/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2012-0884.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2012-0884.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:09 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
2     in PKCS7 code. When RSA decryption fails use a random key for
3     content decryption and always return the same error.
4     diff -up openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pk7-mma openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c
5     --- openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c.pk7-mma 2007-02-03 10:51:58.000000000 +0100
6     +++ openssl-fips-0.9.8e/crypto/pkcs7/pk7_doit.c 2012-03-19 17:51:35.879037258 +0100
7     @@ -423,6 +423,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
8     int max;
9     X509_OBJECT ret;
10     #endif
11     + unsigned char *tkey = NULL;
12     + int tkeylen;
13     int jj;
14    
15     if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
16     @@ -464,36 +466,42 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
17    
18     if (pcert == NULL)
19     {
20     + /* Temporary storage in case EVP_PKEY_decrypt
21     + * overwrites output buffer on error.
22     + */
23     + unsigned char *tmp2;
24     + tmp2 = OPENSSL_malloc(jj);
25     + if (!tmp2)
26     + goto err;
27     + jj = -1;
28     + /* Always attempt to decrypt all cases to avoid
29     + * leaking timing information about a successful
30     + * decrypt.
31     + */
32     for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
33     {
34     + int tret;
35     ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
36     - jj=EVP_PKEY_decrypt(tmp,
37     + tret=EVP_PKEY_decrypt(tmp2,
38     M_ASN1_STRING_data(ri->enc_key),
39     M_ASN1_STRING_length(ri->enc_key),
40     pkey);
41     - if (jj > 0)
42     - break;
43     + if (tret > 0)
44     + {
45     + memcpy(tmp, tmp2, tret);
46     + OPENSSL_cleanse(tmp2, tret);
47     + jj = tret;
48     + }
49     ERR_clear_error();
50     - ri = NULL;
51     - }
52     - if (ri == NULL)
53     - {
54     - PKCS7err(PKCS7_F_PKCS7_DATADECODE,
55     - PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
56     - goto err;
57     }
58     + OPENSSL_free(tmp2);
59     }
60     else
61     {
62     jj=EVP_PKEY_decrypt(tmp,
63     M_ASN1_STRING_data(ri->enc_key),
64     M_ASN1_STRING_length(ri->enc_key), pkey);
65     - if (jj <= 0)
66     - {
67     - PKCS7err(PKCS7_F_PKCS7_DATADECODE,
68     - ERR_R_EVP_LIB);
69     - goto err;
70     - }
71     + ERR_clear_error();
72     }
73    
74     evp_ctx=NULL;
75     @@ -502,24 +510,49 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
76     goto err;
77     if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
78     goto err;
79     + /* Generate random key to counter MMA */
80     + tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
81     + tkey = OPENSSL_malloc(tkeylen);
82     + if (!tkey)
83     + goto err;
84     + if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
85     + goto err;
86     + /* If we have no key use random key */
87     + if (jj <= 0)
88     + {
89     + OPENSSL_free(tmp);
90     + jj = tkeylen;
91     + tmp = tkey;
92     + tkey = NULL;
93     + }
94    
95     - if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
96     + if (jj != tkeylen) {
97     /* Some S/MIME clients don't use the same key
98     * and effective key length. The key length is
99     * determined by the size of the decrypted RSA key.
100     */
101     if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
102     {
103     - PKCS7err(PKCS7_F_PKCS7_DATADECODE,
104     - PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
105     - goto err;
106     + /* As MMA defence use random key instead */
107     + OPENSSL_cleanse(tmp, jj);
108     + OPENSSL_free(tmp);
109     + jj = tkeylen;
110     + tmp = tkey;
111     + tkey = NULL;
112     }
113     }
114     + ERR_clear_error();
115     if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
116     goto err;
117    
118     OPENSSL_cleanse(tmp,jj);
119    
120     + if (tkey)
121     + {
122     + OPENSSL_cleanse(tkey, tkeylen);
123     + OPENSSL_free(tkey);
124     + }
125     +
126     if (out == NULL)
127     out=etmp;
128     else

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed