Author: glen Date: Tue May 25 15:04:05 2010 GMT Module: packages Tag: AC-branch ---- Log message: - add cve-2007-5135, cve-2008-5077, cve-2009-2409, cve-2009-3555 fixes from rhel - cve-2009-3555 needs more work
---- Files affected: packages/openssl: openssl.spec (1.146.2.3.2.10 -> 1.146.2.3.2.11) , openssl-0.9.7a-cve-2008-5077.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.7a-cve-2009-2409.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.7a-cve-2009-3555.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.8b-cve-2007-5135.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: packages/openssl/openssl.spec diff -u packages/openssl/openssl.spec:1.146.2.3.2.10 packages/openssl/openssl.spec:1.146.2.3.2.11 --- packages/openssl/openssl.spec:1.146.2.3.2.10 Tue May 25 16:31:04 2010 +++ packages/openssl/openssl.spec Tue May 25 17:03:56 2010 @@ -15,7 +15,7 @@ Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer Name: openssl Version: 0.9.7m -Release: 2 +Release: 2.1 License: Apache-like Group: Libraries Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz @@ -32,6 +32,10 @@ Patch5: %{name}-ssl-algs.patch Patch6: %{name}-CVE-2007-3108.patch Patch7: %{name}-c_rehash.patch +Patch15: %{name}-0.9.8b-cve-2007-5135.patch +Patch16: %{name}-0.9.7a-cve-2008-5077.patch +Patch18: %{name}-0.9.7a-cve-2009-2409.patch +Patch19: %{name}-0.9.7a-cve-2009-3555.patch URL: http://www.openssl.org/ BuildRequires: perl-devel >= 1:5.6.1 BuildRequires: rpm-perlprov >= 4.1-13 @@ -198,6 +202,10 @@ %patch6 -p1 cp -a %{SOURCE4} c_rehash.sh %patch7 -p1 +%patch15 -p1 +%patch16 -p1 +%patch18 -p1 +%patch19 -p1 # conflicts with i386-only DES implementation # (missing #ifdef OPENSSL_FIPS ... #endif) @@ -444,6 +452,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.146.2.3.2.11 2010/05/25 15:03:56 glen +- add cve-2007-5135, cve-2008-5077, cve-2009-2409, cve-2009-3555 fixes from rhel +- cve-2009-3555 needs more work + Revision 1.146.2.3.2.10 2010/05/25 14:31:04 glen - utf8 ================================================================ Index: packages/openssl/openssl-0.9.7a-cve-2008-5077.patch diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2008-5077.patch:1.1.2.1 --- /dev/null Tue May 25 17:04:05 2010 +++ packages/openssl/openssl-0.9.7a-cve-2008-5077.patch Tue May 25 17:03:56 2010 @@ -0,0 +1,119 @@ +diff -up openssl-0.9.7a/apps/speed.c.verifysig openssl-0.9.7a/apps/speed.c +--- openssl-0.9.7a/apps/speed.c.verifysig 2007-10-16 20:57:51.000000000 +0200 ++++ openssl-0.9.7a/apps/speed.c 2008-12-17 17:25:29.000000000 +0100 +@@ -1478,7 +1478,7 @@ int MAIN(int argc, char **argv) + { + ret=RSA_verify(NID_md5_sha1, buf,36, buf2, + rsa_num, rsa_key[j]); +- if (ret == 0) ++ if (ret <= 0) + { + BIO_printf(bio_err, + "RSA verify failure\n"); +diff -up openssl-0.9.7a/apps/verify.c.verifysig openssl-0.9.7a/apps/verify.c +--- openssl-0.9.7a/apps/verify.c.verifysig 2003-01-30 18:37:36.000000000 +0100 ++++ openssl-0.9.7a/apps/verify.c 2008-12-17 17:25:29.000000000 +0100 +@@ -275,7 +275,7 @@ static int check(X509_STORE *ctx, char * + + ret=0; + end: +- if (i) ++ if (i > 0) + { + fprintf(stdout,"OK\n"); + ret=1; +@@ -365,4 +365,3 @@ static int MS_CALLBACK cb(int ok, X509_S + ERR_clear_error(); + return(ok); + } +- +diff -up openssl-0.9.7a/apps/spkac.c.verifysig openssl-0.9.7a/apps/spkac.c +--- openssl-0.9.7a/apps/spkac.c.verifysig 2003-01-30 18:37:36.000000000 +0100 ++++ openssl-0.9.7a/apps/spkac.c 2008-12-17 17:25:29.000000000 +0100 +@@ -284,7 +284,7 @@ bad: + pkey = NETSCAPE_SPKI_get_pubkey(spki); + if(verify) { + i = NETSCAPE_SPKI_verify(spki, pkey); +- if(i) BIO_printf(bio_err, "Signature OK\n"); ++ if (i > 0) BIO_printf(bio_err, "Signature OK\n"); + else { + BIO_printf(bio_err, "Signature Failure\n"); + ERR_print_errors(bio_err); +diff -up openssl-0.9.7a/apps/x509.c.verifysig openssl-0.9.7a/apps/x509.c +--- openssl-0.9.7a/apps/x509.c.verifysig 2003-01-30 18:37:36.000000000 +0100 ++++ openssl-0.9.7a/apps/x509.c 2008-12-17 17:25:29.000000000 +0100 +@@ -1156,7 +1156,7 @@ static int x509_certify(X509_STORE *ctx, + /* NOTE: this certificate can/should be self signed, unless it was + * a certificate request in which case it is not. */ + X509_STORE_CTX_set_cert(&xsc,x); +- if (!reqfile && !X509_verify_cert(&xsc)) ++ if (!reqfile && X509_verify_cert(&xsc) <= 0) + goto end; + + if (!X509_check_private_key(xca,pkey)) +diff -up openssl-0.9.7a/ssl/s2_clnt.c.verifysig openssl-0.9.7a/ssl/s2_clnt.c +--- openssl-0.9.7a/ssl/s2_clnt.c.verifysig 2007-10-16 20:57:51.000000000 +0200 ++++ openssl-0.9.7a/ssl/s2_clnt.c 2008-12-17 17:25:29.000000000 +0100 +@@ -1060,7 +1060,7 @@ int ssl2_set_certificate(SSL *s, int typ + + i=ssl_verify_cert_chain(s,sk); + +- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) ++ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) + { + SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); + goto err; +diff -up openssl-0.9.7a/ssl/s2_srvr.c.verifysig openssl-0.9.7a/ssl/s2_srvr.c +--- openssl-0.9.7a/ssl/s2_srvr.c.verifysig 2002-11-12 14:23:28.000000000 +0100 ++++ openssl-0.9.7a/ssl/s2_srvr.c 2008-12-17 17:25:29.000000000 +0100 +@@ -1068,7 +1068,7 @@ static int request_certificate(SSL *s) + + i=ssl_verify_cert_chain(s,sk); + +- if (i) /* we like the packet, now check the chksum */ ++ if (i > 0) /* we like the packet, now check the chksum */ + { + EVP_MD_CTX ctx; + EVP_PKEY *pkey=NULL; +@@ -1097,7 +1097,7 @@ static int request_certificate(SSL *s) + EVP_PKEY_free(pkey); + EVP_MD_CTX_cleanup(&ctx); + +- if (i) ++ if (i > 0) + { + if (s->session->peer != NULL) + X509_free(s->session->peer); +diff -up openssl-0.9.7a/ssl/s3_clnt.c.verifysig openssl-0.9.7a/ssl/s3_clnt.c +--- openssl-0.9.7a/ssl/s3_clnt.c.verifysig 2002-12-22 00:49:25.000000000 +0100 ++++ openssl-0.9.7a/ssl/s3_clnt.c 2008-12-17 17:25:29.000000000 +0100 +@@ -832,7 +832,7 @@ static int ssl3_get_server_certificate(S + } + + i=ssl_verify_cert_chain(s,sk); +- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) ++ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) + #ifndef OPENSSL_NO_KRB5 + && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + != (SSL_aKRB5|SSL_kKRB5) +@@ -1196,7 +1196,7 @@ static int ssl3_get_key_exchange(SSL *s) + EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); + EVP_VerifyUpdate(&md_ctx,param,param_len); +- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) ++ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) + { + /* bad signature */ + al=SSL_AD_DECRYPT_ERROR; +diff -up openssl-0.9.7a/ssl/s3_srvr.c.verifysig openssl-0.9.7a/ssl/s3_srvr.c +--- openssl-0.9.7a/ssl/s3_srvr.c.verifysig 2007-10-16 20:57:51.000000000 +0200 ++++ openssl-0.9.7a/ssl/s3_srvr.c 2008-12-17 17:25:29.000000000 +0100 +@@ -1998,7 +1998,7 @@ static int ssl3_get_client_certificate(S + else + { + i=ssl_verify_cert_chain(s,sk); +- if (!i) ++ if (i <= 0) + { + al=ssl_verify_alarm_type(s->verify_result); + SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); ================================================================ Index: packages/openssl/openssl-0.9.7a-cve-2009-2409.patch diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2009-2409.patch:1.1.2.1 --- /dev/null Tue May 25 17:04:05 2010 +++ packages/openssl/openssl-0.9.7a-cve-2009-2409.patch Tue May 25 17:03:56 2010 @@ -0,0 +1,59 @@ +Skip signature validation on selfsigned certificates and +drop MD2 algorithm from the list of algorithms added to +EVP tables by default. (CVE-2009-2409) +diff -up openssl-0.9.7a/crypto/evp/c_alld.c.nomd2 openssl-0.9.7a/crypto/evp/c_alld.c +--- openssl-0.9.7a/crypto/evp/c_alld.c.nomd2 2001-02-19 17:03:53.000000000 +0100 ++++ openssl-0.9.7a/crypto/evp/c_alld.c 2010-02-10 12:55:31.000000000 +0100 +@@ -64,9 +64,6 @@ + + void OpenSSL_add_all_digests(void) + { +-#ifndef OPENSSL_NO_MD2 +- EVP_add_digest(EVP_md2()); +-#endif + #ifndef OPENSSL_NO_MD4 + EVP_add_digest(EVP_md4()); + #endif +diff -up openssl-0.9.7a/crypto/x509/x509_vfy.c.nomd2 openssl-0.9.7a/crypto/x509/x509_vfy.c +--- openssl-0.9.7a/crypto/x509/x509_vfy.c.nomd2 2010-02-10 12:53:02.000000000 +0100 ++++ openssl-0.9.7a/crypto/x509/x509_vfy.c 2010-02-10 12:53:16.000000000 +0100 +@@ -665,7 +665,11 @@ static int internal_verify(X509_STORE_CT + while (n >= 0) + { + ctx->error_depth=n; +- if (!xs->valid) ++ ++ /* Skip signature check for self signed certificates. It ++ * doesn't add any security and just wastes time. ++ */ ++ if (!xs->valid && xs != xi) + { + if ((pkey=X509_get_pubkey(xi)) == NULL) + { +@@ -675,13 +679,6 @@ static int internal_verify(X509_STORE_CT + if (!ok) goto end; + } + else if (X509_verify(xs,pkey) <= 0) +- /* XXX For the final trusted self-signed cert, +- * this is a waste of time. That check should +- * optional so that e.g. 'openssl x509' can be +- * used to detect invalid self-signatures, but +- * we don't verify again and again in SSL +- * handshakes and the like once the cert has +- * been declared trusted. */ + { + ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; + ctx->current_cert=xs; +diff -up openssl-0.9.7a/ssl/ssl_algs.c.nomd2 openssl-0.9.7a/ssl/ssl_algs.c +--- openssl-0.9.7a/ssl/ssl_algs.c.nomd2 2001-02-20 09:11:58.000000000 +0100 ++++ openssl-0.9.7a/ssl/ssl_algs.c 2010-02-10 12:57:10.000000000 +0100 +@@ -82,9 +82,6 @@ int SSL_library_init(void) + EVP_add_cipher(EVP_aes_192_cbc()); + EVP_add_cipher(EVP_aes_256_cbc()); + #endif +-#ifndef OPENSSL_NO_MD2 +- EVP_add_digest(EVP_md2()); +-#endif + #ifndef OPENSSL_NO_MD5 + EVP_add_digest(EVP_md5()); + EVP_add_digest_alias(SN_md5,"ssl2-md5"); ================================================================ Index: packages/openssl/openssl-0.9.7a-cve-2009-3555.patch diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2009-3555.patch:1.1.2.1 --- /dev/null Tue May 25 17:04:05 2010 +++ packages/openssl/openssl-0.9.7a-cve-2009-3555.patch Tue May 25 17:03:56 2010 @@ -0,0 +1,1410 @@ +diff -up openssl-0.9.7a/apps/s_client.c.reneg openssl-0.9.7a/apps/s_client.c +--- openssl-0.9.7a/apps/s_client.c.reneg 2003-01-30 18:37:36.000000000 +0100 ++++ openssl-0.9.7a/apps/s_client.c 2010-02-10 13:01:47.000000000 +0100 +@@ -226,14 +226,14 @@ static void sc_usage(void) + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + #endif + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); +- ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + } + + int MAIN(int, char **); + + int MAIN(int argc, char **argv) + { +- int off=0; ++ int off=0, clr = 0; + SSL *con=NULL,*con2=NULL; + X509_STORE *store = NULL; + int s,k,width,state=0; +@@ -401,6 +401,12 @@ int MAIN(int argc, char **argv) + off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; ++ else if (strcmp(*argv,"-legacy_server_connect") == 0) ++ { off|=SSL_OP_LEGACY_SERVER_CONNECT; } ++ else if (strcmp(*argv,"-no_legacy_server_connect") == 0) ++ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +@@ -488,6 +494,9 @@ bad: + else + SSL_CTX_set_options(ctx,off); + ++ if (clr) ++ SSL_CTX_clear_options(ctx, clr); ++ + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + if(!SSL_CTX_set_cipher_list(ctx,cipher)) { +@@ -1042,6 +1051,8 @@ static void print_stuff(BIO *bio, SSL *s + EVP_PKEY_bits(pktmp)); + EVP_PKEY_free(pktmp); + } ++ BIO_printf(bio, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + if (peer != NULL) +diff -up openssl-0.9.7a/apps/s_server.c.reneg openssl-0.9.7a/apps/s_server.c +--- openssl-0.9.7a/apps/s_server.c.reneg 2003-01-30 18:37:36.000000000 +0100 ++++ openssl-0.9.7a/apps/s_server.c 2010-02-10 13:01:47.000000000 +0100 +@@ -325,6 +325,7 @@ static void sv_usage(void) + #endif + BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); ++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + } + + static int local_argc=0; +@@ -605,6 +606,8 @@ int MAIN(int argc, char *argv[]) + } + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } ++ else if (strcmp(*argv,"-legacy_renegotiation") == 0) ++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-cipher") == 0) + { + if (--argc < 1) goto bad; +@@ -1263,6 +1266,8 @@ static int init_ssl_connection(SSL *con) + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) + BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); ++ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", ++ SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + + return(1); + } +diff -up openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod.reneg openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod +--- openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod.reneg 2010-02-10 13:01:47.000000000 +0100 ++++ openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod 2010-02-18 16:48:45.000000000 +0100 +@@ -2,7 +2,7 @@ + + =head1 NAME + +-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options ++SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options + + =head1 SYNOPSIS + +@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SS + long SSL_CTX_set_options(SSL_CTX *ctx, long options); + long SSL_set_options(SSL *ssl, long options); + ++ long SSL_CTX_clear_options(SSL_CTX *ctx, long options); ++ long SSL_clear_options(SSL *ssl, long options); ++ + long SSL_CTX_get_options(SSL_CTX *ctx); + long SSL_get_options(SSL *ssl); + ++ long SSL_get_secure_renegotiation_support(SSL *ssl); ++ + =head1 DESCRIPTION + ++Note: all these functions are implemented using macros. ++ + SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>. + Options already set before are not cleared! + + SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>. + Options already set before are not cleared! + ++SSL_CTX_clear_options() clears the options set via bitmask in B<options> ++to B<ctx>. ++ ++SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>. ++ + SSL_CTX_get_options() returns the options set for B<ctx>. + + SSL_get_options() returns the options set for B<ssl>. + ++SSL_get_secure_renegotiation_support() indicates whether the peer supports ++secure renegotiation. ++ + =head1 NOTES + + The behaviour of the SSL library can be changed by setting several options. + The options are coded as bitmasks and can be combined by a logical B<or> +-operation (|). Options can only be added but can never be reset. ++operation (|). + + SSL_CTX_set_options() and SSL_set_options() affect the (external) + protocol behaviour of the SSL library. The (internal) behaviour of +@@ -199,17 +214,109 @@ Do not use the TLSv1 protocol. + + When performing renegotiation as a server, always start a new session + (i.e., session resumption requests are only accepted in the initial +-handshake). This option is not needed for clients. ++handshake). This option is not needed for clients. ++ ++=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ++ ++Allow legacy insecure renegotiation between OpenSSL and unpatched clients or ++servers. See the B<SECURE RENEGOTIATION> section for more details. ++ ++=item SSL_OP_LEGACY_SERVER_CONNECT ++ ++Allow legacy insecure renegotiation between OpenSSL and unpatched servers ++B<only>: this option is currently set by default. See the ++B<SECURE RENEGOTIATION> section for more details. + + =back + ++=head1 SECURE RENEGOTIATION ++ ++OpenSSL 0.9.8m and later always attempts to use secure renegotiation as ++described in RFC5746. This counters the prefix attack described in ++CVE-2009-3555 and elsewhere. ++ ++The deprecated and highly broken SSLv2 protocol does not support ++renegotiation at all: its use is B<strongly> discouraged. ++ ++This attack has far reaching consequences which application writers should be ++aware of. In the description below an implementation supporting secure ++renegotiation is referred to as I<patched>. A server not supporting secure ++renegotiation is referred to as I<unpatched>. ++ ++The following sections describe the operations permitted by OpenSSL's secure ++renegotiation implementation. ++ ++=head2 Patched client and server ++ ++Connections and renegotiation are always permitted by OpenSSL implementations. ++ ++=head2 Unpatched client and patched OpenSSL server ++ ++The initial connection suceeds but client renegotiation is denied by the ++server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal ++B<handshake_failure> alert in SSL v3.0. ++ ++If the patched OpenSSL server attempts to renegotiate a fatal ++B<handshake_failure> alert is sent. This is because the server code may be ++unaware of the unpatched nature of the client. ++ ++If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then ++renegotiation B<always> succeeds. ++ ++B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are ++unpatched) will result in the connection hanging if it receives a ++B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard ++a B<no_renegotiation> alert as fatal and respond with a fatal ++B<handshake_failure> alert. This is because the OpenSSL API currently has ++no provision to indicate to an application that a renegotiation attempt ++was refused. ++ ++=head2 Patched OpenSSL client and unpatched server. ++ ++If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or ++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections ++and renegotiation between patched OpenSSL clients and unpatched servers ++succeeds. If neither option is set then initial connections to unpatched ++servers will fail. ++ ++The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even ++though it has security implications: otherwise it would be impossible to ++connect to unpatched servers (i.e. all of them initially) and this is clearly ++not acceptable. Renegotiation is permitted because this does not add any ++additional security issues: during an attack clients do not see any ++renegotiations anyway. ++ ++As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will ++B<not> be set by default in a future version of OpenSSL. ++ ++OpenSSL client applications wishing to ensure they can connect to unpatched ++servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT> ++ ++OpenSSL client applications that want to ensure they can B<not> connect to ++unpatched servers (and thus avoid any security issues) should always B<clear> ++B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or ++SSL_clear_options(). ++ ++The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and ++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that ++B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure ++renegotiation between OpenSSL clients and unpatched servers B<only>, while ++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections ++and renegotiation between OpenSSL and unpatched clients or servers. ++ + =head1 RETURN VALUES + + SSL_CTX_set_options() and SSL_set_options() return the new options bitmask + after adding B<options>. + ++SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask ++after clearing B<options>. ++ + SSL_CTX_get_options() and SSL_get_options() return the current bitmask. + ++SSL_get_secure_renegotiation_support() returns 1 is the peer supports ++secure renegotiation and 0 if it does not. ++ + =head1 SEE ALSO + + L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, +@@ -232,4 +339,11 @@ Versions up to OpenSSL 0.9.6c do not inc + can be disabled with this option (in OpenSSL 0.9.6d, it was always + enabled). + ++SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL ++0.9.8m. ++ ++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT> ++and the function SSL_get_secure_renegotiation_support() were first added in ++OpenSSL 0.9.8m. ++ + =cut +diff -up openssl-0.9.7a/ssl/Makefile.ssl.reneg openssl-0.9.7a/ssl/Makefile.ssl +--- openssl-0.9.7a/ssl/Makefile.ssl.reneg 2002-12-19 23:10:20.000000000 +0100 ++++ openssl-0.9.7a/ssl/Makefile.ssl 2010-02-10 13:01:47.000000000 +0100 +@@ -34,7 +34,7 @@ LIBSRC= \ + ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ + ssl_ciph.c ssl_stat.c ssl_rsa.c \ + ssl_asn1.c ssl_txt.c ssl_algs.c \ +- bio_ssl.c ssl_err.c kssl.c ++ bio_ssl.c ssl_err.c kssl.c t1_reneg.c + LIBOBJ= \ + s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ + s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \ +@@ -43,7 +43,7 @@ LIBOBJ= \ + ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ + ssl_ciph.o ssl_stat.o ssl_rsa.o \ + ssl_asn1.o ssl_txt.o ssl_algs.o \ +- bio_ssl.o ssl_err.o kssl.o ++ bio_ssl.o ssl_err.o kssl.o t1_reneg.o + + SRC= $(LIBSRC) + +diff -up openssl-0.9.7a/ssl/ssl_err.c.reneg openssl-0.9.7a/ssl/ssl_err.c +--- openssl-0.9.7a/ssl/ssl_err.c.reneg 2002-11-12 14:23:36.000000000 +0100 ++++ openssl-0.9.7a/ssl/ssl_err.c 2010-02-10 13:01:47.000000000 +0100 +@@ -138,8 +138,12 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, + {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, + {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, ++{ERR_PACK(0,SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,0), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, ++{ERR_PACK(0,SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,0), "SSL_ADD_CLIENTHELLO_TLSEXT"}, + {ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"}, + {ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"}, ++{ERR_PACK(0,SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,0), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, ++{ERR_PACK(0,SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,0), "SSL_ADD_SERVERHELLO_TLSEXT"}, + {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, + {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, + {ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"}, +@@ -177,6 +181,10 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, + {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, + {ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, ++{ERR_PACK(0,SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,0), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, ++{ERR_PACK(0,SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,0), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, ++{ERR_PACK(0,SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,0), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, ++{ERR_PACK(0,SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,0), "SSL_PARSE_SERVERHELLO_TLSEXT"}, + {ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"}, + {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, + {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, +@@ -329,12 +337,14 @@ static ERR_STRING_DATA SSL_str_reasons[] + {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, + {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, + {SSL_R_NO_PUBLICKEY ,"no publickey"}, ++{SSL_R_NO_RENEGOTIATION ,"no renegotiation"}, + {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, + {SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, + {SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, + {SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, + {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, + {SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, ++{SSL_R_PARSE_TLSEXT ,"parse tlsext"}, + {SSL_R_PATH_TOO_LONG ,"path too long"}, + {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, + {SSL_R_PEER_ERROR ,"peer error"}, +@@ -353,10 +363,14 @@ static ERR_STRING_DATA SSL_str_reasons[] + {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, + {SSL_R_RECORD_TOO_LARGE ,"record too large"}, + {SSL_R_RECORD_TOO_SMALL ,"record too small"}, ++{SSL_R_RENEGOTIATE_EXT_TOO_LONG ,"renegotiate ext too long"}, ++{SSL_R_RENEGOTIATION_ENCODING_ERR ,"renegotiation encoding err"}, ++{SSL_R_RENEGOTIATION_MISMATCH ,"renegotiation mismatch"}, + {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, + {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, + {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, + {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, ++{SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING ,"scsv received when renegotiating"}, + {SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"}, + {SSL_R_SHORT_READ ,"short read"}, + {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, +@@ -425,6 +439,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"}, + {SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"}, + {SSL_R_UNKNOWN_STATE ,"unknown state"}, ++{SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED,"unsafe legacy renegotiation disabled"}, + {SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, + {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, + {SSL_R_UNSUPPORTED_OPTION ,"unsupported option"}, +diff -up openssl-0.9.7a/ssl/ssl.h.reneg openssl-0.9.7a/ssl/ssl.h +--- openssl-0.9.7a/ssl/ssl.h.reneg 2010-02-10 13:01:47.000000000 +0100 ++++ openssl-0.9.7a/ssl/ssl.h 2010-02-10 13:01:47.000000000 +0100 +@@ -463,6 +463,8 @@ typedef struct ssl_session_st + + #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L + #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L ++/* Allow initial connection to servers that don't support RI */ ++#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl.spec?r1=1.146.2.3.2.10&r2=1.146.2.3.2.11&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
