Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist also pull in patches for ol...
details: https://anonhg.NetBSD.org/src/rev/9ad65e60ca93
branches: trunk
changeset: 772483:9ad65e60ca93
user: drochner <drochner%NetBSD.org@localhost>
date: Thu Jan 05 18:59:51 2012 +0000
description:
also pull in patches for older security problems (secadv_20110906.txt):
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
diffstat:
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 4 +++
crypto/external/bsd/openssl/dist/ssl/d1_srvr.c | 3 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 6 ++++
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 22 +++++++++++-----
4 files changed, 26 insertions(+), 9 deletions(-)
diffs (130 lines):
diff -r 562bbb088436 -r 9ad65e60ca93 crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
--- a/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Thu Jan 05 18:11:50 2012 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Thu Jan 05 18:59:51 2012 +0000
@@ -703,6 +703,7 @@
x = sk_X509_value(ctx->chain, cnum);
ctx->current_cert = x;
ctx->current_issuer = NULL;
+ ctx->current_crl_score = 0;
ctx->current_reasons = 0;
while (ctx->current_reasons != CRLDP_ALL_REASONS)
{
@@ -2015,6 +2016,9 @@
ctx->error_depth=0;
ctx->current_cert=NULL;
ctx->current_issuer=NULL;
+ ctx->current_crl=NULL;
+ ctx->current_crl_score=0;
+ ctx->current_reasons=0;
ctx->tree = NULL;
ctx->parent = NULL;
diff -r 562bbb088436 -r 9ad65e60ca93 crypto/external/bsd/openssl/dist/ssl/d1_srvr.c
--- a/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c Thu Jan 05 18:11:50 2012 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/d1_srvr.c Thu Jan 05 18:59:51 2012 +0000
@@ -1024,12 +1024,11 @@
SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- if (!EC_KEY_up_ref(ecdhp))
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- ecdh = ecdhp;
s->s3->tmp.ecdh=ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
diff -r 562bbb088436 -r 9ad65e60ca93 crypto/external/bsd/openssl/dist/ssl/s3_lib.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Thu Jan 05 18:11:50 2012 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Thu Jan 05 18:59:51 2012 +0000
@@ -2563,11 +2563,17 @@
}
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
+ {
DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
#endif
#ifndef OPENSSL_NO_ECDH
if (s->s3->tmp.ecdh != NULL)
+ {
EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
#endif
rp = s->s3->rbuf.buf;
diff -r 562bbb088436 -r 9ad65e60ca93 crypto/external/bsd/openssl/dist/ssl/s3_srvr.c
--- a/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jan 05 18:11:50 2012 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/s3_srvr.c Thu Jan 05 18:59:51 2012 +0000
@@ -858,9 +858,7 @@
if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
{
/* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.)
- * I hope that tmp.dh is the only thing that may need to be cleared
- * when a handshake is not completed ... */
+ * which will now be aborted. (A full SSL_clear would be too much.) */
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
{
@@ -868,6 +866,13 @@
s->s3->tmp.dh = NULL;
}
#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
return 2;
}
@@ -1590,7 +1595,6 @@
if (s->s3->tmp.dh != NULL)
{
- DH_free(dh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1651,7 +1655,6 @@
if (s->s3->tmp.ecdh != NULL)
{
- EC_KEY_free(s->s3->tmp.ecdh);
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
}
@@ -1662,12 +1665,11 @@
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- if (!EC_KEY_up_ref(ecdhp))
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
goto err;
}
- ecdh = ecdhp;
s->s3->tmp.ecdh=ecdh;
if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2579,6 +2581,12 @@
/* Get encoded point length */
i = *p;
p += 1;
+ if (n != 1 + i)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
if (EC_POINT_oct2point(group,
clnt_ecpoint, p, i, bn_ctx) == 0)
{
Home |
Main Index |
Thread Index |
Old Index