Multiple security issues fixed.
- fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
This commit is contained in:
parent
94b1a89708
commit
bfc1772d6e
40
openssl-1.0.1e-cve-2016-2105.patch
Normal file
40
openssl-1.0.1e-cve-2016-2105.patch
Normal file
@ -0,0 +1,40 @@
|
||||
diff -up openssl-1.0.1e/crypto/evp/encode.c.b64-overflow openssl-1.0.1e/crypto/evp/encode.c
|
||||
--- openssl-1.0.1e/crypto/evp/encode.c.b64-overflow 2016-04-07 15:45:20.000000000 +0200
|
||||
+++ openssl-1.0.1e/crypto/evp/encode.c 2016-04-29 12:46:34.232656522 +0200
|
||||
@@ -132,12 +132,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int i,j;
|
||||
- unsigned int total=0;
|
||||
+ size_t total=0;
|
||||
|
||||
*outl=0;
|
||||
if (inl == 0) return;
|
||||
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||
- if ((ctx->num+inl) < ctx->length)
|
||||
+ if (ctx->length - ctx->num > inl)
|
||||
{
|
||||
memcpy(&(ctx->enc_data[ctx->num]),in,inl);
|
||||
ctx->num+=inl;
|
||||
@@ -156,7 +156,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||
*out='\0';
|
||||
total=j+1;
|
||||
}
|
||||
- while (inl >= ctx->length)
|
||||
+ while (inl >= ctx->length && total <= INT_MAX)
|
||||
{
|
||||
j=EVP_EncodeBlock(out,in,ctx->length);
|
||||
in+=ctx->length;
|
||||
@@ -166,6 +166,12 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ct
|
||||
*out='\0';
|
||||
total+=j+1;
|
||||
}
|
||||
+ if (total > INT_MAX)
|
||||
+ {
|
||||
+ /* Too much output data! */
|
||||
+ *outl = 0;
|
||||
+ return;
|
||||
+ }
|
||||
if (inl != 0)
|
||||
memcpy(&(ctx->enc_data[0]),in,inl);
|
||||
ctx->num=inl;
|
12
openssl-1.0.1e-cve-2016-2106.patch
Normal file
12
openssl-1.0.1e-cve-2016-2106.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.enc-overflow openssl-1.0.1e/crypto/evp/evp_enc.c
|
||||
--- openssl-1.0.1e/crypto/evp/evp_enc.c.enc-overflow 2016-04-29 12:42:43.000000000 +0200
|
||||
+++ openssl-1.0.1e/crypto/evp/evp_enc.c 2016-04-29 12:56:50.253736555 +0200
|
||||
@@ -408,7 +408,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
|
||||
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
|
||||
if (i != 0)
|
||||
{
|
||||
- if (i+inl < bl)
|
||||
+ if (bl - i > inl)
|
||||
{
|
||||
memcpy(&(ctx->buf[i]),in,inl);
|
||||
ctx->buf_len+=inl;
|
20
openssl-1.0.1e-cve-2016-2107.patch
Normal file
20
openssl-1.0.1e-cve-2016-2107.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -up openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
--- openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check 2016-04-29 12:42:43.000000000 +0200
|
||||
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-29 13:10:13.441125487 +0200
|
||||
@@ -59,6 +59,7 @@
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/sha.h>
|
||||
#include "evp_locl.h"
|
||||
+#include "constant_time_locl.h"
|
||||
|
||||
#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
|
||||
#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
|
||||
@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
|
||||
maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
|
||||
maxpad &= 255;
|
||||
|
||||
+ ret &= constant_time_ge(maxpad, pad);
|
||||
+
|
||||
inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
|
||||
mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
|
||||
inp_len &= mask;
|
69
openssl-1.0.1e-cve-2016-2108.patch
Normal file
69
openssl-1.0.1e-cve-2016-2108.patch
Normal file
@ -0,0 +1,69 @@
|
||||
diff -up openssl-1.0.1e/crypto/asn1/a_int.c.asn1-negative openssl-1.0.1e/crypto/asn1/a_int.c
|
||||
--- openssl-1.0.1e/crypto/asn1/a_int.c.asn1-negative 2016-04-29 13:23:05.221797998 +0200
|
||||
+++ openssl-1.0.1e/crypto/asn1/a_int.c 2016-04-29 13:26:51.030957218 +0200
|
||||
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
|
||||
{
|
||||
ret=a->length;
|
||||
i=a->data[0];
|
||||
+ if (ret == 1 && i == 0)
|
||||
+ neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad=1;
|
||||
pb=0;
|
||||
@@ -157,7 +159,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
- while(!*n) {
|
||||
+ while(!*n && i > 1) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
@@ -415,7 +417,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const B
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
- if (BN_is_negative(bn))
|
||||
+ if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else ret->type=V_ASN1_INTEGER;
|
||||
j=BN_num_bits(bn);
|
||||
diff -up openssl-1.0.1e/crypto/asn1/a_type.c.asn1-negative openssl-1.0.1e/crypto/asn1/a_type.c
|
||||
--- openssl-1.0.1e/crypto/asn1/a_type.c.asn1-negative 2016-04-29 12:42:43.000000000 +0200
|
||||
+++ openssl-1.0.1e/crypto/asn1/a_type.c 2016-04-29 13:28:40.202443787 +0200
|
||||
@@ -131,9 +131,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
|
||||
result = 0; /* They do not have content. */
|
||||
break;
|
||||
case V_ASN1_INTEGER:
|
||||
- case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
- case V_ASN1_NEG_ENUMERATED:
|
||||
case V_ASN1_BIT_STRING:
|
||||
case V_ASN1_OCTET_STRING:
|
||||
case V_ASN1_SEQUENCE:
|
||||
diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.asn1-negative openssl-1.0.1e/crypto/asn1/tasn_dec.c
|
||||
--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.asn1-negative 2016-04-29 12:42:43.000000000 +0200
|
||||
+++ openssl-1.0.1e/crypto/asn1/tasn_dec.c 2016-04-29 13:30:08.560456293 +0200
|
||||
@@ -1011,9 +1011,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const
|
||||
break;
|
||||
|
||||
case V_ASN1_INTEGER:
|
||||
- case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
- case V_ASN1_NEG_ENUMERATED:
|
||||
tint = (ASN1_INTEGER **)pval;
|
||||
if (!c2i_ASN1_INTEGER(tint, &cont, len))
|
||||
goto err;
|
||||
diff -up openssl-1.0.1e/crypto/asn1/tasn_enc.c.asn1-negative openssl-1.0.1e/crypto/asn1/tasn_enc.c
|
||||
--- openssl-1.0.1e/crypto/asn1/tasn_enc.c.asn1-negative 2013-02-11 16:26:04.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/asn1/tasn_enc.c 2016-04-29 13:30:34.688051394 +0200
|
||||
@@ -638,9 +638,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsig
|
||||
break;
|
||||
|
||||
case V_ASN1_INTEGER:
|
||||
- case V_ASN1_NEG_INTEGER:
|
||||
case V_ASN1_ENUMERATED:
|
||||
- case V_ASN1_NEG_ENUMERATED:
|
||||
/* These are all have the same content format
|
||||
* as ASN1_INTEGER
|
||||
*/
|
72
openssl-1.0.1e-cve-2016-2109.patch
Normal file
72
openssl-1.0.1e-cve-2016-2109.patch
Normal file
@ -0,0 +1,72 @@
|
||||
diff -up openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos openssl-1.0.1e/crypto/asn1/a_d2i_fp.c
|
||||
--- openssl-1.0.1e/crypto/asn1/a_d2i_fp.c.asn1-bio-dos 2013-02-11 16:02:47.000000000 +0100
|
||||
+++ openssl-1.0.1e/crypto/asn1/a_d2i_fp.c 2016-04-29 13:44:52.205538739 +0200
|
||||
@@ -139,6 +139,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
BUF_MEM *b;
|
||||
@@ -230,6 +231,8 @@ static int asn1_d2i_read_bio(BIO *in, BU
|
||||
want=c.slen;
|
||||
if (want > (len-off))
|
||||
{
|
||||
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
|
||||
+
|
||||
want-=(len-off);
|
||||
if (want > INT_MAX /* BIO_read takes an int length */ ||
|
||||
len+want < len)
|
||||
@@ -237,24 +240,38 @@ static int asn1_d2i_read_bio(BIO *in, BU
|
||||
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
- if (!BUF_MEM_grow_clean(b,len+want))
|
||||
- {
|
||||
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
|
||||
- goto err;
|
||||
- }
|
||||
while (want > 0)
|
||||
{
|
||||
- i=BIO_read(in,&(b->data[len]),want);
|
||||
- if (i <= 0)
|
||||
+ /*
|
||||
+ * Read content in chunks of increasing size
|
||||
+ * so we can return an error for EOF without
|
||||
+ * having to allocate the entire content length
|
||||
+ * in one go.
|
||||
+ */
|
||||
+ size_t chunk = want > chunk_max ? chunk_max : want;
|
||||
+
|
||||
+ if (!BUF_MEM_grow_clean(b, len + chunk))
|
||||
{
|
||||
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
- ASN1_R_NOT_ENOUGH_DATA);
|
||||
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
- /* This can't overflow because
|
||||
- * |len+want| didn't overflow. */
|
||||
- len+=i;
|
||||
- want-=i;
|
||||
+ want -= chunk;
|
||||
+ while (chunk > 0)
|
||||
+ {
|
||||
+ i = BIO_read(in, &(b->data[len]), chunk);
|
||||
+ if (i <= 0)
|
||||
+ {
|
||||
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
|
||||
+ ASN1_R_NOT_ENOUGH_DATA);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ /* This can't overflow because
|
||||
+ * |len+want| didn't overflow. */
|
||||
+ len += i;
|
||||
+ chunk -= i;
|
||||
+ }
|
||||
+ if (chunk_max < INT_MAX/2)
|
||||
+ chunk_max *= 2;
|
||||
}
|
||||
}
|
||||
if (off + c.slen < off)
|
19
openssl.spec
19
openssl.spec
@ -23,7 +23,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1k
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -111,6 +111,11 @@ Patch117: openssl-1.0.1k-cve-2016-0702.patch
|
||||
Patch118: openssl-1.0.1e-cve-2016-0705.patch
|
||||
Patch119: openssl-1.0.1e-cve-2016-0797.patch
|
||||
Patch120: openssl-1.0.1k-cve-2016-0799.patch
|
||||
Patch121: openssl-1.0.1e-cve-2016-2105.patch
|
||||
Patch122: openssl-1.0.1e-cve-2016-2106.patch
|
||||
Patch123: openssl-1.0.1e-cve-2016-2107.patch
|
||||
Patch124: openssl-1.0.1e-cve-2016-2108.patch
|
||||
Patch125: openssl-1.0.1e-cve-2016-2109.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -255,6 +260,11 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
%patch118 -p1 -b .dsa-doublefree
|
||||
%patch119 -p1 -b .bn-hex
|
||||
%patch120 -p1 -b .bio-printf
|
||||
%patch121 -p1 -b .b64-overflow
|
||||
%patch122 -p1 -b .enc-overflow
|
||||
%patch123 -p1 -b .padding-check
|
||||
%patch124 -p1 -b .asn1-negative
|
||||
%patch125 -p1 -b .asn1-bio-dos
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
@ -527,6 +537,13 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue May 3 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-15
|
||||
- fix CVE-2016-2105 - possible overflow in base64 encoding
|
||||
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
|
||||
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
|
||||
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
|
||||
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
|
||||
|
||||
* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-14
|
||||
- fix CVE-2016-0702 - side channel attack on modular exponentiation
|
||||
- fix CVE-2016-0705 - double-free in DSA private key parsing
|
||||
|
Loading…
Reference in New Issue
Block a user