openssl-1.0.1g/crypto/dh/dh_check.c 2014-05-06 16:22:21.432540283 +0200
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const @@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
BN_sub_word(q,1); BN_sub_word(q,1);
if (BN_cmp(pub_key,q)>=0) if (BN_cmp(pub_key,q)>=0)
@ -77,9 +77,9 @@ diff -up openssl-1.0.1e/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1e/crypto/dh/
ok = 1; ok = 1;
err: err:
if (q != NULL) BN_free(q); if (q != NULL) BN_free(q);
diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_gen.c diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs 2013-12-18 12:17:09.749636636 +0100 --- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs 2014-05-06 16:22:21.254536168 +0200
+++ openssl-1.0.1e/crypto/dsa/dsa_gen.c 2013-12-18 12:17:09.799637708 +0100 +++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:22:21.432540283 +0200
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ @@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
} }
@ -88,9 +88,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1e/crypto/dsa
(bits != 2048 || qbits != 224) && (bits != 2048 || qbits != 224) &&
(bits != 2048 || qbits != 256) && (bits != 2048 || qbits != 256) &&
(bits != 3072 || qbits != 256)) (bits != 3072 || qbits != 256))
diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa.h diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1g/crypto/dsa/dsa.h
--- openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs 2013-12-18 12:17:09.749636636 +0100 --- openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs 2014-05-06 16:22:21.254536168 +0200
+++ openssl-1.0.1e/crypto/dsa/dsa.h 2013-12-18 12:17:09.799637708 +0100 +++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:22:21.432540283 +0200
@@ -89,6 +89,7 @@ @@ -89,6 +89,7 @@
#endif #endif
@ -112,9 +112,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1e/crypto/dsa/dsa
#define DSA_is_prime(n, callback, cb_arg) \ #define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa/dsa_key.c diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_key.c
--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs 2013-12-18 12:17:09.797637665 +0100 --- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs 2014-05-06 16:22:21.427540169 +0200
+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-18 12:17:09.799637708 +0100 +++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:22:21.433540307 +0200
@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa) @@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
@ -124,9 +124,9 @@ diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1e/crypto/dsa
{ {
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
goto err; goto err;
diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_dh_selftest.c diff -up openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs 2013-12-18 17:06:36.575114314 +0100 --- openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-05-06 16:22:21.433540307 +0200
+++ openssl-1.0.1e/crypto/fips/fips_dh_selftest.c 2013-12-18 17:26:14.409036334 +0100 +++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c 2014-05-06 16:22:21.433540307 +0200
@@ -0,0 +1,162 @@ @@ -0,0 +1,162 @@
+/* ==================================================================== +/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@ -290,9 +290,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1e/
+ return ret; + return ret;
+ } + }
+#endif +#endif
diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_drbg_rand.c diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs 2013-12-18 12:17:09.757636808 +0100 --- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs 2014-05-06 16:22:21.263536376 +0200
+++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c 2013-12-18 18:53:33.263711297 +0100 +++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:22:21.433540307 +0200
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char @@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
int rv = 0; int rv = 0;
unsigned char *adin = NULL; unsigned char *adin = NULL;
@ -373,9 +373,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1e/cr
} }
static const RAND_METHOD rand_drbg_meth = static const RAND_METHOD rand_drbg_meth =
diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/fips.h diff -up openssl-1.0.1g/crypto/fips/fips.h.fips-reqs openssl-1.0.1g/crypto/fips/fips.h
--- openssl-1.0.1e/crypto/fips/fips.h.fips-reqs 2013-12-18 12:17:09.000000000 +0100 --- openssl-1.0.1g/crypto/fips/fips.h.fips-reqs 2014-05-06 16:22:21.421540031 +0200
+++ openssl-1.0.1e/crypto/fips/fips.h 2013-12-18 17:13:00.928586689 +0100 +++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:22:21.433540307 +0200
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void); @@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void); int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void); int FIPS_selftest_ecdsa(void);
@ -384,9 +384,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-reqs openssl-1.0.1e/crypto/fips/
void FIPS_corrupt_rng(void); void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void); void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff); void FIPS_x931_stick(int onoff);
diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_post.c diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_post.c
--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs 2013-12-18 12:17:09.000000000 +0100 --- openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs 2014-05-06 16:22:21.420540008 +0200
+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-12-18 17:12:26.721832716 +0100 +++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:22:21.433540307 +0200
@@ -99,6 +99,8 @@ int FIPS_selftest(void) @@ -99,6 +99,8 @@ int FIPS_selftest(void)
rv = 0; rv = 0;
if (!FIPS_selftest_dsa()) if (!FIPS_selftest_dsa())
@ -396,9 +396,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1e/crypto/
if (!FIPS_selftest_ecdh()) if (!FIPS_selftest_ecdh())
rv = 0; rv = 0;
return rv; return rv;
diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-03-14 14:47:18.809259727 +0100 --- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-05-06 16:22:21.267536469 +0200
+++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c 2014-03-14 15:37:26.295687852 +0100 +++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:22:21.434540330 +0200
@@ -60,69 +60,113 @@ @@ -60,69 +60,113 @@
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
@ -1129,9 +1129,9 @@ diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1e
RSA_free(key); RSA_free(key);
return ret; return ret;
} }
diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fips/Makefile diff -up openssl-1.0.1g/crypto/fips/Makefile.fips-reqs openssl-1.0.1g/crypto/fips/Makefile
--- openssl-1.0.1e/crypto/fips/Makefile.fips-reqs 2013-12-18 12:17:20.000000000 +0100 --- openssl-1.0.1g/crypto/fips/Makefile.fips-reqs 2014-05-06 16:22:21.420540008 +0200
+++ openssl-1.0.1e/crypto/fips/Makefile 2013-12-18 17:14:20.348337362 +0100 +++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:22:21.434540330 +0200
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self @@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -1150,10 +1150,10 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-reqs openssl-1.0.1e/crypto/fip
LIBCRYPTO=-L.. -lcrypto LIBCRYPTO=-L.. -lcrypto
diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/modes/gcm128.c diff -up openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1g/crypto/modes/gcm128.c
--- openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 --- openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs 2014-04-06 17:55:01.000000000 +0200
+++ openssl-1.0.1e/crypto/modes/gcm128.c 2013-12-18 12:17:09.800637730 +0100 +++ openssl-1.0.1g/crypto/modes/gcm128.c 2014-05-06 16:22:21.434540330 +0200
@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT @@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
# endif # endif
#endif #endif
@ -1164,7 +1164,7 @@ diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/mo
#if 0 #if 0
n = (unsigned int)mlen%16; /* alternative to ctx->mres */ n = (unsigned int)mlen%16; /* alternative to ctx->mres */
#endif #endif
@@ -1200,6 +1204,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C @@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
# endif # endif
#endif #endif
@ -1175,10 +1175,10 @@ diff -up openssl-1.0.1e/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1e/crypto/mo
mlen += len; mlen += len;
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len)) if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
return -1; return -1;
diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto/modes/modes_lcl.h diff -up openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1g/crypto/modes/modes_lcl.h
--- openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs 2013-12-18 12:17:09.388628895 +0100 --- openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs 2014-05-06 16:22:20.903528054 +0200
+++ openssl-1.0.1e/crypto/modes/modes_lcl.h 2013-12-18 12:17:09.800637730 +0100 +++ openssl-1.0.1g/crypto/modes/modes_lcl.h 2014-05-06 16:22:21.435540353 +0200
@@ -115,6 +115,7 @@ struct gcm128_context { @@ -112,6 +112,7 @@ struct gcm128_context {
unsigned int mres, ares; unsigned int mres, ares;
block128_f block; block128_f block;
void *key; void *key;
@ -1186,9 +1186,9 @@ diff -up openssl-1.0.1e/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1e/crypto
}; };
struct xts128_context { struct xts128_context {
diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/rand/md_rand.c diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1g/crypto/rand/md_rand.c
--- openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs 2013-12-18 12:17:09.763636936 +0100 --- openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs 2014-05-06 16:22:21.269536515 +0200
+++ openssl-1.0.1e/crypto/rand/md_rand.c 2013-12-18 12:17:09.800637730 +0100 +++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:26:53.776836535 +0200
@@ -143,12 +143,6 @@ static long md_count[2]={0,0}; @@ -143,12 +143,6 @@ static long md_count[2]={0,0};
static double entropy=0; static double entropy=0;
static int initialized=0; static int initialized=0;
@ -1209,9 +1209,9 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
- int do_not_lock; - int do_not_lock;
+ int locked; + int locked;
/* if (!num)
* (Based on the rand(3) manpage) return;
@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void * @@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
* hash function. * hash function.
*/ */
@ -1232,7 +1232,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
st_idx=state_index; st_idx=state_index;
/* use our own copies of the counters so that even /* use our own copies of the counters so that even
@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void * @@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
@ -1242,7 +1242,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
EVP_MD_CTX_init(&m); EVP_MD_CTX_init(&m);
for (i=0; i<num; i+=MD_DIGEST_LENGTH) for (i=0; i<num; i+=MD_DIGEST_LENGTH)
@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void * @@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
} }
EVP_MD_CTX_cleanup(&m); EVP_MD_CTX_cleanup(&m);
@ -1251,7 +1251,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
/* Don't just copy back local_md into md -- this could mean that /* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for * other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as * the incremented counter). By XORing it we keep at least as
@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void * @@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
} }
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add; entropy += add;
@ -1261,7 +1261,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
assert(md_c[1] == md_count[1]); assert(md_c[1] == md_count[1]);
@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch @@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
pid_t curr_pid = getpid(); pid_t curr_pid = getpid();
#endif #endif
int do_stir_pool = 0; int do_stir_pool = 0;
@ -1269,12 +1269,16 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
#ifdef PREDICT #ifdef PREDICT
if (rand_predictable) if (rand_predictable)
@@ -381,13 +367,7 @@ static int ssleay_rand_bytes(unsigned ch @@ -383,17 +369,8 @@ static int ssleay_rand_bytes(unsigned ch
* are fed into the hash function and the results are kept in the
* global 'md'. * global 'md'.
*/ */
-#ifdef OPENSSL_FIPS
- /* NB: in FIPS mode we are already under a lock */
- if (!FIPS_mode())
-#endif
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); - CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
- CRYPTO_THREADID_current(&locking_threadid); - CRYPTO_THREADID_current(&locking_threadid);
@ -1284,33 +1288,42 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
/* always poll for external entropy in FIPS mode, drbg provides the /* always poll for external entropy in FIPS mode, drbg provides the
* expansion * expansion
@@ -461,9 +441,8 @@ static int ssleay_rand_bytes(unsigned ch @@ -467,12 +444,8 @@ static int ssleay_rand_bytes(unsigned ch
md_count[0] += 1; md_count[0] += 1;
- /* before unlocking, we must clear 'crypto_lock_rand' */ - /* before unlocking, we must clear 'crypto_lock_rand' */
- crypto_lock_rand = 0; - crypto_lock_rand = 0;
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode())
-#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (locked) + if (locked)
+ private_RAND_lock(0); + private_RAND_lock(0);
while (num > 0) while (num > 0)
{ {
@@ -515,10 +494,11 @@ static int ssleay_rand_bytes(unsigned ch @@ -524,16 +497,11 @@ static int ssleay_rand_bytes(unsigned ch
MD_Init(&m); MD_Init(&m);
MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
MD_Update(&m,local_md,MD_DIGEST_LENGTH); MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode())
-#endif
- CRYPTO_w_lock(CRYPTO_LOCK_RAND); - CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ locked = private_RAND_lock(1); + locked = private_RAND_lock(1);
MD_Update(&m,md,MD_DIGEST_LENGTH); MD_Update(&m,md,MD_DIGEST_LENGTH);
MD_Final(&m,md); MD_Final(&m,md);
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode())
-#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (locked) + if (locked)
+ private_RAND_lock(0); + private_RAND_lock(0);
EVP_MD_CTX_cleanup(&m); EVP_MD_CTX_cleanup(&m);
if (ok) if (ok)
@@ -548,32 +528,10 @@ static int ssleay_rand_pseudo_bytes(unsi @@ -563,32 +531,10 @@ static int ssleay_rand_pseudo_bytes(unsi
static int ssleay_rand_status(void) static int ssleay_rand_status(void)
{ {
@ -1345,7 +1358,7 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
if (!initialized) if (!initialized)
{ {
@@ -583,13 +541,8 @@ static int ssleay_rand_status(void) @@ -598,13 +544,8 @@ static int ssleay_rand_status(void)
ret = entropy >= ENTROPY_NEEDED; ret = entropy >= ENTROPY_NEEDED;
@ -1361,9 +1374,9 @@ diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1e/crypto/ra
return ret; return ret;
} }
diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h diff -up openssl-1.0.1g/crypto/rand/rand.h.fips-reqs openssl-1.0.1g/crypto/rand/rand.h
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs 2013-12-18 12:17:09.764636958 +0100 --- openssl-1.0.1g/crypto/rand/rand.h.fips-reqs 2014-05-06 16:22:21.269536515 +0200
+++ openssl-1.0.1e/crypto/rand/rand.h 2013-12-18 12:17:09.800637730 +0100 +++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:22:21.435540353 +0200
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i @@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
int RAND_init_fips(void); int RAND_init_fips(void);
#endif #endif
@ -1373,9 +1386,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.
diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h diff -up openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1g/crypto/rand/rand_lcl.h
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs 2013-12-18 12:17:09.507631447 +0100 --- openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs 2014-05-06 16:22:21.021530782 +0200
+++ openssl-1.0.1e/crypto/rand/rand_lcl.h 2013-12-18 12:17:09.800637730 +0100 +++ openssl-1.0.1g/crypto/rand/rand_lcl.h 2014-05-06 16:22:21.435540353 +0200
@@ -112,7 +112,7 @@ @@ -112,7 +112,7 @@
#ifndef HEADER_RAND_LCL_H #ifndef HEADER_RAND_LCL_H
#define HEADER_RAND_LCL_H #define HEADER_RAND_LCL_H
@ -1385,9 +1398,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/r
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c diff -up openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1g/crypto/rand/rand_lib.c
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 --- openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1e/crypto/rand/rand_lib.c 2013-12-18 18:16:45.625850730 +0100 +++ openssl-1.0.1g/crypto/rand/rand_lib.c 2014-05-06 16:22:21.435540353 +0200
@@ -181,6 +181,41 @@ int RAND_status(void) @@ -181,6 +181,41 @@ int RAND_status(void)
return 0; return 0;
} }
@ -1447,9 +1460,9 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/r
return 1; return 1;
} }
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs 2013-12-18 12:17:09.764636958 +0100 --- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs 2014-05-06 16:22:21.270536538 +0200
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2013-12-19 17:40:58.483154314 +0100 +++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:22:21.436540376 +0200
@@ -1,5 +1,6 @@ @@ -1,5 +1,6 @@
/* crypto/rsa/rsa_gen.c */ /* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@ -1717,9 +1730,9 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa
ok=1; ok=1;
err: err:
if (ok == -1) if (ok == -1)
diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c diff -up openssl-1.0.1g/ssl/t1_enc.c.fips-reqs openssl-1.0.1g/ssl/t1_enc.c
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs 2013-02-11 16:26:04.000000000 +0100 --- openssl-1.0.1g/ssl/t1_enc.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1e/ssl/t1_enc.c 2013-12-18 12:17:09.801637751 +0100 +++ openssl-1.0.1g/ssl/t1_enc.c 2014-05-06 16:22:21.436540376 +0200
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask, @@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
err: err:
return ret; return ret;

View File

@ -1,7 +1,7 @@
diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h diff -up openssl-1.0.1g/ssl/ssl.h.op-all openssl-1.0.1g/ssl/ssl.h
--- openssl-1.0.1-beta2/ssl/ssl.h.op-all 2012-02-02 12:49:00.828035916 +0100 --- openssl-1.0.1g/ssl/ssl.h.op-all 2014-05-06 16:03:37.400554125 +0200
+++ openssl-1.0.1-beta2/ssl/ssl.h 2012-02-02 12:52:27.297818182 +0100 +++ openssl-1.0.1g/ssl/ssl.h 2014-05-06 16:06:21.688352245 +0200
@@ -540,7 +540,7 @@ struct ssl_session_st @@ -549,7 +549,7 @@ struct ssl_session_st
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
/* Allow initial connection to servers that don't support RI */ /* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
@ -9,8 +9,8 @@ diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */ +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */ #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
@@ -558,7 +558,7 @@ struct ssl_session_st @@ -569,7 +569,7 @@ struct ssl_session_st
/* SSL_OP_ALL: various bug workarounds that should be rather harmless. /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */ * This used to be 0x000FFFFFL before 0.9.7. */

View File

@ -1,108 +0,0 @@
From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
Subject: Add heartbeat extension bounds check.
X-Git-Tag: OpenSSL_1_0_1g~3
X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
---
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7a5596a..2e8cf68 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b82fada..bddffd9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;

View File

@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1e Version: 1.0.1g
Release: 44%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -57,9 +57,9 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch Patch35: openssl-0.9.8j-version-add-engines.patch
Patch36: openssl-1.0.0e-doc-noeof.patch Patch36: openssl-1.0.0e-doc-noeof.patch
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch Patch38: openssl-1.0.1g-ssl-op-all.patch
Patch39: openssl-1.0.1c-ipv6-apps.patch Patch39: openssl-1.0.1c-ipv6-apps.patch
Patch40: openssl-1.0.1e-fips.patch Patch40: openssl-1.0.1g-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.1a-algo-doc.patch Patch49: openssl-1.0.1a-algo-doc.patch
@ -79,23 +79,16 @@ Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch Patch73: openssl-1.0.1e-ecc-suiteb.patch
Patch74: openssl-1.0.1e-no-md5-verify.patch Patch74: openssl-1.0.1e-no-md5-verify.patch
Patch75: openssl-1.0.1e-compat-symbols.patch Patch75: openssl-1.0.1e-compat-symbols.patch
Patch76: openssl-1.0.1e-new-fips-reqs.patch Patch76: openssl-1.0.1g-new-fips-reqs.patch
Patch77: openssl-1.0.1e-weak-ciphers.patch Patch77: openssl-1.0.1e-weak-ciphers.patch
Patch78: openssl-1.0.1e-3des-strength.patch Patch78: openssl-1.0.1g-3des-strength.patch
Patch79: openssl-1.0.1e-req-keylen.patch
Patch90: openssl-1.0.1e-enc-fail.patch Patch90: openssl-1.0.1e-enc-fail.patch
Patch91: openssl-1.0.1e-ssl2-no-ec.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch Patch81: openssl-1.0.1-beta2-padlock64.patch
Patch82: openssl-1.0.1e-backports.patch
Patch83: openssl-1.0.1e-bad-mac.patch
Patch84: openssl-1.0.1e-trusted-first.patch Patch84: openssl-1.0.1e-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
Patch86: openssl-1.0.1e-cve-2013-6449.patch
Patch87: openssl-1.0.1e-cve-2013-6450.patch
Patch88: openssl-1.0.1e-cve-2013-4353.patch
Patch89: openssl-1.0.1e-ephemeral-key-size.patch Patch89: openssl-1.0.1e-ephemeral-key-size.patch
# upstream patch for CVE-2014-0160
Patch100: openssl.git-96db902.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -203,6 +196,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch68 -p1 -b .secure-getenv %patch68 -p1 -b .secure-getenv
%patch69 -p1 -b .dh1024 %patch69 -p1 -b .dh1024
%patch70 -p1 -b .fips-ec %patch70 -p1 -b .fips-ec
%patch71 -p1 -b .manfix
%patch72 -p1 -b .fips-ctor %patch72 -p1 -b .fips-ctor
%patch73 -p1 -b .suiteb %patch73 -p1 -b .suiteb
%patch74 -p1 -b .no-md5-verify %patch74 -p1 -b .no-md5-verify
@ -210,20 +204,13 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch76 -p1 -b .fips-reqs %patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers %patch77 -p1 -b .weak-ciphers
%patch78 -p1 -b .3des-strength %patch78 -p1 -b .3des-strength
%patch79 -p1 -b .keylen
%patch90 -p1 -b .enc-fail %patch90 -p1 -b .enc-fail
%patch91 -p1 -b .ssl2noec
%patch81 -p1 -b .padlock64 %patch81 -p1 -b .padlock64
%patch82 -p1 -b .backports
%patch71 -p1 -b .manfix
%patch83 -p1 -b .bad-mac
%patch84 -p1 -b .trusted-first %patch84 -p1 -b .trusted-first
%patch85 -p1 -b .armcap %patch85 -p1 -b .armcap
%patch86 -p1 -b .hash-crash
%patch87 -p1 -b .dtls1-mitm
%patch88 -p1 -b .handshake-crash
%patch89 -p1 -b .ephemeral %patch89 -p1 -b .ephemeral
%patch100 -p1 -b .CVE-2014-0160
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@ -490,6 +477,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed May 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1g-1
- new upstream release 1.0.1g
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- fail on hmac integrity check if the .hmac file is empty
* Mon Apr 07 2014 Dennis Gilmore <dennis@ausil.us> - 1.0.1e-44 * Mon Apr 07 2014 Dennis Gilmore <dennis@ausil.us> - 1.0.1e-44
- pull in upstream patch for CVE-2014-0160 - pull in upstream patch for CVE-2014-0160
- removed CHANGES file portion from patch for expediency - removed CHANGES file portion from patch for expediency

View File

@ -1 +1 @@
6115ae0bb61b481a9195baef72514c2e openssl-1.0.1e-hobbled.tar.xz 3de4f91702dfa545d577912a065fb250 openssl-1.0.1g-hobbled.tar.xz