Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch')
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch459
1 files changed, 459 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
new file mode 100644
index 000000000000..852d06e9181a
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
@@ -0,0 +1,459 @@
+--- openssl-1.0.2/crypto/asn1/a_type.c
++++ openssl-1.0.2/crypto/asn1/a_type.c
+@@ -119,6 +119,9 @@
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+--- openssl-1.0.2/crypto/asn1/tasn_dec.c
++++ openssl-1.0.2/crypto/asn1/tasn_dec.c
+@@ -140,11 +140,17 @@
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+- if (!pval)
+- pval = &ptmpval;
+ asn1_tlc_clear_nc(&c);
+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+- return *pval;
++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++ ptmpval = *pval;
++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++ if (*pval)
++ ASN1_item_free(*pval, it);
++ *pval = ptmpval;
++ }
++ return ptmpval;
++ }
+ return NULL;
+ }
+
+@@ -304,9 +310,16 @@
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+-
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it)) {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+@@ -386,6 +399,17 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ const ASN1_TEMPLATE *seqtt;
+--- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
+@@ -261,6 +261,25 @@
+ PKCS7_RECIP_INFO *ri = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+@@ -411,6 +430,16 @@
+ unsigned char *ek = NULL, *tkey = NULL;
+ int eklen = 0, tkeylen = 0;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+@@ -707,6 +736,16 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+@@ -746,6 +785,7 @@
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -755,6 +795,7 @@
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -820,22 +861,30 @@
+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ }
+
+- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
+- char *cont;
+- long contlen;
+- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+- if (btmp == NULL) {
+- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+- goto err;
+- }
+- contlen = BIO_get_mem_data(btmp, &cont);
++ if (!PKCS7_is_detached(p7)) {
+ /*
+- * Mark the BIO read only then we can use its copy of the data
+- * instead of making an extra copy.
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ * digested data support is broken.
+ */
+- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+- BIO_set_mem_eof_return(btmp, 0);
+- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++ if (os == NULL)
++ goto err;
++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
++ char *cont;
++ long contlen;
++ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++ if (btmp == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++ goto err;
++ }
++ contlen = BIO_get_mem_data(btmp, &cont);
++ /*
++ * Mark the BIO read only then we can use its copy of the data
++ * instead of making an extra copy.
++ */
++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++ BIO_set_mem_eof_return(btmp, 0);
++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++ }
+ }
+ ret = 1;
+ err:
+@@ -910,6 +959,16 @@
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7)) {
+ cert = p7->d.sign->cert;
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@
+ nid = OBJ_obj2nid(p7->type);
+
+ switch (cmd) {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed) {
+ ret = p7->detached = (int)larg;
+@@ -444,6 +445,8 @@
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7)) {
+ return (p7->d.sign->signer_info);
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/rsa/rsa_ameth.c
++++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
+@@ -698,9 +698,10 @@
+ RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+ return -1;
+ }
+- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
++ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+ /* Carry on */
+ return 2;
++ }
+ return -1;
+ }
+
+--- openssl-1.0.2/doc/crypto/d2i_X509.pod
++++ openssl-1.0.2/doc/crypto/d2i_X509.pod
+@@ -207,6 +207,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -233,7 +239,9 @@
+
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>.
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-1.0.2/ssl/d1_lib.c
++++ openssl-1.0.2/ssl/d1_lib.c
+@@ -543,6 +543,9 @@
+ {
+ int ret;
+
++ /* Ensure there is no state left over from a previous invocation */
++ SSL_clear(s);
++
+ SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ s->d1->listen = 1;
+
+--- openssl-1.0.2/ssl/s2_lib.c
++++ openssl-1.0.2/ssl/s2_lib.c
+@@ -493,7 +493,7 @@
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&ctx, &c, 1);
+--- openssl-1.0.2/ssl/s2_srvr.c
++++ openssl-1.0.2/ssl/s2_srvr.c
+@@ -454,11 +454,6 @@
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
+ return (-1);
+ }
+- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),
+- &(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+- RSA_PKCS1_PADDING);
+
+ is_export = SSL_C_IS_EXPORT(s->session->cipher);
+
+@@ -475,23 +470,61 @@
+ } else
+ ek = 5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ # if 1
+ /*
+ * If a bad decrypt, continue with protocol but with a random master
+ * secret (Bleichenbacher attack)
+ */
+- if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek)
+- || (s->s2->tmp.clear +
+- (unsigned int)i != (unsigned int)
+- EVP_CIPHER_key_length(c)))))) {
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ ERR_clear_error();
+ if (is_export)
+ i = ek;
+ else
+ i = EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p, i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ # else
+@@ -513,7 +546,7 @@
+ # endif
+
+ if (is_export)
+- i += s->s2->tmp.clear;
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+--- openssl-1.0.2/ssl/s3_pkt.c
++++ openssl-1.0.2/ssl/s3_pkt.c
+@@ -780,7 +780,7 @@
+
+ i = ssl3_write_pending(s, type, &buf[tot], nw);
+ if (i <= 0) {
+- if (i < 0) {
++ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+ OPENSSL_free(wb->buf);
+ wb->buf = NULL;
+ }
+--- openssl-1.0.2/ssl/s3_srvr.c
++++ openssl-1.0.2/ssl/s3_srvr.c
+@@ -2251,10 +2251,17 @@
+ if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ int idx = -1;
+ EVP_PKEY *skey = NULL;
+- if (n)
++ if (n) {
+ n2s(p, i);
+- else
++ } else {
++ if (alg_k & SSL_kDHE) {
++ al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
++ goto f_err;
++ }
+ i = 0;
++ }
+ if (n && n != i + 2) {
+ if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+--- openssl-1.0.2/ssl/t1_lib.c
++++ openssl-1.0.2/ssl/t1_lib.c
+@@ -2965,6 +2965,7 @@
+ if (s->cert->shared_sigalgs) {
+ OPENSSL_free(s->cert->shared_sigalgs);
+ s->cert->shared_sigalgs = NULL;
++ s->cert->shared_sigalgslen = 0;
+ }
+ /* Clear certificate digests and validity flags */
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+@@ -3618,6 +3619,7 @@
+ if (c->shared_sigalgs) {
+ OPENSSL_free(c->shared_sigalgs);
+ c->shared_sigalgs = NULL;
++ c->shared_sigalgslen = 0;
+ }
+ /* If client use client signature algorithms if not NULL */
+ if (!s->server && c->client_sigalgs && !is_suiteb) {
+@@ -3640,12 +3642,14 @@
+ preflen = c->peer_sigalgslen;
+ }
+ nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
+- if (!nmatch)
+- return 1;
+- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+- if (!salgs)
+- return 0;
+- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++ if (nmatch) {
++ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
++ if (!salgs)
++ return 0;
++ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++ } else {
++ salgs = NULL;
++ }
+ c->shared_sigalgs = salgs;
+ c->shared_sigalgslen = nmatch;
+ return 1;