The branch OpenSSL_1_0_0-stable has been updated
via f93aad4a56a1580a109785c2c922fe6b8baf7df9 (commit)
via ce052c8437fb97cbc57f034fa94b5bcd749dbf52 (commit)
via a402b2b7bcff8d6901aa771e49c45cf38836e7bf (commit)
via d275dbe6eb7b720b8920f712eea79044f845a4bb (commit)
via cf432b3b1bd7caa22943b41b94ec2472ae497dc6 (commit)
from 015b17257855e31003eb29a70280764c3c822710 (commit)
- Log -----------------------------------------------------------------
commit f93aad4a56a1580a109785c2c922fe6b8baf7df9
Author: Matt Caswell <m...@openssl.org>
Date: Thu Dec 3 14:57:35 2015 +0000
Prepare for 1.0.0u-dev
Reviewed-by: Richard Levitte <levi...@openssl.org>
commit ce052c8437fb97cbc57f034fa94b5bcd749dbf52
Author: Matt Caswell <m...@openssl.org>
Date: Thu Dec 3 14:56:22 2015 +0000
Prepare for 1.0.0t release
Reviewed-by: Richard Levitte <levi...@openssl.org>
commit a402b2b7bcff8d6901aa771e49c45cf38836e7bf
Author: Matt Caswell <m...@openssl.org>
Date: Tue Dec 1 14:39:47 2015 +0000
Update CHANGES and NEWS
Update the CHANGES and NEWS files for the new release.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit d275dbe6eb7b720b8920f712eea79044f845a4bb
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Feb 23 12:57:50 2015 +0000
Free up passed ASN.1 structure if reused.
Change the "reuse" behaviour in ASN1_item_d2i: if successful the old
structure is freed and a pointer to the new one used. If it is not
successful then the passed structure is untouched.
Exception made for primitive types so ssl_asn1.c still works.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
Conflicts:
doc/crypto/d2i_X509.pod
commit cf432b3b1bd7caa22943b41b94ec2472ae497dc6
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue Nov 10 19:03:07 2015 +0000
Fix leak with ASN.1 combine.
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.
This can leak memory in any application parsing PKCS#7 or CMS structures.
CVE-2015-3195.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
PR#4131
Reviewed-by: Richard Levitte <levi...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 25 ++++++++++++++++++++++++-
NEWS | 7 ++++++-
README | 2 +-
crypto/asn1/tasn_dec.c | 21 +++++++++++++++------
crypto/opensslv.h | 6 +++---
doc/crypto/d2i_X509.pod | 10 +++++++++-
openssl.spec | 2 +-
7 files changed, 59 insertions(+), 14 deletions(-)
diff --git a/CHANGES b/CHANGES
index ccf2c03..9cea9e6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,33 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.0s and 1.0.0t [xx XXX xxxx]
+ Changes between 1.0.0t and 1.0.0u [xx XXX xxxx]
*)
+ Changes between 1.0.0s and 1.0.0t [3 Dec 2015]
+
+ *) X509_ATTRIBUTE memory leak
+
+ When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+ memory. This structure is used by the PKCS#7 and CMS routines so any
+ application which reads PKCS#7 or CMS data from untrusted sources is
+ affected. SSL/TLS is not affected.
+
+ This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL)
using
+ libFuzzer.
+ (CVE-2015-3195)
+ [Stephen Henson]
+
+ *) Race condition handling PSK identify hint
+
+ If PSK identity hints are received by a multi-threaded client then
+ the values are wrongly updated in the parent SSL_CTX structure. This can
+ result in a race condition potentially leading to a double free of the
+ identify hint data.
+ (CVE-2015-3196)
+ [Stephen Henson]
+
Changes between 1.0.0r and 1.0.0s [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
diff --git a/NEWS b/NEWS
index 99ba960..d688d4b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [under development]
+ Major changes between OpenSSL 1.0.0t and OpenSSL 1.0.0u [under development]
o
+ Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015]
+
+ o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+ o Race condition handling PSK identify hint (CVE-2015-3196)
+
Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015]
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
diff --git a/README b/README
index 1a70b7f..f2f62b0 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.0t-dev
+ OpenSSL 1.0.0u-dev
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7fd336a..f56eb4c 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -140,11 +140,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
{
ASN1_TLC c;
ASN1_VALUE *ptmpval = NULL;
- if (!pval)
- pval = &ptmpval;
asn1_tlc_clear_nc(&c);
- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
- return *pval;
+ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+ ptmpval = *pval;
+ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
+ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
+ if (*pval)
+ ASN1_item_free(*pval, it);
+ *pval = ptmpval;
+ }
+ return ptmpval;
+ }
return NULL;
}
@@ -180,6 +186,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char
**in, long len,
int otag;
int ret = 0;
ASN1_VALUE **pchptr, *ptmpval;
+ int combine = aclass & ASN1_TFLG_COMBINE;
+ aclass &= ~ASN1_TFLG_COMBINE;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -500,7 +508,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char
**in, long len,
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
err:
- ASN1_item_ex_free(pval, it);
+ if (combine == 0)
+ ASN1_item_ex_free(pval, it);
if (errtt)
ERR_add_error_data(4, "Field=", errtt->field_name,
", Type=", it->sname);
@@ -689,7 +698,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} else {
/* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx);
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 5f79fb0..3f7c741 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -26,11 +26,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x10000140L
+# define OPENSSL_VERSION_NUMBER 0x10000150L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-dev xx XXX xxxx"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 298ec54..6fed4b1 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused
structure may
persist if they are not present in the new one. As a result the use
of this "reuse" behaviour is strongly discouraged.
+Current versions of OpenSSL will not modify B<*px> if an error occurs.
+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
+set to the value of the newly decoded structure. As a result B<*px>
+B<must not> be allocated on the stack or an attempt will be made to
+free an invalid pointer.
+
i2d_X509() will not return an error in many versions of OpenSSL,
if mandatory fields are not initialized due to a programming error
then the encoded structure may contain invalid data or omit the
@@ -210,7 +216,9 @@ always succeed.
d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
+with a valid X509 structure being passed in via B<px> then the object is not
+modified in the event of error.
i2d_X509() returns the number of bytes successfully encoded or a negative
value if an error occurs. The error code can be obtained by
diff --git a/openssl.spec b/openssl.spec
index e282aca..a45c687 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.0t
+Version: 1.0.0u
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
