CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Aug 14 05:58:12 UTC 2015 Modified Files: src/crypto/dist/openssl [netbsd-5-2]: e_os2.h src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_int.c tasn_new.c src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_err.c bn_print.c bn_rand.c bn_shift.c src/crypto/dist/openssl/crypto/cms [netbsd-5-2]: cms_smime.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_smpl.c ec_check.c ec_key.c ec_lib.c ecp_smpl.c ectest.c src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-2]: ecdsatest.c ecs_ossl.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/crypto/ocsp [netbsd-5-2]: ocsp_vfy.c src/crypto/dist/openssl/crypto/pem [netbsd-5-2]: pem_pk8.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c src/crypto/dist/openssl/crypto/x509 [netbsd-5-2]: x509_lu.c x509_vfy.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BN_rand.pod BN_set_bit.pod pem.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_lib.c s3_clnt.c s3_srvr.c ssl.h ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c src/crypto/dist/openssl/util [netbsd-5-2]: mkerr.pl Log Message: Pull up following revision(s) (requested by spz in ticket #1976): crypto/dist/openssl/e_os2.h patch crypto/dist/openssl/crypto/asn1/a_int.c patch crypto/dist/openssl/crypto/asn1/tasn_new.c patch crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_err.c patch crypto/dist/openssl/crypto/bn/bn_print.cpatch crypto/dist/openssl/crypto/bn/bn_rand.c patch crypto/dist/openssl/crypto/bn/bn_shift.cpatch crypto/dist/openssl/crypto/cms/cms_smime.c patch crypto/dist/openssl/crypto/ec/ec2_smpl.cpatch crypto/dist/openssl/crypto/ec/ec_check.cpatch crypto/dist/openssl/crypto/ec/ec_key.c patch crypto/dist/openssl/crypto/ec/ec_lib.c patch crypto/dist/openssl/crypto/ec/ecp_smpl.cpatch crypto/dist/openssl/crypto/ec/ectest.c patch crypto/dist/openssl/crypto/ecdsa/ecdsatest.cpatch crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c patch crypto/dist/openssl/crypto/pem/pem_pk8.cpatch crypto/dist/openssl/crypto/pkcs7/pk7_doit.c patch crypto/dist/openssl/crypto/x509/x509_lu.c patch crypto/dist/openssl/crypto/x509/x509_vfy.c patch crypto/dist/openssl/doc/crypto/BN_rand.pod patch crypto/dist/openssl/doc/crypto/BN_set_bit.pod patch crypto/dist/openssl/doc/crypto/pem.pod patch crypto/dist/openssl/ssl/d1_lib.cpatch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl.h patch crypto/dist/openssl/ssl/ssl_err.c patch crypto/dist/openssl/ssl/ssl_lib.c patch crypto/dist/openssl/ssl/ssl_locl.h patch crypto/dist/openssl/ssl/ssl_sess.c patch crypto/dist/openssl/util/mkerr.pl patch This change covers the vulnerabilities relevant to netbsd-5 from the June OpenSSL advisory, and also fixes a regression introduced with the POODLE fix in October last year that caused the SSL server side to fail to handshake. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/e_os2.h cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_int.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/asn1/tasn_new.c cvs rdiff -u -r1.12.2.1 -r1.12.2.2 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/bn/bn_err.c cvs rdiff -u -r1.9 -r1.9.2.1 src/crypto/dist/openssl/crypto/bn/bn_print.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_rand.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_shift.c cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.1.10.1 \ src/crypto/dist/openssl/crypto/cms/cms_smime.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_smpl.c \ src/crypto/dist/openssl/crypto/ec/ectest.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_check.c cvs rdiff -u -r1.1.1.1.38.1 -r1.1.1.1.38.2 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/ec/ec_lib.c cvs rdiff -u -r1.1.1.4.38.1 -r1.1.1.4.38.2 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Aug 14 05:58:12 UTC 2015 Modified Files: src/crypto/dist/openssl [netbsd-5-2]: e_os2.h src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_int.c tasn_new.c src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_err.c bn_print.c bn_rand.c bn_shift.c src/crypto/dist/openssl/crypto/cms [netbsd-5-2]: cms_smime.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_smpl.c ec_check.c ec_key.c ec_lib.c ecp_smpl.c ectest.c src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-2]: ecdsatest.c ecs_ossl.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/crypto/ocsp [netbsd-5-2]: ocsp_vfy.c src/crypto/dist/openssl/crypto/pem [netbsd-5-2]: pem_pk8.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c src/crypto/dist/openssl/crypto/x509 [netbsd-5-2]: x509_lu.c x509_vfy.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BN_rand.pod BN_set_bit.pod pem.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_lib.c s3_clnt.c s3_srvr.c ssl.h ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c src/crypto/dist/openssl/util [netbsd-5-2]: mkerr.pl Log Message: Pull up following revision(s) (requested by spz in ticket #1976): crypto/dist/openssl/e_os2.h patch crypto/dist/openssl/crypto/asn1/a_int.c patch crypto/dist/openssl/crypto/asn1/tasn_new.c patch crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_err.c patch crypto/dist/openssl/crypto/bn/bn_print.cpatch crypto/dist/openssl/crypto/bn/bn_rand.c patch crypto/dist/openssl/crypto/bn/bn_shift.cpatch crypto/dist/openssl/crypto/cms/cms_smime.c patch crypto/dist/openssl/crypto/ec/ec2_smpl.cpatch crypto/dist/openssl/crypto/ec/ec_check.cpatch crypto/dist/openssl/crypto/ec/ec_key.c patch crypto/dist/openssl/crypto/ec/ec_lib.c patch crypto/dist/openssl/crypto/ec/ecp_smpl.cpatch crypto/dist/openssl/crypto/ec/ectest.c patch crypto/dist/openssl/crypto/ecdsa/ecdsatest.cpatch crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c patch crypto/dist/openssl/crypto/pem/pem_pk8.cpatch crypto/dist/openssl/crypto/pkcs7/pk7_doit.c patch crypto/dist/openssl/crypto/x509/x509_lu.c patch crypto/dist/openssl/crypto/x509/x509_vfy.c patch crypto/dist/openssl/doc/crypto/BN_rand.pod patch crypto/dist/openssl/doc/crypto/BN_set_bit.pod patch crypto/dist/openssl/doc/crypto/pem.pod patch crypto/dist/openssl/ssl/d1_lib.cpatch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl.h patch crypto/dist/openssl/ssl/ssl_err.c patch crypto/dist/openssl/ssl/ssl_lib.c patch crypto/dist/openssl/ssl/ssl_locl.h patch crypto/dist/openssl/ssl/ssl_sess.c patch crypto/dist/openssl/util/mkerr.pl patch This change covers the vulnerabilities relevant to netbsd-5 from the June OpenSSL advisory, and also fixes a regression introduced with the POODLE fix in October last year that caused the SSL server side to fail to handshake. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/e_os2.h cvs rdiff -u -r1.1.1.8 -r1.1.1.8.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_int.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/asn1/tasn_new.c cvs rdiff -u -r1.12.2.1 -r1.12.2.2 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/bn/bn_err.c cvs rdiff -u -r1.9 -r1.9.2.1 src/crypto/dist/openssl/crypto/bn/bn_print.c cvs rdiff -u -r1.1.1.6 -r1.1.1.6.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_rand.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/bn/bn_shift.c cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.1.10.1 \ src/crypto/dist/openssl/crypto/cms/cms_smime.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_smpl.c \ src/crypto/dist/openssl/crypto/ec/ectest.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_check.c cvs rdiff -u -r1.1.1.1.38.1 -r1.1.1.1.38.2 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/ec/ec_lib.c cvs rdiff -u -r1.1.1.4.38.1 -r1.1.1.4.38.2 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \ src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: riz Date: Thu Mar 19 16:40:51 UTC 2015 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_type.c tasn_dec.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c pk7_lib.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: d2i_X509.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: s2_lib.c s2_srvr.c Log Message: Pull up following revision(s) (requested by spz in ticket #1954): crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3 crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2 crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2 patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as low severity. This severity rating has now been changed to high. This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia K�sper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: riz Date: Thu Mar 19 16:40:51 UTC 2015 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_type.c tasn_dec.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pk7_doit.c pk7_lib.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: d2i_X509.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: s2_lib.c s2_srvr.c Log Message: Pull up following revision(s) (requested by spz in ticket #1954): crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3 crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2 crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2 crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2 crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2 patches for todays' OpenSSL security advisory from OpenSSL, as relevant to NetBSD base: OpenSSL Security Advisory [19 Mar 2015] === Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) Severity: High This security issue was previously announced by the OpenSSL project and classified as low severity. This severity rating has now been changed to high. This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common. This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. ** issue already committed see last release ** OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd. This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015. Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) === Severity: Moderate The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit ee5a1253285e5c9f406c8b57b0686319b70c07d8 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit 1e3ca524cb38ec92deea37629718e98aba43bc5d OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33 This issue was discovered and fixed by Stephen Henson of the OpenSSL development team. ASN.1 structure reuse memory corruption (CVE-2015-0287) === Severity: Moderate Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare. Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected. This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. OpenSSL 1.0.2 users should upgrade to 1.0.2a commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1 OpenSSL 1.0.1 users should upgrade to 1.0.1m. commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875 OpenSSL 1.0.0 users should upgrade to 1.0.0r. commit d96692c933fe02829c3e922bf7f239e0bd003759 OpenSSL 0.9.8 users should upgrade to 0.9.8zf. commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a This issue was discovered by Emilia K�sper and a fix developed by Stephen Henson of the OpenSSL development team. PKCS7 NULL pointer dereferences (CVE-2015-0289) === Severity: Moderate The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: snj Date: Sun Oct 19 20:11:09 UTC 2014 Modified Files: src/crypto/dist/openssl/apps [netbsd-5-2]: s_client.c src/crypto/dist/openssl/crypto [netbsd-5-2]: LPdir_vms.c LPdir_win.c Makefile src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn_exp.c exptest.c src/crypto/dist/openssl/crypto/bn/asm [netbsd-5-2]: x86_64-gcc.c src/crypto/dist/openssl/crypto/dsa [netbsd-5-2]: dsa_ameth.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec.h ec_ameth.c ec_asn1.c ec_key.c ecp_smpl.c src/crypto/dist/openssl/crypto/err [netbsd-5-2]: openssl.ec src/crypto/dist/openssl/crypto/evp [netbsd-5-2]: Makefile evp_enc.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pkcs7.h src/crypto/dist/openssl/crypto/rsa [netbsd-5-2]: Makefile rsa.h rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/dist/openssl/doc/apps [netbsd-5-2]: s_client.pod src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod EVP_PKEY_set1_RSA.pod EVP_PKEY_sign.pod src/crypto/dist/openssl/doc/ssl [netbsd-5-2]: SSL_CTX_set_mode.pod SSL_CTX_set_tmp_dh_callback.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: Makefile s23_clnt.c s23_srvr.c s2_lib.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c ssl-lib.com ssl.h ssl3.h ssl_err.c ssl_lib.c t1_enc.c t1_lib.c tls1.h src/crypto/dist/openssl/test [netbsd-5-2]: Makefile Added Files: src/crypto/dist/openssl/crypto [netbsd-5-2]: constant_time_locl.h constant_time_test.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: CMS_add1_signer.pod src/crypto/dist/openssl/test [netbsd-5-2]: constant_time_test.c Log Message: Apply patch (requested by spz in ticket #1927): Apply OpenSSL security fixes derived from the diff between OpenSSL 1.0.0n and 1.0.0o, fixing CVE-2014-3567, CVE-2014-3568, and adding POODLE mitigation via support for TLS_FALLBACK_SCSV. To generate a diff of this commit: cvs rdiff -u -r1.1.1.11 -r1.1.1.11.2.1 \ src/crypto/dist/openssl/apps/s_client.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/LPdir_vms.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/LPdir_win.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 src/crypto/dist/openssl/crypto/Makefile cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/crypto/constant_time_locl.h \ src/crypto/dist/openssl/crypto/constant_time_test.c cvs rdiff -u -r1.3 -r1.3.2.1 src/crypto/dist/openssl/crypto/bn/bn_exp.c cvs rdiff -u -r1.4 -r1.4.2.1 src/crypto/dist/openssl/crypto/bn/exptest.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.36.1 \ src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/dsa/dsa_ameth.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/crypto/ec/ec.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/ec/ec_ameth.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.30.1 \ src/crypto/dist/openssl/crypto/ec/ec_asn1.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/err/openssl.ec cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ src/crypto/dist/openssl/crypto/evp/Makefile cvs rdiff -u -r1.1.1.8 -r1.1.1.8.30.1 \ src/crypto/dist/openssl/crypto/evp/evp_enc.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/crypto/pkcs7/pkcs7.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/rsa/Makefile cvs rdiff -u -r1.14 -r1.14.2.1 src/crypto/dist/openssl/crypto/rsa/rsa.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_err.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.38.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.50.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_pk1.c cvs rdiff -u -r1.5 -r1.5.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_sign.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/doc/apps/s_client.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \ src/crypto/dist/openssl/doc/crypto/BIO_s_accept.pod cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/doc/crypto/CMS_add1_signer.pod cvs rdiff -u -r1.6 -r1.6.38.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_EncryptInit.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestVerifyInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_sign.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.50.1 \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: snj Date: Sun Oct 19 20:11:09 UTC 2014 Modified Files: src/crypto/dist/openssl/apps [netbsd-5-2]: s_client.c src/crypto/dist/openssl/crypto [netbsd-5-2]: LPdir_vms.c LPdir_win.c Makefile src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn_exp.c exptest.c src/crypto/dist/openssl/crypto/bn/asm [netbsd-5-2]: x86_64-gcc.c src/crypto/dist/openssl/crypto/dsa [netbsd-5-2]: dsa_ameth.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec.h ec_ameth.c ec_asn1.c ec_key.c ecp_smpl.c src/crypto/dist/openssl/crypto/err [netbsd-5-2]: openssl.ec src/crypto/dist/openssl/crypto/evp [netbsd-5-2]: Makefile evp_enc.c src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-2]: pkcs7.h src/crypto/dist/openssl/crypto/rsa [netbsd-5-2]: Makefile rsa.h rsa_err.c rsa_oaep.c rsa_pk1.c rsa_sign.c src/crypto/dist/openssl/doc/apps [netbsd-5-2]: s_client.pod src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: BIO_s_accept.pod EVP_DigestInit.pod EVP_DigestVerifyInit.pod EVP_EncryptInit.pod EVP_PKEY_set1_RSA.pod EVP_PKEY_sign.pod src/crypto/dist/openssl/doc/ssl [netbsd-5-2]: SSL_CTX_set_mode.pod SSL_CTX_set_tmp_dh_callback.pod src/crypto/dist/openssl/ssl [netbsd-5-2]: Makefile s23_clnt.c s23_srvr.c s2_lib.c s3_clnt.c s3_enc.c s3_lib.c s3_pkt.c s3_srvr.c ssl-lib.com ssl.h ssl3.h ssl_err.c ssl_lib.c t1_enc.c t1_lib.c tls1.h src/crypto/dist/openssl/test [netbsd-5-2]: Makefile Added Files: src/crypto/dist/openssl/crypto [netbsd-5-2]: constant_time_locl.h constant_time_test.c src/crypto/dist/openssl/doc/crypto [netbsd-5-2]: CMS_add1_signer.pod src/crypto/dist/openssl/test [netbsd-5-2]: constant_time_test.c Log Message: Apply patch (requested by spz in ticket #1927): Apply OpenSSL security fixes derived from the diff between OpenSSL 1.0.0n and 1.0.0o, fixing CVE-2014-3567, CVE-2014-3568, and adding POODLE mitigation via support for TLS_FALLBACK_SCSV. To generate a diff of this commit: cvs rdiff -u -r1.1.1.11 -r1.1.1.11.2.1 \ src/crypto/dist/openssl/apps/s_client.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/LPdir_vms.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/LPdir_win.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 src/crypto/dist/openssl/crypto/Makefile cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/crypto/constant_time_locl.h \ src/crypto/dist/openssl/crypto/constant_time_test.c cvs rdiff -u -r1.3 -r1.3.2.1 src/crypto/dist/openssl/crypto/bn/bn_exp.c cvs rdiff -u -r1.4 -r1.4.2.1 src/crypto/dist/openssl/crypto/bn/exptest.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.36.1 \ src/crypto/dist/openssl/crypto/bn/asm/x86_64-gcc.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/dsa/dsa_ameth.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/crypto/ec/ec.h cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/crypto/ec/ec_ameth.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.30.1 \ src/crypto/dist/openssl/crypto/ec/ec_asn1.c cvs rdiff -u -r1.1.1.1 -r1.1.1.1.38.1 \ src/crypto/dist/openssl/crypto/ec/ec_key.c cvs rdiff -u -r1.1.1.4 -r1.1.1.4.38.1 \ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/err/openssl.ec cvs rdiff -u -r1.1.1.5 -r1.1.1.5.2.1 \ src/crypto/dist/openssl/crypto/evp/Makefile cvs rdiff -u -r1.1.1.8 -r1.1.1.8.30.1 \ src/crypto/dist/openssl/crypto/evp/evp_enc.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/crypto/pkcs7/pkcs7.h cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \ src/crypto/dist/openssl/crypto/rsa/Makefile cvs rdiff -u -r1.14 -r1.14.2.1 src/crypto/dist/openssl/crypto/rsa/rsa.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_err.c cvs rdiff -u -r1.1.1.7 -r1.1.1.7.38.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_oaep.c cvs rdiff -u -r1.1.1.3 -r1.1.1.3.50.1 \ src/crypto/dist/openssl/crypto/rsa/rsa_pk1.c cvs rdiff -u -r1.5 -r1.5.2.1 src/crypto/dist/openssl/crypto/rsa/rsa_sign.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/doc/apps/s_client.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \ src/crypto/dist/openssl/doc/crypto/BIO_s_accept.pod cvs rdiff -u -r0 -r1.1.6.2 \ src/crypto/dist/openssl/doc/crypto/CMS_add1_signer.pod cvs rdiff -u -r1.6 -r1.6.38.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_EncryptInit.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.6.1 \ src/crypto/dist/openssl/doc/crypto/EVP_DigestVerifyInit.pod \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_sign.pod cvs rdiff -u -r1.1.1.1 -r1.1.1.1.50.1 \ src/crypto/dist/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod cvs rdiff -u -r1.1.1.2 -r1.1.1.2.50.1 \
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Wed Aug 27 13:30:49 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_object.c asn1.h asn1_err.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s23_srvr.c s3_clnt.c t1_lib.c Log Message: Pull up following revision(s) (requested by spz in ticket #1918): crypto/dist/openssl/crypto/asn1/a_object.c patch crypto/dist/openssl/crypto/asn1/asn1.h patch crypto/dist/openssl/crypto/asn1/asn1_err.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s23_srvr.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/t1_lib.cpatch Patches for the following vulnerabilities: Information leak in pretty printing functions (CVE-2014-3508) Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) backported from the recent 1.0.1i OpenSSL release. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_object.c cvs rdiff -u -r1.9.4.1 -r1.9.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.8.4.1 -r1.1.1.8.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1_err.c cvs rdiff -u -r1.10 -r1.10.2.1 \ src/crypto/dist/openssl/crypto/objects/obj_dat.c cvs rdiff -u -r1.3.4.2.6.1 -r1.3.4.2.6.2 \ src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/ssl/s23_srvr.c cvs rdiff -u -r1.12.4.3.4.1 -r1.12.4.3.4.2 \ src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.2.4.3 -r1.2.4.3.2.1 src/crypto/dist/openssl/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/crypto/asn1/a_object.c diff -u src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7 src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7.2.1 --- src/crypto/dist/openssl/crypto/asn1/a_object.c:1.1.1.7 Fri May 9 21:34:16 2008 +++ src/crypto/dist/openssl/crypto/asn1/a_object.c Wed Aug 27 13:30:49 2014 @@ -95,7 +95,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, if (num == 0) return(0); else if (num == -1) - num=strlen(buf); + num=(int)strlen(buf); p=buf; c= *(p++); @@ -239,7 +239,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT if ((a == NULL) || (a-data == NULL)) return(BIO_write(bp,NULL,4)); - i=i2t_ASN1_OBJECT(buf,sizeof buf,a); + i=i2t_ASN1_OBJECT(buf,(int)sizeof buf,a); if (i (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); @@ -289,7 +289,21 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT ASN1_OBJECT *ret=NULL; const unsigned char *p; unsigned char *data; - int i; + int i, length; + + /* Sanity check OID encoding. + * Need at least one content octet. + * MSB must be clear in the last octet. + * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 + */ + if (len = 0 || len INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] 0x80) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + /* Now 0 len = INT_MAX, so the cast is safe. */ + length = (int)len; /* only the ASN1_OBJECTs from the 'table' will have values * for -sn or -ln */ @@ -300,28 +314,27 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT } else ret=(*a); - p= *pp; /* detach data from object */ data = (unsigned char *)ret-data; ret-data = NULL; /* once detached we can change it */ - if ((data == NULL) || (ret-length len)) + if ((data == NULL) || (ret-length length)) { ret-length=0; if (data != NULL) OPENSSL_free(data); - data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + data=(unsigned char *)OPENSSL_malloc(length); if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } ret-flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(data,p,(int)len); + memcpy(data,p,length); /* reattach data to object, after which it remains const */ ret-data =data; - ret-length=(int)len; + ret-length=length; ret-sn=NULL; ret-ln=NULL; /* ret-flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; + p+=length; if (a != NULL) (*a)=ret; *pp=p; Index: src/crypto/dist/openssl/crypto/asn1/asn1.h diff -u src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1 src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1.10.1 --- src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1 Mon Mar 30 16:29:38 2009 +++
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Wed Aug 27 13:30:49 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/asn1 [netbsd-5-2]: a_object.c asn1.h asn1_err.c src/crypto/dist/openssl/crypto/objects [netbsd-5-2]: obj_dat.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s23_srvr.c s3_clnt.c t1_lib.c Log Message: Pull up following revision(s) (requested by spz in ticket #1918): crypto/dist/openssl/crypto/asn1/a_object.c patch crypto/dist/openssl/crypto/asn1/asn1.h patch crypto/dist/openssl/crypto/asn1/asn1_err.c patch crypto/dist/openssl/crypto/objects/obj_dat.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s23_srvr.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/t1_lib.cpatch Patches for the following vulnerabilities: Information leak in pretty printing functions (CVE-2014-3508) Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) backported from the recent 1.0.1i OpenSSL release. To generate a diff of this commit: cvs rdiff -u -r1.1.1.7 -r1.1.1.7.2.1 \ src/crypto/dist/openssl/crypto/asn1/a_object.c cvs rdiff -u -r1.9.4.1 -r1.9.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1.h cvs rdiff -u -r1.1.1.8.4.1 -r1.1.1.8.4.1.10.1 \ src/crypto/dist/openssl/crypto/asn1/asn1_err.c cvs rdiff -u -r1.10 -r1.10.2.1 \ src/crypto/dist/openssl/crypto/objects/obj_dat.c cvs rdiff -u -r1.3.4.2.6.1 -r1.3.4.2.6.2 \ src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.6 -r1.6.2.1 src/crypto/dist/openssl/ssl/s23_srvr.c cvs rdiff -u -r1.12.4.3.4.1 -r1.12.4.3.4.2 \ src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.2.4.3 -r1.2.4.3.2.1 src/crypto/dist/openssl/ssl/t1_lib.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Jun 6 06:42:08 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_lib.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_mult.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s3_clnt.c s3_pkt.c s3_srvr.c ssl3.h Log Message: Pull up following revision(s) (requested by spz in ticket #1908): crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_lib.c patch crypto/dist/openssl/crypto/ec/ec2_mult.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_pkt.cpatch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl3.h patch *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. (CVE-2014-0224) [KIKUCHI Masashi, Steve Henson] *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. (CVE-2014-0221) [Imre Rad, Steve Henson] *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) [Felix Gröbert, Ivan Fratric, Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.2.1 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/bn/bn_lib.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_mult.c cvs rdiff -u -r1.3.4.2 -r1.3.4.2.6.1 src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.12.4.3 -r1.12.4.3.4.1 src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.9.4.3 -r1.9.4.3.6.1 src/crypto/dist/openssl/ssl/s3_pkt.c cvs rdiff -u -r1.15.4.4 -r1.15.4.4.4.1 src/crypto/dist/openssl/ssl/s3_srvr.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/ssl/ssl3.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/dist/openssl/crypto/bn/bn.h diff -u src/crypto/dist/openssl/crypto/bn/bn.h:1.12 src/crypto/dist/openssl/crypto/bn/bn.h:1.12.2.1 --- src/crypto/dist/openssl/crypto/bn/bn.h:1.12 Fri May 9 21:49:39 2008 +++ src/crypto/dist/openssl/crypto/bn/bn.h Fri Jun 6 06:42:08 2014 @@ -520,6 +520,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -742,11 +744,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words = (_bnum2)-dmax words = (_bnum2)-top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Index: src/crypto/dist/openssl/crypto/bn/bn_lib.c diff -u src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7 src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7.2.1 --- src/crypto/dist/openssl/crypto/bn/bn_lib.c:1.7 Fri May 9 21:49:39 2008 +++ src/crypto/dist/openssl/crypto/bn/bn_lib.c Fri Jun 6 06:42:08 2014 @@ -843,3 +843,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); +
CVS commit: [netbsd-5-2] src/crypto/dist/openssl
Module Name:src Committed By: msaitoh Date: Fri Jun 6 06:42:08 UTC 2014 Modified Files: src/crypto/dist/openssl/crypto/bn [netbsd-5-2]: bn.h bn_lib.c src/crypto/dist/openssl/crypto/ec [netbsd-5-2]: ec2_mult.c src/crypto/dist/openssl/ssl [netbsd-5-2]: d1_both.c s3_clnt.c s3_pkt.c s3_srvr.c ssl3.h Log Message: Pull up following revision(s) (requested by spz in ticket #1908): crypto/dist/openssl/crypto/bn/bn.h patch crypto/dist/openssl/crypto/bn/bn_lib.c patch crypto/dist/openssl/crypto/ec/ec2_mult.cpatch crypto/dist/openssl/ssl/d1_both.c patch crypto/dist/openssl/ssl/s3_clnt.c patch crypto/dist/openssl/ssl/s3_pkt.cpatch crypto/dist/openssl/ssl/s3_srvr.c patch crypto/dist/openssl/ssl/ssl3.h patch *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. (CVE-2014-0224) [KIKUCHI Masashi, Steve Henson] *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. (CVE-2014-0221) [Imre Rad, Steve Henson] *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) [Jüri Aedla, Steve Henson] *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. Thanks to Felix Gröbert and Ivan Fratric at Google for discovering this issue. (CVE-2014-3470) [Felix Gröbert, Ivan Fratric, Steve Henson] To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.2.1 src/crypto/dist/openssl/crypto/bn/bn.h cvs rdiff -u -r1.7 -r1.7.2.1 src/crypto/dist/openssl/crypto/bn/bn_lib.c cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \ src/crypto/dist/openssl/crypto/ec/ec2_mult.c cvs rdiff -u -r1.3.4.2 -r1.3.4.2.6.1 src/crypto/dist/openssl/ssl/d1_both.c cvs rdiff -u -r1.12.4.3 -r1.12.4.3.4.1 src/crypto/dist/openssl/ssl/s3_clnt.c cvs rdiff -u -r1.9.4.3 -r1.9.4.3.6.1 src/crypto/dist/openssl/ssl/s3_pkt.c cvs rdiff -u -r1.15.4.4 -r1.15.4.4.4.1 src/crypto/dist/openssl/ssl/s3_srvr.c cvs rdiff -u -r1.8 -r1.8.2.1 src/crypto/dist/openssl/ssl/ssl3.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.