The branch OpenSSL_1_0_1-stable has been updated via d82626caec9cb3f8da346125434f17eb180d4ef1 (commit) via 55615e8d48a4ddd684fcbfc7ba6523ed6414c8fc (commit) via 56edb20184ac7ea5fec1636a4cae3b8ba5c0d5d1 (commit) via ac3dd9b7e6e2182ae3d1a8dc6c522cef9385f511 (commit) via d8541d7e9e63bf5f343af24644046c8d96498c17 (commit) via b29ffa392e839d05171206523e84909146f7a77c (commit) from 005f4893dc770d77eb07a098da32e0fca87f07b6 (commit)
- Log ----------------------------------------------------------------- commit d82626caec9cb3f8da346125434f17eb180d4ef1 Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 14:51:13 2015 +0000 Prepare for 1.0.1r-dev Reviewed-by: Richard Levitte <levi...@openssl.org> commit 55615e8d48a4ddd684fcbfc7ba6523ed6414c8fc Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 14:50:26 2015 +0000 Prepare for 1.0.1q release Reviewed-by: Richard Levitte <levi...@openssl.org> commit 56edb20184ac7ea5fec1636a4cae3b8ba5c0d5d1 Author: Matt Caswell <m...@openssl.org> Date: Thu Dec 3 14:50:26 2015 +0000 make update Reviewed-by: Richard Levitte <levi...@openssl.org> commit ac3dd9b7e6e2182ae3d1a8dc6c522cef9385f511 Author: Matt Caswell <m...@openssl.org> Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Richard Levitte <levi...@openssl.org> commit d8541d7e9e63bf5f343af24644046c8d96498c17 Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Oct 2 13:10:29 2015 +0100 Add PSS parameter check. Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Matt Caswell <m...@openssl.org> commit b29ffa392e839d05171206523e84909146f7a77c Author: Dr. Stephen Henson <st...@openssl.org> Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: CHANGES | 47 ++++++++++++++++++++++++++++++++++++++++++----- NEWS | 11 ++++++++++- README | 2 +- crypto/asn1/tasn_dec.c | 7 +++++-- crypto/opensslv.h | 6 +++--- crypto/rsa/rsa_ameth.c | 2 +- openssl.spec | 2 +- test/Makefile | 7 ++++--- 8 files changed, 67 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 178d010..915b1f6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,38 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1p and 1.0.1q [xx XXX xxxx] + Changes between 1.0.1q and 1.0.1r [xx XXX xxxx] + + *) + + Changes between 1.0.1p and 1.0.1q [3 Dec 2015] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, @@ -14,9 +45,6 @@ return an error [Rich Salz and Ismo Puustinen <ismo.puusti...@intel.com>] - *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites - from RFC4279, RFC4785, RFC5487, RFC5489. - Changes between 1.0.1o and 1.0.1p [9 Jul 2015] *) Alternate chains certificate forgery @@ -30,10 +58,19 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] - Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + *) Race condition handling PSK identify hint + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. diff --git a/NEWS b/NEWS index ea0c716..e712f14 100644 --- a/NEWS +++ b/NEWS @@ -5,13 +5,22 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [under development] + Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [under development] o + Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] + + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] diff --git a/README b/README index edf5138..ad7a748 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1q-dev + OpenSSL 1.0.1r-dev Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index febf605..9256049 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 78eef03..0bb1bc1 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10001110L +# define OPENSSL_VERSION_NUMBER 0x10001120L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 93e071d..c7f1148 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, if (pss->maskGenAlgorithm) { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) { + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length; *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); diff --git a/openssl.spec b/openssl.spec index 7ceb322..386f9f6 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1q +Version: 1.0.1r Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/test/Makefile b/test/Makefile index 522af50..0afae14 100644 --- a/test/Makefile +++ b/test/Makefile @@ -572,9 +572,10 @@ clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h +clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +clienthellotest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +clienthellotest.o: ../include/openssl/objects.h clienthellotest.o: ../include/openssl/opensslconf.h clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits