← Back to branch summary

~ubuntu-branches/ubuntu/saucy/openssl098/saucy-updates

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2011-1945.patch

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2012-04-24 10:06:47 UTC
  • Revision ID: package-import@ubuntu.com-20120424100647-lksz1l96u3orv36j
Tags: 0.9.8o-7ubuntu3.1
* Bring up to date with latest security patches from Ubuntu 11.04:
  * SECURITY UPDATE: ECDSA private key timing attack
  - debian/patches/CVE-2011-1945.patch: compute with fixed scalar
    length
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - debian/patches/CVE-2011-3210.patch: fix memory usage for thread
    safety
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - debian/patches/CVE-2011-4019.patch: only free domain policyin
    one location
  - CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050
* SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
  headers
  - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
    and mime_param_cmp() to not dereference the compared strings if either
    is NULL
  - CVE-2006-7250
  - CVE-2012-1165
* SECURITY UPDATE: fix various overflows
  - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
    crypto/buffer.c and crypto/mem.c to verify size of lengths
  - CVE-2012-2110
* SECURITY UPDATE: incomplete fix for CVE-2012-2110
  - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow
    and BUF_MEM_grow_clean is non-negative
  - CVE-2012-2131
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
  BUF_MEM_grow_clean()

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2011-1945.patch
 
1
Description: Fix CVE-2011-1945, timing attacks against ECDHE_ECDSA makes
 
2
 it easier to determine private keys.
 
3
Origin: http://cvs.openssl.org/chngview?cn=20892
 
4
 
 
5
Index: openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
 
6
===================================================================
 
7
--- openssl-0.9.8o.orig/crypto/ecdsa/ecs_ossl.c
 
8
+++ openssl-0.9.8o/crypto/ecdsa/ecs_ossl.c
 
9
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke
 
10
                        }
 
11
                while (BN_is_zero(k));
 
12
 
 
13
+               /* We do not want timing information to leak the length of k,
 
14
+                * so we compute G*k using an equivalent scalar of fixed
 
15
+                * bit-length. */
 
16
+
 
17
+               if (!BN_add(k, k, order)) goto err;
 
18
+               if (BN_num_bits(k) <= BN_num_bits(order))
 
19
+                       if (!BN_add(k, k, order)) goto err;
 
20
+
 
21
                /* compute r the x-coordinate of generator * k */
 
22
                if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 
23
                {