Multiple security issues fixed.
- fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
This commit is contained in:
parent
94b1a89708
commit
bfc1772d6e
|
@ -0,0 +1,40 @@
|
||||||
|
diff -up openssl-1.0.1e/crypto/evp/encode.c.b64-overflow openssl-1.0.1e/crypto/evp/encode.c
|
||||||
|
--- openssl-1.0.1e/crypto/evp/encode.c.b64-overflow 2016-04-07 15:45:20.000000000 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/evp/encode.c 2016-04-29 12:46:34.232656522 +0200
|
||||||
|
@@ -132,12 +132,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||||
|
const unsigned char *in, int inl)
|
||||||
|
{
|
||||||
|
int i,j;
|
||||||
|
- unsigned int total=0;
|
||||||
|
+ size_t total=0;
|
||||||
|
|
||||||
|
*outl=0;
|
||||||
|
if (inl == 0) return;
|
||||||
|
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||||
|
- if ((ctx->num+inl) < ctx->length)
|
||||||
|
+ if (ctx->length - ctx->num > inl)
|
||||||
|
{
|
||||||
|
memcpy(&(ctx->enc_data[ctx->num]),in,inl);
|
||||||
|
ctx->num+=inl;
|
||||||
|
@@ -156,7 +156,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||||
|
*out='\0';
|
||||||
|
total=j+1;
|
||||||
|
}
|
||||||
|
- while (inl >= ctx->length)
|
||||||
|
+ while (inl >= ctx->length && total <= INT_MAX)
|
||||||
|
{
|
||||||
|
j=EVP_EncodeBlock(out,in,ctx->length);
|
||||||
|
in+=ctx->length;
|
||||||
|
@@ -166,6 +166,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||||
|
*out='\0';
|
||||||
|
total+=j+1;
|
||||||
|
}
|
||||||
|
+ if (total > INT_MAX)
|
||||||
|
+ {
|
||||||
|
+ /* Too much output data! */
|
||||||
|
+ *outl = 0;
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
if (inl != 0)
|
||||||
|
memcpy(&(ctx->enc_data[0]),in,inl);
|
||||||
|
ctx->num=inl;
|
|
@ -0,0 +1,12 @@
|
||||||
|
diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.enc-overflow openssl-1.0.1e/crypto/evp/evp_enc.c
|
||||||
|
--- openssl-1.0.1e/crypto/evp/evp_enc.c.enc-overflow 2016-04-29 12:42:43.000000000 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/evp/evp_enc.c 2016-04-29 12:56:50.253736555 +0200
|
||||||
|
@@ -408,7 +408,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
|
||||||
|
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
|
||||||
|
if (i != 0)
|
||||||
|
{
|
||||||
|
- if (i+inl < bl)
|
||||||
|
+ if (bl - i > inl)
|
||||||
|
{
|
||||||
|
memcpy(&(ctx->buf[i]),in,inl);
|
||||||
|
ctx->buf_len+=inl;
|
|
@ -0,0 +1,20 @@
|
||||||
|
diff -up openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||||
|
--- openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check 2016-04-29 12:42:43.000000000 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-29 13:10:13.441125487 +0200
|
||||||
|
@@ -59,6 +59,7 @@
|
||||||
|
#include <openssl/aes.h>
|
||||||
|
#include <openssl/sha.h>
|
||||||
|
#include "evp_locl.h"
|
||||||
|
+#include "constant_time_locl.h"
|
||||||
|
|
||||||
|
#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||||
|
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||||
|
@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
|
||||||
|
maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
|
||||||
|
maxpad &= 255;
|
||||||
|
|
||||||
|
+ ret &= constant_time_ge(maxpad, pad);
|
||||||
|
+
|
||||||
|
inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
|
||||||
|
mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
|
||||||
|
inp_len &= mask;
|
|
@ -0,0 +1,69 @@
|
||||||
|
diff -up openssl-1.0.1e/crypto/asn1/a_int.c.asn1-negative openssl-1.0.1e/crypto/asn1/a_int.c
|
||||||
|
--- openssl-1.0.1e/crypto/asn1/a_int.c.asn1-negative 2016-04-29 13:23:05.221797998 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/asn1/a_int.c 2016-04-29 13:26:51.030957218 +0200
|
||||||
|
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
|
||||||
|
{
|
||||||
|
ret=a->length;
|
||||||
|
i=a->data[0];
|
||||||
|
+ if (ret == 1 && i == 0)
|
||||||
|
+ neg = 0;
|
||||||
|
if (!neg && (i > 127)) {
|
||||||
|
pad=1;
|
||||||
|
pb=0;
|
||||||
|
@@ -157,7 +159,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
|
||||||
|
p += a->length - 1;
|
||||||
|
i = a->length;
|
||||||
|
/* Copy zeros to destination as long as source is zero */
|
||||||
|
- while(!*n) {
|
||||||
|
+ while(!*n && i > 1) {
|
||||||
|
*(p--) = 0;
|
||||||
|
n--;
|
||||||
|
i--;
|
||||||
|
@@ -415,7 +417,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const B
|
||||||
|
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (BN_is_negative(bn))
|
||||||
|
+ if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||||
|
ret->type = V_ASN1_NEG_INTEGER;
|
||||||
|
else ret->type=V_ASN1_INTEGER;
|
||||||
|
j=BN_num_bits(bn);
|
||||||
|
diff -up openssl-1.0.1e/crypto/asn1/a_type.c.asn1-negative openssl-1.0.1e/crypto/asn1/a_type.c
|
||||||
|
--- openssl-1.0.1e/crypto/asn1/a_type.c.asn1-negative 2016-04-29 12:42:43.000000000 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/asn1/a_type.c 2016-04-29 13:28:40.202443787 +0200
|
||||||
|
@@ -131,9 +131,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
|
||||||
|
result = 0; /* They do not have content. */
|
||||||
|
break;
|
||||||
|
case V_ASN1_INTEGER:
|
||||||
|
- case V_ASN1_NEG_INTEGER:
|
||||||
|
case V_ASN1_ENUMERATED:
|
||||||
|
- case V_ASN1_NEG_ENUMERATED:
|
||||||
|
case V_ASN1_BIT_STRING:
|
||||||
|
case V_ASN1_OCTET_STRING:
|
||||||
|
case V_ASN1_SEQUENCE:
|
||||||
|
diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.asn1-negative openssl-1.0.1e/crypto/asn1/tasn_dec.c
|
||||||
|
--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.asn1-negative 2016-04-29 12:42:43.000000000 +0200
|
||||||
|
+++ openssl-1.0.1e/crypto/asn1/tasn_dec.c 2016-04-29 13:30:08.560456293 +0200
|
||||||
|
@@ -1011,9 +1011,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
|
||||||
|
break;
|
||||||
|
|
||||||
|
case V_ASN1_INTEGER:
|
||||||
|
- case V_ASN1_NEG_INTEGER:
|
||||||
|
case V_ASN1_ENUMERATED:
|
||||||
|
- case V_ASN1_NEG_ENUMERATED:
|
||||||
|
tint = (ASN1_INTEGER **)pval;
|
||||||
|
if (!c2i_ASN1_INTEGER(tint, &cont, len))
|
||||||
|
goto err;
|
||||||
|
diff -up openssl-1.0.1e/crypto/asn1/tasn_enc.c.asn1-negative openssl-1.0.1e/crypto/asn1/tasn_enc.c
|
||||||
|
--- openssl-1.0.1e/crypto/asn1/tasn_enc.c.asn1-negative 2013-02-11 16:26:04.000000000 +0100
|
||||||
|
+++ openssl-1.0.1e/crypto/asn1/tasn_enc.c 2016-04-29 13:30:34.688051394 +0200
|
||||||
|
@@ -638,9 +638,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
|
||||||
|
break;
|
||||||
|
|
||||||
|
case V_ASN1_INTEGER:
|
||||||
|
- case V_ASN1_NEG_INTEGER:
|
||||||
|
case V_ASN1_ENUMERATED:
|
||||||
|
- case V_ASN1_NEG_ENUMERATED:
|
||||||
|
/* These are all have the same content format
|
||||||
|
* as ASN1_INTEGER
|
||||||
|
*/
|
|
@ -0,0 +1,72 @@
|
||||||
|
diff -up openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos openssl-1.0.1e/crypto/asn1/a_d2i_fp.c
|
||||||
|
--- openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos 2013-02-11 16:02:47.000000000 +0100
|
||||||
|
+++ openssl-1.0.1e/crypto/asn1/a_d2i_fp.c 2016-04-29 13:44:52.205538739 +0200
|
||||||
|
@@ -139,6 +139,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define HEADER_SIZE 8
|
||||||
|
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||||
|
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||||
|
{
|
||||||
|
BUF_MEM *b;
|
||||||
|
@@ -230,6 +231,8 @@ static int asn1_d2i_read_bio(BIO *in, BU
|
||||||
|
want=c.slen;
|
||||||
|
if (want > (len-off))
|
||||||
|
{
|
||||||
|
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
|
||||||
|
+
|
||||||
|
want-=(len-off);
|
||||||
|
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||||
|
len+want < len)
|
||||||
|
@@ -237,24 +240,38 @@ static int asn1_d2i_read_bio(BIO *in, BU
|
||||||
|
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (!BUF_MEM_grow_clean(b,len+want))
|
||||||
|
- {
|
||||||
|
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
|
||||||
|
- goto err;
|
||||||
|
- }
|
||||||
|
while (want > 0)
|
||||||
|
{
|
||||||
|
- i=BIO_read(in,&(b->data[len]),want);
|
||||||
|
- if (i <= 0)
|
||||||
|
+ /*
|
||||||
|
+ * Read content in chunks of increasing size
|
||||||
|
+ * so we can return an error for EOF without
|
||||||
|
+ * having to allocate the entire content length
|
||||||
|
+ * in one go.
|
||||||
|
+ */
|
||||||
|
+ size_t chunk = want > chunk_max ? chunk_max : want;
|
||||||
|
+
|
||||||
|
+ if (!BUF_MEM_grow_clean(b, len + chunk))
|
||||||
|
{
|
||||||
|
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||||
|
- ASN1_R_NOT_ENOUGH_DATA);
|
||||||
|
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- /* This can't overflow because
|
||||||
|
- * |len+want| didn't overflow. */
|
||||||
|
- len+=i;
|
||||||
|
- want-=i;
|
||||||
|
+ want -= chunk;
|
||||||
|
+ while (chunk > 0)
|
||||||
|
+ {
|
||||||
|
+ i = BIO_read(in, &(b->data[len]), chunk);
|
||||||
|
+ if (i <= 0)
|
||||||
|
+ {
|
||||||
|
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||||
|
+ ASN1_R_NOT_ENOUGH_DATA);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ /* This can't overflow because
|
||||||
|
+ * |len+want| didn't overflow. */
|
||||||
|
+ len += i;
|
||||||
|
+ chunk -= i;
|
||||||
|
+ }
|
||||||
|
+ if (chunk_max < INT_MAX/2)
|
||||||
|
+ chunk_max *= 2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (off + c.slen < off)
|
19
openssl.spec
19
openssl.spec
|
@ -23,7 +23,7 @@
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1k
|
Version: 1.0.1k
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
|
@ -111,6 +111,11 @@ Patch117: openssl-1.0.1k-cve-2016-0702.patch
|
||||||
Patch118: openssl-1.0.1e-cve-2016-0705.patch
|
Patch118: openssl-1.0.1e-cve-2016-0705.patch
|
||||||
Patch119: openssl-1.0.1e-cve-2016-0797.patch
|
Patch119: openssl-1.0.1e-cve-2016-0797.patch
|
||||||
Patch120: openssl-1.0.1k-cve-2016-0799.patch
|
Patch120: openssl-1.0.1k-cve-2016-0799.patch
|
||||||
|
Patch121: openssl-1.0.1e-cve-2016-2105.patch
|
||||||
|
Patch122: openssl-1.0.1e-cve-2016-2106.patch
|
||||||
|
Patch123: openssl-1.0.1e-cve-2016-2107.patch
|
||||||
|
Patch124: openssl-1.0.1e-cve-2016-2108.patch
|
||||||
|
Patch125: openssl-1.0.1e-cve-2016-2109.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
@ -255,6 +260,11 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||||
%patch118 -p1 -b .dsa-doublefree
|
%patch118 -p1 -b .dsa-doublefree
|
||||||
%patch119 -p1 -b .bn-hex
|
%patch119 -p1 -b .bn-hex
|
||||||
%patch120 -p1 -b .bio-printf
|
%patch120 -p1 -b .bio-printf
|
||||||
|
%patch121 -p1 -b .b64-overflow
|
||||||
|
%patch122 -p1 -b .enc-overflow
|
||||||
|
%patch123 -p1 -b .padding-check
|
||||||
|
%patch124 -p1 -b .asn1-negative
|
||||||
|
%patch125 -p1 -b .asn1-bio-dos
|
||||||
|
|
||||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||||
|
|
||||||
|
@ -527,6 +537,13 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 3 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-15
|
||||||
|
- fix CVE-2016-2105 - possible overflow in base64 encoding
|
||||||
|
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
|
||||||
|
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
|
||||||
|
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
|
||||||
|
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
|
||||||
|
|
||||||
* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-14
|
* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-14
|
||||||
- fix CVE-2016-0702 - side channel attack on modular exponentiation
|
- fix CVE-2016-0702 - side channel attack on modular exponentiation
|
||||||
- fix CVE-2016-0705 - double-free in DSA private key parsing
|
- fix CVE-2016-0705 - double-free in DSA private key parsing
|
||||||
|
|
Loading…
Reference in New Issue