rpms/openssl/FC-5 openssl-0.9.8a-cve-2006-2940.patch, NONE, 1.1 openssl-0.9.8b-cve-2006-2937.patch, NONE, 1.1 openssl-0.9.8b-cve-2006-3738.patch, NONE, 1.1 openssl-0.9.8b-cve-2006-4343.patch, NONE, 1.1 openssl.spec, 1.70, 1.71
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Sep 28 20:18:27 UTC 2006
- Previous message (by thread): rpms/pirut/devel .cvsignore, 1.38, 1.39 pirut.spec, 1.39, 1.40 sources, 1.39, 1.40
- Next message (by thread): rpms/kdeutils/devel kdeutils-3.5.4-kde#113622.patch, NONE, 1.1 kdeutils-3.5.4-kde#132929.patch, NONE, 1.1 kdeutils.spec, 1.77, 1.78 kdeutils-3.5.4-klaptopdaemon-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/openssl/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv13578
Modified Files:
openssl.spec
Added Files:
openssl-0.9.8a-cve-2006-2940.patch
openssl-0.9.8b-cve-2006-2937.patch
openssl-0.9.8b-cve-2006-3738.patch
openssl-0.9.8b-cve-2006-4343.patch
Log Message:
* Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.4
- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
- fix CVE-2006-4343 - sslv2 client DoS (#206940)
openssl-0.9.8a-cve-2006-2940.patch:
dh/dh.h | 3 +++
dh/dh_err.c | 1 +
dh/dh_key.c | 6 ++++++
dsa/dsa.h | 4 ++++
dsa/dsa_err.c | 2 ++
dsa/dsa_ossl.c | 12 ++++++++++++
rsa/rsa.h | 6 ++++++
rsa/rsa_eay.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
rsa/rsa_err.c | 1 +
9 files changed, 79 insertions(+)
--- NEW FILE openssl-0.9.8a-cve-2006-2940.patch ---
--- openssl-0.9.8a/crypto/dsa/dsa_ossl.c.parasitic 2005-05-26 06:40:57.000000000 +0200
+++ openssl-0.9.8a/crypto/dsa/dsa_ossl.c 2006-09-28 22:11:11.000000000 +0200
@@ -304,6 +304,18 @@
return -1;
}
+ if (BN_num_bits(dsa->q) != 160)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
--- openssl-0.9.8a/crypto/dsa/dsa_err.c.parasitic 2005-04-12 18:15:12.000000000 +0200
+++ openssl-0.9.8a/crypto/dsa/dsa_err.c 2006-09-28 22:11:11.000000000 +0200
@@ -89,8 +89,10 @@
static ERR_STRING_DATA DSA_str_reasons[]=
{
+{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{0,NULL}
};
--- openssl-0.9.8a/crypto/dsa/dsa.h.parasitic 2006-09-28 22:11:09.000000000 +0200
+++ openssl-0.9.8a/crypto/dsa/dsa.h 2006-09-28 22:11:11.000000000 +0200
@@ -84,6 +84,8 @@
#endif
#endif
+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+
#define DSA_FLAG_CACHE_MONT_P 0x01
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
* implementation now uses constant time
@@ -270,8 +272,10 @@
#define DSA_F_SIG_CB 114
/* Reason codes. */
+#define DSA_R_BAD_Q_VALUE 102
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
+#define DSA_R_MODULUS_TOO_LARGE 103
#ifdef __cplusplus
}
--- openssl-0.9.8a/crypto/rsa/rsa_eay.c.parasitic 2006-09-28 22:11:11.000000000 +0200
+++ openssl-0.9.8a/crypto/rsa/rsa_eay.c 2006-09-28 22:11:11.000000000 +0200
@@ -168,6 +168,28 @@
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+ {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
@@ -574,6 +596,28 @@
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+ {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+ {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
if((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
--- openssl-0.9.8a/crypto/rsa/rsa_err.c.parasitic 2006-09-28 22:11:11.000000000 +0200
+++ openssl-0.9.8a/crypto/rsa/rsa_err.c 2006-09-28 22:11:11.000000000 +0200
@@ -137,6 +137,7 @@
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
+{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
--- openssl-0.9.8a/crypto/rsa/rsa.h.parasitic 2006-09-28 22:11:11.000000000 +0200
+++ openssl-0.9.8a/crypto/rsa/rsa.h 2006-09-28 22:11:11.000000000 +0200
@@ -159,6 +159,11 @@
BN_BLINDING *mt_blinding;
};
+#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
+
+#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
+
#define RSA_3 0x3L
#define RSA_F4 0x10001L
@@ -407,6 +412,7 @@
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
+#define RSA_R_MODULUS_TOO_LARGE 105
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
--- openssl-0.9.8a/crypto/dh/dh.h.parasitic 2006-09-28 22:11:10.000000000 +0200
+++ openssl-0.9.8a/crypto/dh/dh.h 2006-09-28 22:15:59.000000000 +0200
@@ -73,6 +73,8 @@
#include <openssl/bn.h>
#endif
+#define OPENSSL_DH_MAX_MODULUS_BITS 10000
+
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
* implementation now uses constant time
@@ -222,6 +224,7 @@
#define DH_R_BAD_GENERATOR 101
#define DH_R_NO_PRIVATE_VALUE 100
#define DH_R_INVALID_PUBKEY 102
+#define DH_R_MODULUS_TOO_LARGE 103
#ifdef __cplusplus
}
--- openssl-0.9.8a/crypto/dh/dh_key.c.parasitic 2005-08-20 20:35:53.000000000 +0200
+++ openssl-0.9.8a/crypto/dh/dh_key.c 2006-09-28 22:11:11.000000000 +0200
@@ -179,6 +179,12 @@
int ret= -1;
int check_result;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ {
+ DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
--- openssl-0.9.8a/crypto/dh/dh_err.c.parasitic 2005-08-20 20:35:53.000000000 +0200
+++ openssl-0.9.8a/crypto/dh/dh_err.c 2006-09-28 22:15:37.000000000 +0200
@@ -84,6 +84,7 @@
{
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
+{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
{0,NULL}
};
openssl-0.9.8b-cve-2006-2937.patch:
tasn_dec.c | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE openssl-0.9.8b-cve-2006-2937.patch ---
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When
the test suite was run against OpenSSL two denial of service
vulnerabilities were discovered.
During the parsing of certain invalid ASN1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. CVE-2006-2938
Any code which uses OpenSSL to parse ASN1 data from untrusted sources is
affected. This includes SSL servers which enable client authentication
and S/MIME applications.
This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier
--- openssl-0.9.8b/crypto/asn1/tasn_dec.c.asn1-error 2006-02-19 14:45:22.000000000 +0100
+++ openssl-0.9.8b/crypto/asn1/tasn_dec.c 2006-09-25 12:01:14.000000000 +0200
@@ -832,6 +832,7 @@
}
else if (ret == -1)
return -1;
+ ret = 0;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if ((utype == V_ASN1_SEQUENCE)
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
openssl-0.9.8b-cve-2006-3738.patch:
s3_srvr.c | 2 +-
ssl_lib.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE openssl-0.9.8b-cve-2006-3738.patch ---
Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer
overflow in SSL_get_shared_ciphers utility function, used by some
applications such as exim and mysql. An attacker could send a list of
ciphers that would overrun a buffer CVE-2006-3738
--- ssl/ssl_lib.c 2005-10-01 00:38:20.000000000 +0100
+++ ssl/ssl_lib.c 2006-08-28 19:08:37.401404000 +0100
@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *
c=sk_SSL_CIPHER_value(sk,i);
for (cp=c->name; *cp; )
{
- if (len-- == 0)
+ if (len-- <= 0)
{
*p='\0';
return(buf);
--- ssl/s3_srvr.c 2005-10-01 00:38:20.000000000 +0100
+++ ssl/s3_srvr.c 2006-08-28 19:16:39.313556000 +0100
@@ -2017,7 +2017,7 @@ int ssl3_get_client_key_exchange(SSL *s)
if (kssl_ctx->client_princ)
{
- int len = strlen(kssl_ctx->client_princ);
+ size_t len = strlen(kssl_ctx->client_princ);
if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
{
s->session->krb5_client_princ_len = len;
openssl-0.9.8b-cve-2006-4343.patch:
s2_clnt.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE openssl-0.9.8b-cve-2006-4343.patch ---
Tavis Ormandy and Will Drewry of the Google Security Team discovered a
possible DoS in the sslv2 client code. Where a client application uses
OpenSSL to make a SSLv2 connection to a malicious server that server
could cause the client to crash. CVE-2006-4343
--- ssl/s2_clnt.c 2005-08-06 00:52:07.000000000 +0100
+++ ssl/s2_clnt.c 2006-08-28 19:14:59.398605000 +0100
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
}
- if (s->session->peer != s->session->sess_cert->peer_key->x509)
+ if (s->session->sess_cert == NULL
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
/* can't happen */
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl/FC-5/openssl.spec,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- openssl.spec 5 Sep 2006 15:25:28 -0000 1.70
+++ openssl.spec 28 Sep 2006 20:18:20 -0000 1.71
@@ -23,7 +23,7 @@
Summary: The OpenSSL toolkit.
Name: openssl
Version: 0.9.8a
-Release: 5.3
+Release: 5.4
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -58,6 +58,10 @@
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
# Backported fixes including security fixes
Patch56: openssl-0.9.8b-cve-2006-4339.patch
+Patch57: openssl-0.9.8b-cve-2006-2937.patch
+Patch58: openssl-0.9.8a-cve-2006-2940.patch
+Patch59: openssl-0.9.8b-cve-2006-3738.patch
+Patch60: openssl-0.9.8b-cve-2006-4343.patch
License: BSDish
Group: System Environment/Libraries
@@ -123,6 +127,10 @@
%patch37 -p1 -b .no-builtin-comp
%patch38 -p1 -b .cipher-change
%patch56 -p1 -b .short-padding
+%patch57 -p1 -b .asn1-error
+%patch58 -p1 -b .parasitic
+%patch59 -p0 -b .shared-ciphers
+%patch60 -p0 -b .client-dos
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -384,6 +392,12 @@
%postun -p /sbin/ldconfig
%changelog
+* Thu Sep 28 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.4
+- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
+- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
+- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
+- fix CVE-2006-4343 - sslv2 client DoS (#206940)
+
* Tue Sep 9 2006 Tomas Mraz <tmraz at redhat.com> 0.9.8a-5.3
- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
- Previous message (by thread): rpms/pirut/devel .cvsignore, 1.38, 1.39 pirut.spec, 1.39, 1.40 sources, 1.39, 1.40
- Next message (by thread): rpms/kdeutils/devel kdeutils-3.5.4-kde#113622.patch, NONE, 1.1 kdeutils-3.5.4-kde#132929.patch, NONE, 1.1 kdeutils.spec, 1.77, 1.78 kdeutils-3.5.4-klaptopdaemon-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list