~ubuntu-branches/ubuntu/lucid/openssl/lucid-security
» Revision
60
: debian/patches/CVE-2014-8275.patch
« back to all changes in this revision
Viewing changes to debian/patches/CVE-2014-8275.patch
- browse files at revision 60
- compare with another revision
- compare with revision 49
- download diff
- download tarball
- view history from revision 60
- Committer: Package Import Robot
- Author(s): Marc Deslauriers
- Date: 2015-01-09 11:16:50 UTC
- Revision ID: package-import@ubuntu.com-20150109111650-y2372iikqlq6prj3
Tags: 0.9.8k-7ubuntu8.23
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
added
removed
debian/patches/CVE-2014-8275.patch
1
Description: fix certificate fingerprints can be modified
2
Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fae32f6d69baf27ef69d92499c59c8a3277f3e3
3
Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c22e2dd6e52899926d1f1ee3a2b5b9570d03130f
4
Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63f3c9e715955f0cdc83698d8a3dfb1b80064407
5
Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ec2fede9467ae1a65f452d3a39f7fbc4891d9285
6
Origin: upstream, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=11f719da38c5e9aa509aa518d11f71355cca7cd1
7
8
Index: openssl-0.9.8k/crypto/asn1/a_bitstr.c
9
===================================================================
10
--- openssl-0.9.8k.orig/crypto/asn1/a_bitstr.c 2005-07-26 16:55:14.000000000 -0400
11
+++ openssl-0.9.8k/crypto/asn1/a_bitstr.c 2015-01-09 11:15:00.750799141 -0500
12
@@ -136,11 +136,16 @@
13
14
p= *pp;
15
i= *(p++);
16
+ if (i > 7)
17
+ {
18
+ i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
19
+ goto err;
20
+ }
21
/* We do this to preserve the settings. If we modify
22
* the settings, via the _set_bit function, we will recalculate
23
* on output */
24
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
25
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
26
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
27
28
if (len-- > 1) /* using one because of the bits left byte */
29
{
30
Index: openssl-0.9.8k/crypto/asn1/a_type.c
31
===================================================================
32
--- openssl-0.9.8k.orig/crypto/asn1/a_type.c 2008-04-02 07:11:49.000000000 -0400
33
+++ openssl-0.9.8k/crypto/asn1/a_type.c 2015-01-09 11:15:03.838826187 -0500
34
@@ -108,3 +108,49 @@
35
36
IMPLEMENT_STACK_OF(ASN1_TYPE)
37
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
38
+
39
+/* Returns 0 if they are equal, != 0 otherwise. */
40
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
41
+ {
42
+ int result = -1;
43
+
44
+ if (!a || !b || a->type != b->type) return -1;
45
+
46
+ switch (a->type)
47
+ {
48
+ case V_ASN1_OBJECT:
49
+ result = OBJ_cmp(a->value.object, b->value.object);
50
+ break;
51
+ case V_ASN1_NULL:
52
+ result = 0; /* They do not have content. */
53
+ break;
54
+ case V_ASN1_INTEGER:
55
+ case V_ASN1_NEG_INTEGER:
56
+ case V_ASN1_ENUMERATED:
57
+ case V_ASN1_NEG_ENUMERATED:
58
+ case V_ASN1_BIT_STRING:
59
+ case V_ASN1_OCTET_STRING:
60
+ case V_ASN1_SEQUENCE:
61
+ case V_ASN1_SET:
62
+ case V_ASN1_NUMERICSTRING:
63
+ case V_ASN1_PRINTABLESTRING:
64
+ case V_ASN1_T61STRING:
65
+ case V_ASN1_VIDEOTEXSTRING:
66
+ case V_ASN1_IA5STRING:
67
+ case V_ASN1_UTCTIME:
68
+ case V_ASN1_GENERALIZEDTIME:
69
+ case V_ASN1_GRAPHICSTRING:
70
+ case V_ASN1_VISIBLESTRING:
71
+ case V_ASN1_GENERALSTRING:
72
+ case V_ASN1_UNIVERSALSTRING:
73
+ case V_ASN1_BMPSTRING:
74
+ case V_ASN1_UTF8STRING:
75
+ case V_ASN1_OTHER:
76
+ default:
77
+ result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
78
+ (ASN1_STRING *) b->value.ptr);
79
+ break;
80
+ }
81
+
82
+ return result;
83
+ }
84
Index: openssl-0.9.8k/crypto/asn1/a_verify.c
85
===================================================================
86
--- openssl-0.9.8k.orig/crypto/asn1/a_verify.c 2015-01-09 11:14:39.090609251 -0500
87
+++ openssl-0.9.8k/crypto/asn1/a_verify.c 2015-01-09 11:16:02.095335115 -0500
88
@@ -89,6 +89,12 @@
89
ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
90
goto err;
91
}
92
+
93
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
94
+ {
95
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
96
+ goto err;
97
+ }
98
99
inl=i2d(data,NULL);
100
buf_in=OPENSSL_malloc((unsigned int)inl);
101
@@ -144,6 +150,12 @@
102
return -1;
103
}
104
105
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
106
+ {
107
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
108
+ return -1;
109
+ }
110
+
111
EVP_MD_CTX_init(&ctx);
112
i=OBJ_obj2nid(a->algorithm);
113
type=EVP_get_digestbyname(OBJ_nid2sn(i));
114
Index: openssl-0.9.8k/crypto/asn1/asn1.h
115
===================================================================
116
--- openssl-0.9.8k.orig/crypto/asn1/asn1.h 2015-01-09 11:14:39.234610514 -0500
117
+++ openssl-0.9.8k/crypto/asn1/asn1.h 2015-01-09 11:15:03.838826187 -0500
118
@@ -767,6 +767,7 @@
119
int ASN1_TYPE_get(ASN1_TYPE *a);
120
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
121
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
122
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
123
124
ASN1_OBJECT * ASN1_OBJECT_new(void );
125
void ASN1_OBJECT_free(ASN1_OBJECT *a);
126
@@ -1258,6 +1259,7 @@
127
#define ASN1_R_ILLEGAL_TIME_VALUE 184
128
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
129
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
130
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
131
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
132
#define ASN1_R_INVALID_DIGIT 130
133
#define ASN1_R_INVALID_MIME_TYPE 200
134
Index: openssl-0.9.8k/crypto/asn1/asn1_err.c
135
===================================================================
136
--- openssl-0.9.8k.orig/crypto/asn1/asn1_err.c 2015-01-09 11:14:39.234610514 -0500
137
+++ openssl-0.9.8k/crypto/asn1/asn1_err.c 2015-01-09 11:15:00.750799141 -0500
138
@@ -235,6 +235,7 @@
139
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
140
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
141
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
142
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
143
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
144
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
145
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
146
Index: openssl-0.9.8k/crypto/asn1/x_algor.c
147
===================================================================
148
--- openssl-0.9.8k.orig/crypto/asn1/x_algor.c 2008-11-05 13:36:39.000000000 -0500
149
+++ openssl-0.9.8k/crypto/asn1/x_algor.c 2015-01-09 11:15:03.838826187 -0500
150
@@ -128,3 +128,13 @@
151
}
152
}
153
154
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
155
+ {
156
+ int rv;
157
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
158
+ if (rv)
159
+ return rv;
160
+ if (!a->parameter && !b->parameter)
161
+ return 0;
162
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
163
+ }
164
Index: openssl-0.9.8k/crypto/dsa/dsa_asn1.c
165
===================================================================
166
--- openssl-0.9.8k.orig/crypto/dsa/dsa_asn1.c 2008-11-05 13:36:42.000000000 -0500
167
+++ openssl-0.9.8k/crypto/dsa/dsa_asn1.c 2015-01-09 11:15:53.619261216 -0500
168
@@ -198,7 +198,11 @@
169
const unsigned char *sigbuf, int siglen, DSA *dsa)
170
{
171
DSA_SIG *s;
172
+ const unsigned char *p = sigbuf;
173
+ unsigned char *der = NULL;
174
+ int derlen = -1;
175
int ret=-1;
176
+
177
#ifdef OPENSSL_FIPS
178
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
179
{
180
@@ -209,10 +213,18 @@
181
182
s = DSA_SIG_new();
183
if (s == NULL) return(ret);
184
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
185
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
186
+ /* Ensure signature uses DER and doesn't have trailing garbage */
187
+ derlen = i2d_DSA_SIG(s, &der);
188
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
189
+ goto err;
190
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
191
err:
192
+ if (derlen > 0)
193
+ {
194
+ OPENSSL_cleanse(der, derlen);
195
+ OPENSSL_free(der);
196
+ }
197
DSA_SIG_free(s);
198
return(ret);
199
}
200
-
201
Index: openssl-0.9.8k/crypto/ecdsa/ecs_vrf.c
202
===================================================================
203
--- openssl-0.9.8k.orig/crypto/ecdsa/ecs_vrf.c 2005-04-29 11:56:06.000000000 -0400
204
+++ openssl-0.9.8k/crypto/ecdsa/ecs_vrf.c 2015-01-09 11:15:53.619261216 -0500
205
@@ -57,6 +57,7 @@
206
*/
207
208
#include "ecs_locl.h"
209
+#include "cryptlib.h"
210
#ifndef OPENSSL_NO_ENGINE
211
#include <openssl/engine.h>
212
#endif
213
@@ -84,13 +85,25 @@
214
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
215
{
216
ECDSA_SIG *s;
217
+ const unsigned char *p = sigbuf;
218
+ unsigned char *der = NULL;
219
+ int derlen = -1;
220
int ret=-1;
221
222
s = ECDSA_SIG_new();
223
if (s == NULL) return(ret);
224
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
225
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
226
+ /* Ensure signature uses DER and doesn't have trailing garbage */
227
+ derlen = i2d_ECDSA_SIG(s, &der);
228
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
229
+ goto err;
230
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
231
err:
232
+ if (derlen > 0)
233
+ {
234
+ OPENSSL_cleanse(der, derlen);
235
+ OPENSSL_free(der);
236
+ }
237
ECDSA_SIG_free(s);
238
return(ret);
239
}
240
Index: openssl-0.9.8k/crypto/x509/x509.h
241
===================================================================
242
--- openssl-0.9.8k.orig/crypto/x509/x509.h 2008-04-02 07:11:50.000000000 -0400
243
+++ openssl-0.9.8k/crypto/x509/x509.h 2015-01-09 11:15:03.838826187 -0500
244
@@ -868,6 +868,7 @@
245
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
246
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
247
X509_ALGOR *algor);
248
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
249
250
X509_NAME *X509_NAME_dup(X509_NAME *xn);
251
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
252
Index: openssl-0.9.8k/crypto/x509/x_all.c
253
===================================================================
254
--- openssl-0.9.8k.orig/crypto/x509/x_all.c 2005-07-16 07:13:08.000000000 -0400
255
+++ openssl-0.9.8k/crypto/x509/x_all.c 2015-01-09 11:15:53.623261252 -0500
256
@@ -73,6 +73,8 @@
257
258
int X509_verify(X509 *a, EVP_PKEY *r)
259
{
260
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
261
+ return 0;
262
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
263
a->signature,a->cert_info,r));
264
}
265
Index: openssl-0.9.8k/util/libeay.num
266
===================================================================
267
--- openssl-0.9.8k.orig/util/libeay.num 2015-01-09 11:14:39.110609426 -0500
268
+++ openssl-0.9.8k/util/libeay.num 2015-01-09 11:15:38.775131678 -0500
269
@@ -1807,6 +1807,7 @@
270
X509_REQ_digest 2362 EXIST::FUNCTION:EVP
271
X509_CRL_digest 2391 EXIST::FUNCTION:EVP
272
d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
273
+X509_ALGOR_cmp 2398 EXIST::FUNCTION:
274
EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
275
EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
276
BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
277
@@ -3727,3 +3728,4 @@
278
ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE
279
JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE
280
ENGINE_load_aesni 4117 EXIST::FUNCTION:ENGINE
281
+ASN1_TYPE_cmp 4428 EXIST::FUNCTION:
Loggerhead is a web-based interface for Breezy
Version: 2.0.1