Hello community, here is the log from the commit of package compat-openssl097g for openSUSE:11.3 checked in at Thu Jul 21 20:28:52 CEST 2011.
-------- --- old-versions/11.3/all/compat-openssl097g/compat-openssl097g.changes 2010-01-27 03:00:46.000000000 +0100 +++ 11.3/compat-openssl097g/compat-openssl097g.changes 2011-07-21 08:39:42.000000000 +0200 @@ -1,0 +2,11 @@ +Thu Jul 21 04:21:44 UTC 2011 - [email protected] + +- batch sync with fixes of openssl from year 2007 to now(2011) + * openssl-cipher_selection_backport_from_sle10sp3.patch + * openssl-0.9.7d-CVE-2008-5077.patch + * openssl-CVE-2009-0590.patch + * openssl-CVE-2009-0789.patch + * openssl-CVE-2009-3555.patch + * CVE-2010-4180.patch + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/compat-openssl097g Destination is old-versions/11.3/UPDATES/all/compat-openssl097g calling whatdependson for 11.3-i586 New: ---- CVE-2010-4180.patch openssl-0.9.7d-CVE-2008-5077.patch openssl-CVE-2009-0590.patch openssl-CVE-2009-0789.patch openssl-CVE-2009-3245.patch openssl-CVE-2009-3555.patch openssl-cipher_selection_backport_from_sle10sp3.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ compat-openssl097g.spec ++++++ --- /var/tmp/diff_new_pack.hUS4uJ/_old 2011-07-21 20:27:28.000000000 +0200 +++ /var/tmp/diff_new_pack.hUS4uJ/_new 2011-07-21 20:27:28.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package compat-openssl097g (Version 0.9.7g) +# spec file for package compat-openssl097g # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ %endif # Version: 0.9.7g -Release: 149 +Release: 155.<RELEASE2> Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.openssl.org/source/openssl-%{version}.tar.bz2 @@ -58,6 +58,16 @@ Patch108: openssl-CVE-2006-4343.patch Patch109: openssl-0.9.7-CVE-2006-2940-fixup.patch Patch110: openssl-CVE-2007-5135.patch +#Patch210: batch fixes sync with openssl +Patch210: openssl-cipher_selection_backport_from_sle10sp3.patch +Patch211: openssl-0.9.7d-CVE-2008-5077.patch +Patch212: openssl-CVE-2009-0590.patch +Patch213: openssl-CVE-2009-0789.patch +Patch214: openssl-CVE-2009-3555.patch +#Patch215: openssl-CVE-2009-3555-2.patch +Patch215: openssl-CVE-2009-3245.patch +Patch216: CVE-2010-4180.patch +#Patch217: ECDSA_signatures_timing_attack.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -108,6 +118,15 @@ %patch108 -p0 %patch109 -p0 %patch110 -p1 +#%patch210 -p1 +%patch210 -p1 +%patch211 -p1 +%patch212 -p1 +%patch213 -p1 +%patch214 -p1 +%patch215 -p1 +%patch216 -p1 +#%patch217 -p1 cp -p %{S:10} . cp -p %{S:20} certs/ cp -p %{S:21} certs/ ++++++ CVE-2010-4180.patch ++++++ Index: openssl-0.9.7d/doc/ssl/SSL_CTX_set_options.pod =================================================================== --- openssl-0.9.7d.orig/doc/ssl/SSL_CTX_set_options.pod +++ openssl-0.9.7d/doc/ssl/SSL_CTX_set_options.pod @@ -63,18 +63,7 @@ this breaks this server so 16 bytes is t =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG -ssl3.netscape.com:443, first a connection is established with RC4-MD5. -If it is then resumed, we end up using DES-CBC3-SHA. It should be -RC4-MD5 according to 7.6.1.3, 'cipher_suite'. - -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. -It only really shows up when connecting via SSLv2/v3 then reconnecting -via SSLv3. The cipher list changes.... - -NEW INFORMATION. Try connecting with a cipher list of just -DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses -RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. +As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG Index: openssl-0.9.7d/ssl/s3_clnt.c =================================================================== --- openssl-0.9.7d.orig/ssl/s3_clnt.c +++ openssl-0.9.7d/ssl/s3_clnt.c @@ -705,8 +705,11 @@ static int ssl3_get_server_hello(SSL *s) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { +/* Workaround is now obsolete */ +#if 0 if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) +#endif { al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); Index: openssl-0.9.7d/ssl/s3_srvr.c =================================================================== --- openssl-0.9.7d.orig/ssl/s3_srvr.c +++ openssl-0.9.7d/ssl/s3_srvr.c @@ -775,6 +775,10 @@ static int ssl3_get_client_hello(SSL *s) } if (j == 0) { +/* Disabled because it can be used in a ciphersuite downgrade + * * attack: CVE-2010-4180. + * */ +#if 0 if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { /* Very bad for multi-threading.... */ @@ -782,6 +786,7 @@ static int ssl3_get_client_hello(SSL *s) 0); } else +#endif { /* we need to have the cipher in the cipher * list if we are asked to reuse it */ ++++++ openssl-0.9.7d-CVE-2008-5077.patch ++++++ diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/apps/speed.c openssl-0.9.7d/apps/speed.c --- openssl-0.9.7d.orig/apps/speed.c 2004-01-08 08:46:12.000000000 +0100 +++ openssl-0.9.7d/apps/speed.c 2009-01-20 16:34:55.000000000 +0100 @@ -1485,7 +1485,7 @@ int MAIN(int argc, char **argv) { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - if (ret == 0) + if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/apps/spkac.c openssl-0.9.7d/apps/spkac.c --- openssl-0.9.7d.orig/apps/spkac.c 2003-01-30 18:37:36.000000000 +0100 +++ openssl-0.9.7d/apps/spkac.c 2009-01-20 16:34:55.000000000 +0100 @@ -284,7 +284,7 @@ bad: pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if(i) BIO_printf(bio_err, "Signature OK\n"); + if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/apps/verify.c openssl-0.9.7d/apps/verify.c --- openssl-0.9.7d.orig/apps/verify.c 2003-01-30 18:37:36.000000000 +0100 +++ openssl-0.9.7d/apps/verify.c 2009-01-20 16:34:55.000000000 +0100 @@ -275,7 +275,7 @@ static int check(X509_STORE *ctx, char * ret=0; end: - if (i) + if (i > 0) { fprintf(stdout,"OK\n"); ret=1; @@ -365,4 +365,3 @@ static int MS_CALLBACK cb(int ok, X509_S ERR_clear_error(); return(ok); } - diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/apps/x509.c openssl-0.9.7d/apps/x509.c --- openssl-0.9.7d.orig/apps/x509.c 2004-03-16 14:50:18.000000000 +0100 +++ openssl-0.9.7d/apps/x509.c 2009-01-20 16:34:55.000000000 +0100 @@ -1096,7 +1096,7 @@ static int x509_certify(X509_STORE *ctx, /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); - if (!reqfile && !X509_verify_cert(&xsc)) + if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; if (!X509_check_private_key(xca,pkey)) diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/ssl/s2_clnt.c openssl-0.9.7d/ssl/s2_clnt.c --- openssl-0.9.7d.orig/ssl/s2_clnt.c 2009-01-20 16:15:47.000000000 +0100 +++ openssl-0.9.7d/ssl/s2_clnt.c 2009-01-20 16:34:55.000000000 +0100 @@ -1059,7 +1059,7 @@ int ssl2_set_certificate(SSL *s, int typ i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/ssl/s2_srvr.c openssl-0.9.7d/ssl/s2_srvr.c --- openssl-0.9.7d.orig/ssl/s2_srvr.c 2003-12-27 17:09:58.000000000 +0100 +++ openssl-0.9.7d/ssl/s2_srvr.c 2009-01-20 16:34:55.000000000 +0100 @@ -1067,7 +1067,7 @@ static int request_certificate(SSL *s) i=ssl_verify_cert_chain(s,sk); - if (i) /* we like the packet, now check the chksum */ + if (i > 0) /* we like the packet, now check the chksum */ { EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; @@ -1096,7 +1096,7 @@ static int request_certificate(SSL *s) EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); - if (i) + if (i > 0) { if (s->session->peer != NULL) X509_free(s->session->peer); diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/ssl/s3_clnt.c openssl-0.9.7d/ssl/s3_clnt.c --- openssl-0.9.7d.orig/ssl/s3_clnt.c 2003-12-27 17:09:58.000000000 +0100 +++ openssl-0.9.7d/ssl/s3_clnt.c 2009-01-20 16:34:55.000000000 +0100 @@ -831,7 +831,7 @@ static int ssl3_get_server_certificate(S } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) #ifndef OPENSSL_NO_KRB5 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) != (SSL_aKRB5|SSL_kKRB5) @@ -1195,7 +1195,7 @@ static int ssl3_get_key_exchange(SSL *s) EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/ssl/s3_srvr.c openssl-0.9.7d/ssl/s3_srvr.c --- openssl-0.9.7d.orig/ssl/s3_srvr.c 2009-01-20 16:15:47.000000000 +0100 +++ openssl-0.9.7d/ssl/s3_srvr.c 2009-01-20 16:34:55.000000000 +0100 @@ -2004,7 +2004,7 @@ static int ssl3_get_client_certificate(S else { i=ssl_verify_cert_chain(s,sk); - if (!i) + if (i <= 0) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); diff -X /tmp/work/10.3/BUILD_openssl/x -pur openssl-0.9.7d.orig/ssl/s3_srvr.c openssl-0.9.7d/ssl/s3_srvr.c --- openssl-0.9.7d.orig/ssl/ssltest.c 2009-01-20 16:15:47.000000000 +0100 +++ openssl-0.9.7d/ssl/ssltest.c 2009-01-20 16:34:55.000000000 +0100 @@ -2072,7 +2072,7 @@ static int MS_CALLBACK app_verify_callba if (cb_arg->proxy_auth) { - if (ok) + if (ok > 0) { const char *cond_end = NULL; ++++++ openssl-CVE-2009-0590.patch ++++++ Index: openssl-0.9.7g/crypto/asn1/asn1.h =================================================================== --- openssl-0.9.7g.orig/crypto/asn1/asn1.h +++ openssl-0.9.7g/crypto/asn1/asn1.h @@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_EX_C2I 204 #define ASN1_F_ASN1_GENERALIZEDTIME_SET 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 @@ -1036,6 +1037,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1094,6 +1096,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 Index: openssl-0.9.7g/crypto/asn1/asn1_err.c =================================================================== --- openssl-0.9.7g.orig/crypto/asn1/asn1_err.c +++ openssl-0.9.7g/crypto/asn1/asn1_err.c @@ -82,6 +82,7 @@ static ERR_STRING_DATA ASN1_str_functs[] {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, +{ERR_PACK(0,ASN1_F_ASN1_EX_C2I,0), "ASN1_EX_C2I"}, {ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, @@ -159,6 +160,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, {ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, {ASN1_R_BAD_TAG ,"bad tag"}, +{ASN1_R_BMPSTRING_IS_WRONG_LENGTH ,"bmpstring is wrong length"}, {ASN1_R_BN_LIB ,"bn lib"}, {ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, {ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, @@ -217,6 +219,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, {ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, +{ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH ,"universalstring is wrong length"}, {ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, {ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, Index: openssl-0.9.7g/crypto/asn1/tasn_dec.c =================================================================== --- openssl-0.9.7g.orig/crypto/asn1/tasn_dec.c +++ openssl-0.9.7g/crypto/asn1/tasn_dec.c @@ -766,6 +766,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsig case V_ASN1_SET: case V_ASN1_SEQUENCE: default: + if (utype == V_ASN1_BMPSTRING && (len & 1)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + goto err; + } + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) + { + ASN1err(ASN1_F_ASN1_EX_C2I, + ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + goto err; + } /* All based on ASN1_STRING and handled the same */ if(!*pval) { stmp = ASN1_STRING_type_new(utype); ++++++ openssl-CVE-2009-0789.patch ++++++ Index: openssl-0.9.7g/crypto/asn1/tasn_dec.c =================================================================== --- openssl-0.9.7g.orig/crypto/asn1/tasn_dec.c +++ openssl-0.9.7g/crypto/asn1/tasn_dec.c @@ -473,7 +473,6 @@ static int asn1_template_ex_d2i(ASN1_VAL err: ASN1_template_free(val, tt); - *val = NULL; return 0; } @@ -573,7 +572,6 @@ static int asn1_template_noexp_d2i(ASN1_ err: ASN1_template_free(val, tt); - *val = NULL; return 0; } ++++++ openssl-CVE-2009-3245.patch ++++++ Index: openssl-0.9.7d/crypto/engine/hw_ubsec.c =================================================================== --- openssl-0.9.7d.orig/crypto/engine/hw_ubsec.c +++ openssl-0.9.7d/crypto/engine/hw_ubsec.c @@ -924,7 +924,7 @@ static int ubsec_dh_generate_key (DH *dh priv_key = BN_new(); if (priv_key == NULL) goto err; priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); + if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err; do if (!BN_rand_range(priv_key, dh->p)) goto err; while (BN_is_zero(priv_key)); @@ -939,7 +939,7 @@ static int ubsec_dh_generate_key (DH *dh { pub_key = BN_new(); pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); + if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err; if(pub_key == NULL) goto err; } else ++++++ openssl-CVE-2009-3555.patch ++++++ Index: openssl-0.9.7g/ssl/s3_pkt.c =================================================================== --- openssl-0.9.7g.orig/ssl/s3_pkt.c +++ openssl-0.9.7g/ssl/s3_pkt.c @@ -977,6 +977,7 @@ start: if (SSL_is_init_finished(s) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && !s->s3->renegotiate) { ssl3_renegotiate(s); @@ -1109,7 +1110,8 @@ start: if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { #if 0 /* worked only because C operator preferences are not as expected (and * because this is not really needed for clients except for detecting Index: openssl-0.9.7g/ssl/s3_srvr.c =================================================================== --- openssl-0.9.7g.orig/ssl/s3_srvr.c +++ openssl-0.9.7g/ssl/s3_srvr.c @@ -654,6 +654,14 @@ static int ssl3_get_client_hello(SSL *s) SSL_COMP *comp=NULL; STACK_OF(SSL_CIPHER) *ciphers=NULL; + if (s->new_session + && !(s->s3->flags&SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) + { + al=SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto f_err; + } + /* We do this so that we will respond with our native type. * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, * This down switching should be handled by a different method. Index: openssl-0.9.7g/ssl/ssl.h =================================================================== --- openssl-0.9.7g.orig/ssl/ssl.h +++ openssl-0.9.7g/ssl/ssl.h @@ -1739,6 +1739,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 #define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 318 #define SSL_R_NO_SHARED_CIPHER 193 #define SSL_R_NO_VERIFY_CALLBACK 194 #define SSL_R_NULL_SSL_CTX 195 Index: openssl-0.9.7g/ssl/ssl3.h =================================================================== --- openssl-0.9.7g.orig/ssl/ssl3.h +++ openssl-0.9.7g/ssl/ssl3.h @@ -309,10 +309,11 @@ typedef struct ssl3_buffer_st #define SSL3_CT_FORTEZZA_DMS 20 #define SSL3_CT_NUMBER 7 -#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 -#define SSL3_FLAGS_POP_BUFFER 0x0004 -#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +#define SSL3_FLAGS_POP_BUFFER 0x0004 +#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 typedef struct ssl3_state_st { Index: openssl-0.9.7g/ssl/ssl_err.c =================================================================== --- openssl-0.9.7g.orig/ssl/ssl_err.c +++ openssl-0.9.7g/ssl/ssl_err.c @@ -330,6 +330,7 @@ static ERR_STRING_DATA SSL_str_reasons[] {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, {SSL_R_NO_PUBLICKEY ,"no publickey"}, +{SSL_R_NO_RENEGOTIATION ,"no renegotiation"}, {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, {SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, {SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, ++++++ openssl-cipher_selection_backport_from_sle10sp3.patch ++++++ Index: openssl-0.9.7g/ssl/ssl_ciph.c =================================================================== --- openssl-0.9.7g.orig/ssl/ssl_ciph.c +++ openssl-0.9.7g/ssl/ssl_ciph.c @@ -305,9 +305,18 @@ static void ll_append_tail(CIPHER_ORDER *tail=curr; } -static unsigned long ssl_cipher_get_disabled(void) - { +struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, + * where 128-bit and 256-bit algorithms simply will get + * separate bits. */ + unsigned long mask; /* everything except m256 */ + unsigned long m256; /* applies to 256-bit algorithms only */ +}; + +struct disabled_masks ssl_cipher_get_disabled(void) +{ unsigned long mask; + unsigned long m256; + struct disabled_masks ret; mask = SSL_kFZA; #ifdef OPENSSL_NO_RSA @@ -333,17 +342,24 @@ static unsigned long ssl_cipher_get_disa mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; - mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; - return(mask); + /* finally consider algorithms where mask and m256 differ */ + m256 = mask; + mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; + m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0; + + ret.mask = mask; + ret.m256 = m256; + return ret; } static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, - int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list, - CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) + int num_of_ciphers, unsigned long mask, unsigned long m256, + CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, + CIPHER_ORDER **tail_p) { int i, co_list_num; SSL_CIPHER *c; @@ -360,12 +376,13 @@ static void ssl_cipher_collect_ciphers(c for (i = 0; i < num_of_ciphers; i++) { c = ssl_method->get_cipher(i); +#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) /* drop those that use any of that is not available */ #ifdef OPENSSL_FIPS - if ((c != NULL) && c->valid && !(c->algorithms & mask) + if ((c != NULL) && c->valid && !IS_MASKED(c) && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) #else - if ((c != NULL) && c->valid && !(c->algorithms & mask)) + if ((c != NULL) && c->valid && !IS_MASKED(c)) #endif { co_list[co_list_num].cipher = c; @@ -440,7 +457,8 @@ static void ssl_cipher_collect_aliases(S *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, +static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, + unsigned long algorithms, unsigned long mask, unsigned long algo_strength, unsigned long mask_strength, int rule, int strength_bits, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) @@ -466,11 +484,21 @@ static void ssl_cipher_apply_rule(unsign cp = curr->cipher; + /* If explicit cipher suite, match only that one for its own protocol version. + * Usual selection criteria will be used for similar ciphersuites from other version! */ + + if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) + { + if (cp->id != cipher_id) + continue; + } + + /* * Selection criteria is either the number of strength_bits * or the algorithm used. */ - if (strength_bits == -1) + else if (strength_bits == -1) { ma = mask & cp->algorithms; ma_s = mask_strength & cp->algo_strength; @@ -583,7 +611,7 @@ static int ssl_cipher_strength_sort(CIPH */ for (i = max_strength_bits; i >= 0; i--) if (number_uses[i] > 0) - ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, + ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, co_list, head_p, tail_p); OPENSSL_free(number_uses); @@ -597,6 +625,7 @@ static int ssl_cipher_process_rulestr(co unsigned long algorithms, mask, algo_strength, mask_strength; const char *l, *start, *buf; int j, multi, found, rule, retval, ok, buflen; + unsigned long cipher_id = 0, ssl_version = 0; char ch; retval = 1; @@ -686,6 +715,8 @@ static int ssl_cipher_process_rulestr(co * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; + cipher_id = 0; + ssl_version = 0; while (ca_list[j]) { if (!strncmp(buf, ca_list[j]->name, buflen) && @@ -704,6 +735,13 @@ static int ssl_cipher_process_rulestr(co mask |= ca_list[j]->mask; algo_strength |= ca_list[j]->algo_strength; mask_strength |= ca_list[j]->mask_strength; + /* explicit ciphersuite found */ + if (ca_list[j]->valid) + { + cipher_id = ca_list[j]->id; + ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK; + break; + } if (!multi) break; } @@ -729,18 +767,18 @@ static int ssl_cipher_process_rulestr(co * rest of the command, if any left, until * end or ':' is found. */ - while ((*l != '\0') && ITEM_SEP(*l)) + while ((*l != '\0') && !ITEM_SEP(*l)) l++; } else if (found) { - ssl_cipher_apply_rule(algorithms, mask, + ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, algo_strength, mask_strength, rule, -1, co_list, head_p, tail_p); } else { - while ((*l != '\0') && ITEM_SEP(*l)) + while ((*l != '\0') && !ITEM_SEP(*l)) l++; } if (*l == '\0') break; /* done */ @@ -756,6 +794,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; unsigned long disabled_mask; + unsigned long disabled_m256; STACK_OF(SSL_CIPHER) *cipherstack; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; @@ -777,7 +816,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * To reduce the work to do we only want to process the compiled * in algorithms, so we first get the mask of disabled ciphers. */ - disabled_mask = ssl_cipher_get_disabled(); + { + struct disabled_masks d; + d = ssl_cipher_get_disabled(); + disabled_mask = d.mask; + disabled_m256 = d.m256; + } /* * Now we have to collect the available ciphers from the compiled @@ -796,7 +840,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, - co_list, &head, &tail); + disabled_m256, co_list, &head, &tail); /* * We also need cipher aliases for selecting based on the rule_str. @@ -816,9 +860,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); return(NULL); /* Failure */ } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, - head); + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + (disabled_mask & disabled_m256), head); /* * If the rule_string begins with DEFAULT, apply the default rule * before using the (possibly available) additional rules. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
