Hello community, here is the log from the commit of package openssl for openSUSE:Factory checked in at 2013-12-23 22:16:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl (Old) and /work/SRC/openSUSE:Factory/.openssl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl" Changes: -------- --- /work/SRC/openSUSE:Factory/openssl/openssl.changes 2013-12-19 13:34:53.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openssl.new/openssl.changes 2013-12-23 22:16:57.000000000 +0100 @@ -1,0 +2,6 @@ +Sun Dec 22 08:10:55 UTC 2013 - [email protected] + +- Fixed bnc#856687, openssl: crash when using TLS 1.2 + Add file: CVE-2013-6449.patch + +------------------------------------------------------------------- New: ---- CVE-2013-6449.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.cq8NAA/_old 2013-12-23 22:16:58.000000000 +0100 +++ /var/tmp/diff_new_pack.cq8NAA/_new 2013-12-23 22:16:58.000000000 +0100 @@ -63,6 +63,7 @@ Patch15: openssl-1.0.1e-fips.patch Patch16: openssl-1.0.1e-fips-ec.patch Patch17: openssl-1.0.1e-fips-ctor.patch +Patch18: CVE-2013-6449.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -169,6 +170,7 @@ %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 cp -p %{S:10} . cp -p %{S:11} . ++++++ CVE-2013-6449.patch ++++++ Index: openssl-1.0.1e/ssl/s3_lib.c =================================================================== --- openssl-1.0.1e.orig/ssl/s3_lib.c +++ openssl-1.0.1e/ssl/s3_lib.c @@ -4274,7 +4274,7 @@ need to go to SSL_ST_ACCEPT. long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (TLS1_get_version(s) >= TLS1_2_VERSION && + if (s->method->version == TLS1_2_VERSION && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; Index: openssl-1.0.1e/ssl/s3_both.c =================================================================== --- openssl-1.0.1e.orig/ssl/s3_both.c +++ openssl-1.0.1e/ssl/s3_both.c @@ -161,6 +161,10 @@ int ssl3_send_finished(SSL *s, int a, in i=s->method->ssl3_enc->final_finish_mac(s, sender,slen,s->s3->tmp.finish_md); + + if (i == 0) + return 0; + s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); p+=i; Index: openssl-1.0.1e/ssl/s3_pkt.c =================================================================== --- openssl-1.0.1e.orig/ssl/s3_pkt.c +++ openssl-1.0.1e/ssl/s3_pkt.c @@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s) slen=s->method->ssl3_enc->client_finished_label_len; } - s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + i = s->method->ssl3_enc->final_finish_mac(s, sender,slen,s->s3->tmp.peer_finish_md); + if (i == 0) + { + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); + return 0; + } + s->s3->tmp.peer_finish_md_len = i; return(1); } Index: openssl-1.0.1e/ssl/t1_enc.c =================================================================== --- openssl-1.0.1e.orig/ssl/t1_enc.c +++ openssl-1.0.1e/ssl/t1_enc.c @@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s, if (mask & ssl_get_algorithm2(s)) { int hashsize = EVP_MD_size(md); - if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) + EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; + if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) { /* internal error: 'buf' is too small for this cipersuite! */ err = 1; } else { - EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); - EVP_DigestFinal_ex(&ctx,q,&i); - if (i != (unsigned int)hashsize) /* can't really happen */ + if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || + !EVP_DigestFinal_ex(&ctx,q,&i) || + (i != (unsigned int)hashsize)) err = 1; - q+=i; + q+=hashsize; } } } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
