crypto

Soren Jacobsen Mon, 30 Mar 2009 09:29:52 -0700

Module Name:    src
Committed By:   snj
Date:           Mon Mar 30 16:29:38 UTC 2009


Modified Files:
        src/crypto/dist/openssl/crypto/asn1 [netbsd-5]: asn1.h asn1_err.c
            tasn_dec.c
        src/crypto/dist/openssl/crypto/cms [netbsd-5]: cms_smime.c

Log Message:
Pull up following revision(s) (requested by drochner in ticket #624):
        crypto/dist/openssl/crypto/asn1/asn1.h: revision 1.10
        crypto/dist/openssl/crypto/asn1/asn1_err.c: revision 1.2
        crypto/dist/openssl/crypto/asn1/tasn_dec.c: revision 1.9
        crypto/dist/openssl/crypto/cms/cms_smime.c: revision 1.2
apply patches from upstream CVS to fix 3 security problems:
-ASN1 printing crash (CVE-2009-0590)
-Incorrect Error Checking During CMS verification (CVE-2009-0591)
-Invalid ASN1 clearing check (CVE-2009-0789)


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.4.1 src/crypto/dist/openssl/crypto/asn1/asn1.h
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.4.1 \
    src/crypto/dist/openssl/crypto/asn1/asn1_err.c
cvs rdiff -u -r1.8 -r1.8.4.1 src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \
    src/crypto/dist/openssl/crypto/cms/cms_smime.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/openssl/crypto/asn1/asn1.h
diff -u src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9 src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9.4.1
--- src/crypto/dist/openssl/crypto/asn1/asn1.h:1.9	Fri May  9 21:49:39 2008
+++ src/crypto/dist/openssl/crypto/asn1/asn1.h	Mon Mar 30 16:29:38 2009
@@ -1268,6 +1268,7 @@
 #define ASN1_R_BAD_OBJECT_HEADER			 102
 #define ASN1_R_BAD_PASSWORD_READ			 103
 #define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
 #define ASN1_R_BN_LIB					 105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
 #define ASN1_R_BUFFER_TOO_SMALL				 107
@@ -1359,6 +1360,7 @@
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
 #define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
 #define ASN1_R_UNKNOWN_FORMAT				 160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162

Index: src/crypto/dist/openssl/crypto/asn1/asn1_err.c
diff -u src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8 src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8.4.1
--- src/crypto/dist/openssl/crypto/asn1/asn1_err.c:1.1.1.8	Fri May  9 21:34:17 2008
+++ src/crypto/dist/openssl/crypto/asn1/asn1_err.c	Mon Mar 30 16:29:38 2009
@@ -199,6 +199,7 @@
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
 {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
 {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
+{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
 {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
@@ -290,6 +291,7 @@
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
 {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
 {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},

Index: src/crypto/dist/openssl/crypto/asn1/tasn_dec.c
diff -u src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8 src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8.4.1
--- src/crypto/dist/openssl/crypto/asn1/tasn_dec.c:1.8	Fri May  9 21:49:39 2008
+++ src/crypto/dist/openssl/crypto/asn1/tasn_dec.c	Mon Mar 30 16:29:38 2009
@@ -613,7 +613,6 @@
 
 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}
 
@@ -760,7 +759,6 @@
 
 	err:
 	ASN1_template_free(val, tt);
-	*val = NULL;
 	return 0;
 	}
 
@@ -1014,6 +1012,18 @@
 		case V_ASN1_SET:
 		case V_ASN1_SEQUENCE:
 		default:
+		if (utype == V_ASN1_BMPSTRING && (len & 1))
+			{
+			ASN1err(ASN1_F_ASN1_EX_C2I,
+					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
+		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+			{
+			ASN1err(ASN1_F_ASN1_EX_C2I,
+					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+			goto err;
+			}
 		/* All based on ASN1_STRING and handled the same */
 		if (!*pval)
 			{

Index: src/crypto/dist/openssl/crypto/cms/cms_smime.c
diff -u src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1 src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1.8.1
--- src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1	Fri May  9 21:34:23 2008
+++ src/crypto/dist/openssl/crypto/cms/cms_smime.c	Mon Mar 30 16:29:38 2009
@@ -414,7 +414,7 @@
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 			{
 			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (!CMS_SignerInfo_verify_content(si, cmsbio))
+			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
 				{
 				CMSerr(CMS_F_CMS_VERIFY,
 					CMS_R_CONTENT_VERIFY_ERROR);

CVS commit: [netbsd-5] src/crypto/dist/openssl/crypto

Reply via email to