/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0204.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0204.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Apr 15 14:21:06 2015 UTC (9 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: openssl-0_9_8e-33_1_el5_sme, HEAD
* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-33.1.sme
- update with ca-bundle.crt from SME 9 [SME: 8909]

1 vip-ire 1.1 diff -up openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_options.pod.rsa-ephemeral openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_options.pod
2     --- openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_options.pod.rsa-ephemeral 2014-08-08 11:54:24.000000000 +0200
3     +++ openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_options.pod 2015-02-03 10:26:12.735168700 +0100
4     @@ -151,15 +151,7 @@ temporary/ephemeral DH parameters are us
5    
6     =item SSL_OP_EPHEMERAL_RSA
7    
8     -Always use ephemeral (temporary) RSA key when doing RSA operations
9     -(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
10     -According to the specifications this is only done, when a RSA key
11     -can only be used for signature operations (namely under export ciphers
12     -with restricted RSA keylength). By setting this option, ephemeral
13     -RSA keys are always used. This option breaks compatibility with the
14     -SSL/TLS specifications and may lead to interoperability problems with
15     -clients and should therefore never be used. Ciphers with EDH (ephemeral
16     -Diffie-Hellman) key exchange should be used instead.
17     +This option is no longer implemented and is treated as no op.
18    
19     =item SSL_OP_CIPHER_SERVER_PREFERENCE
20    
21     diff -up openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.rsa-ephemeral openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
22     --- openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.rsa-ephemeral 2006-12-06 10:12:28.000000000 +0100
23     +++ openssl-fips-0.9.8e/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-02-03 10:26:12.735168700 +0100
24     @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-H
25     in order to achieve forward secrecy (see
26     L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
27    
28     -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
29     -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
30     -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
31     -standard. When ephemeral RSA key exchange is required for export ciphers,
32     -it will automatically be used without this option!
33     -
34     -An application may either directly specify the key or can supply the key via
35     -a callback function. The callback approach has the advantage, that the
36     -callback may generate the key only in case it is actually needed. As the
37     -generation of a RSA key is however costly, it will lead to a significant
38     -delay in the handshake procedure. Another advantage of the callback function
39     -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
40     -usage) while the explicit setting of the key is only useful for key size of
41     -512 bits to satisfy the export restricted ciphers and does give away key length
42     -if a longer key would be allowed.
43     +An application may either directly specify the key or can supply the key via a
44     +callback function. The callback approach has the advantage, that the callback
45     +may generate the key only in case it is actually needed. As the generation of a
46     +RSA key is however costly, it will lead to a significant delay in the handshake
47     +procedure. Another advantage of the callback function is that it can supply
48     +keys of different size while the explicit setting of the key is only useful for
49     +key size of 512 bits to satisfy the export restricted ciphers and does give
50     +away key length if a longer key would be allowed.
51    
52     The B<tmp_rsa_callback> is called with the B<keylength> needed and
53     the B<is_export> information. The B<is_export> flag is set, when the
54     diff -up openssl-fips-0.9.8e/ssl/d1_srvr.c.rsa-ephemeral openssl-fips-0.9.8e/ssl/d1_srvr.c
55     --- openssl-fips-0.9.8e/ssl/d1_srvr.c.rsa-ephemeral 2014-08-08 11:54:24.000000000 +0200
56     +++ openssl-fips-0.9.8e/ssl/d1_srvr.c 2015-02-03 10:26:12.738168768 +0100
57     @@ -323,23 +323,11 @@ int dtls1_accept(SSL *s)
58    
59     /* clear this, it may get reset by
60     * send_server_key_exchange */
61     - if ((s->options & SSL_OP_EPHEMERAL_RSA)
62     -#ifndef OPENSSL_NO_KRB5
63     - && !(l & SSL_KRB5)
64     -#endif /* OPENSSL_NO_KRB5 */
65     - )
66     - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
67     - * even when forbidden by protocol specs
68     - * (handshake may fail as clients are not required to
69     - * be able to handle this) */
70     - s->s3->tmp.use_rsa_tmp=1;
71     - else
72     - s->s3->tmp.use_rsa_tmp=0;
73     + s->s3->tmp.use_rsa_tmp=0;
74    
75     /* only send if a DH key exchange, fortezza or
76     * RSA but we have a sign only certificate */
77     - if (s->s3->tmp.use_rsa_tmp
78     - || (l & (SSL_DH|SSL_kFZA))
79     + if ((l & (SSL_DH|SSL_kFZA))
80     || ((l & SSL_kRSA)
81     && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
82     || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
83     diff -up openssl-fips-0.9.8e/ssl/ssl.h.rsa-ephemeral openssl-fips-0.9.8e/ssl/ssl.h
84     --- openssl-fips-0.9.8e/ssl/ssl.h.rsa-ephemeral 2014-10-15 16:33:56.329898526 +0200
85     +++ openssl-fips-0.9.8e/ssl/ssl.h 2015-02-03 10:26:12.741168836 +0100
86     @@ -514,9 +514,8 @@ typedef struct ssl_session_st
87     #define SSL_OP_SINGLE_ECDH_USE 0x00080000L
88     /* If set, always create a new key when using tmp_dh parameters */
89     #define SSL_OP_SINGLE_DH_USE 0x00100000L
90     -/* Set to always use the tmp_rsa key when doing RSA operations,
91     - * even when this violates protocol specs */
92     -#define SSL_OP_EPHEMERAL_RSA 0x00200000L
93     +/* Does nothing: retained for compatibiity */
94     +#define SSL_OP_EPHEMERAL_RSA 0x0
95     /* Set on servers to choose the cipher according to the server's
96     * preferences */
97     #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
98     diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.rsa-ephemeral openssl-fips-0.9.8e/ssl/s3_clnt.c
99     --- openssl-fips-0.9.8e/ssl/s3_clnt.c.rsa-ephemeral 2014-08-08 11:54:24.000000000 +0200
100     +++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2015-02-03 10:27:12.018509441 +0100
101     @@ -1086,6 +1086,13 @@ int ssl3_get_key_exchange(SSL *s)
102     #ifndef OPENSSL_NO_RSA
103     if (alg & SSL_kRSA)
104     {
105     + /* Temporary RSA keys only allowed in export ciphersuites */
106     + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
107     + {
108     + al=SSL_AD_UNEXPECTED_MESSAGE;
109     + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
110     + goto f_err;
111     + }
112     if ((rsa=RSA_new()) == NULL)
113     {
114     SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
115     diff -up openssl-fips-0.9.8e/ssl/s3_srvr.c.rsa-ephemeral openssl-fips-0.9.8e/ssl/s3_srvr.c
116     --- openssl-fips-0.9.8e/ssl/s3_srvr.c.rsa-ephemeral 2014-08-08 11:54:24.000000000 +0200
117     +++ openssl-fips-0.9.8e/ssl/s3_srvr.c 2015-02-03 10:26:12.740168813 +0100
118     @@ -332,18 +332,7 @@ int ssl3_accept(SSL *s)
119    
120     /* clear this, it may get reset by
121     * send_server_key_exchange */
122     - if ((s->options & SSL_OP_EPHEMERAL_RSA)
123     -#ifndef OPENSSL_NO_KRB5
124     - && !(l & SSL_KRB5)
125     -#endif /* OPENSSL_NO_KRB5 */
126     - )
127     - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
128     - * even when forbidden by protocol specs
129     - * (handshake may fail as clients are not required to
130     - * be able to handle this) */
131     - s->s3->tmp.use_rsa_tmp=1;
132     - else
133     - s->s3->tmp.use_rsa_tmp=0;
134     + s->s3->tmp.use_rsa_tmp=0;
135    
136    
137     /* only send if a DH key exchange, fortezza or
138     @@ -355,8 +344,7 @@ int ssl3_accept(SSL *s)
139     * server certificate contains the server's
140     * public key for key exchange.
141     */
142     - if (s->s3->tmp.use_rsa_tmp
143     - || (l & SSL_kECDHE)
144     + if ((l & SSL_kECDHE)
145     || (l & (SSL_DH|SSL_kFZA))
146     || ((l & SSL_kRSA)
147     && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed