/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0293.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2015-0293.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Apr 15 14:21:07 2015 UTC (9 years, 6 months ago) by vip-ire
Branch: MAIN
CVS Tags: openssl-0_9_8e-33_1_el5_sme, HEAD
* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-33.1.sme
- update with ca-bundle.crt from SME 9 [SME: 8909]

1 vip-ire 1.1 diff -up openssl-fips-0.9.8e/ssl/s2_lib.c.ssl2-assert openssl-fips-0.9.8e/ssl/s2_lib.c
2     --- openssl-fips-0.9.8e/ssl/s2_lib.c.ssl2-assert 2015-04-01 12:41:28.023403066 +0200
3     +++ openssl-fips-0.9.8e/ssl/s2_lib.c 2015-04-02 15:29:37.468346462 +0200
4     @@ -410,7 +410,7 @@ int ssl2_generate_key_material(SSL *s)
5    
6     OPENSSL_assert(s->session->master_key_length >= 0
7     && s->session->master_key_length
8     - < (int)sizeof(s->session->master_key));
9     + <= (int)sizeof(s->session->master_key));
10     EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
11     EVP_DigestUpdate(&ctx,&c,1);
12     c++;
13     diff -up openssl-fips-0.9.8e/ssl/s2_srvr.c.ssl2-assert openssl-fips-0.9.8e/ssl/s2_srvr.c
14     --- openssl-fips-0.9.8e/ssl/s2_srvr.c.ssl2-assert 2015-04-01 12:41:27.950401420 +0200
15     +++ openssl-fips-0.9.8e/ssl/s2_srvr.c 2015-04-02 15:33:51.109049368 +0200
16     @@ -363,7 +363,8 @@ end:
17    
18     static int get_client_master_key(SSL *s)
19     {
20     - int is_export,i,n,keya,ek;
21     + int is_export,i,n,keya;
22     + unsigned int ek;
23     unsigned long len;
24     unsigned char *p;
25     SSL_CIPHER *cp;
26     @@ -445,9 +446,6 @@ static int get_client_master_key(SSL *s)
27     SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
28     return(-1);
29     }
30     - i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
31     - &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
32     - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
33    
34     is_export=SSL_C_IS_EXPORT(s->session->cipher);
35    
36     @@ -466,21 +464,61 @@ static int get_client_master_key(SSL *s)
37     else
38     ek=5;
39    
40     + /*
41     + * The format of the CLIENT-MASTER-KEY message is
42     + * 1 byte message type
43     + * 3 bytes cipher
44     + * 2-byte clear key length (stored in s->s2->tmp.clear)
45     + * 2-byte encrypted key length (stored in s->s2->tmp.enc)
46     + * 2-byte key args length (IV etc)
47     + * clear key
48     + * encrypted key
49     + * key args
50     + *
51     + * If the cipher is an export cipher, then the encrypted key bytes
52     + * are a fixed portion of the total key (5 or 8 bytes). The size of
53     + * this portion is in |ek|. If the cipher is not an export cipher,
54     + * then the entire key material is encrypted (i.e., clear key length
55     + * must be zero).
56     + */
57     + if ((!is_export && s->s2->tmp.clear != 0) ||
58     + (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c)))
59     + {
60     + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
61     + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
62     + return -1;
63     + }
64     + /*
65     + * The encrypted blob must decrypt to the encrypted portion of the key.
66     + * Decryption can't be expanding, so if we don't have enough encrypted
67     + * bytes to fit the key in the buffer, stop now.
68     + */
69     + if ((is_export && s->s2->tmp.enc < ek) ||
70     + (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c)))
71     + {
72     + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
73     + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
74     + return -1;
75     + }
76     +
77     + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
78     + &(p[s->s2->tmp.clear]),
79     + &(p[s->s2->tmp.clear]),
80     + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING);
81     +
82     /* bad decrypt */
83     #if 1
84     /* If a bad decrypt, continue with protocol but with a
85     * random master secret (Bleichenbacher attack) */
86     - if ((i < 0) ||
87     - ((!is_export && (i != EVP_CIPHER_key_length(c)))
88     - || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
89     - (unsigned int)EVP_CIPHER_key_length(c))))))
90     + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
91     + || (is_export && i != (int)ek)))
92     {
93     ERR_clear_error();
94     if (is_export)
95     i=ek;
96     else
97     i=EVP_CIPHER_key_length(c);
98     - if (RAND_pseudo_bytes(p,i) <= 0)
99     + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear],i) <= 0)
100     return 0;
101     }
102     #else
103     @@ -504,7 +542,8 @@ static int get_client_master_key(SSL *s)
104     }
105     #endif
106    
107     - if (is_export) i+=s->s2->tmp.clear;
108     + if (is_export)
109     + i = EVP_CIPHER_key_length(c);
110    
111     if (i > SSL_MAX_MASTER_KEY_LENGTH)
112     {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed