summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrad <>2006-10-05 18:42:29 +0000
committerbrad <>2006-10-05 18:42:29 +0000
commit1d20264fcecb551f6a52f5ef0d92b0a89bd89742 (patch)
treefdc15f42791d34461193464de445bb5935403815
parentdad0f915038c42085aac55b1821cfa9f4b290638 (diff)
downloadopenbsd-OPENBSD_3_8.tar.gz
openbsd-OPENBSD_3_8.tar.bz2
openbsd-OPENBSD_3_8.zip
Fix by pvalchev@ openssl security fixes, diff from markus@, ok & "commit it" djm@ http://www.openssl.org/news/secadv_20060928.txt for more
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c2
-rw-r--r--src/lib/libssl/src/crypto/dh/dh.h3
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_err.c1
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_key.c6
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa.h4
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_err.c2
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_ossl.c12
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa.h6
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_eay.c44
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_err.c1
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c3
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c2
12 files changed, 84 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 2426cb6253..617ca962cb 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -628,6 +628,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
628 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); 628 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
629 return 0; 629 return 0;
630 } else if(ret == -1) return -1; 630 } else if(ret == -1) return -1;
631
632 ret = 0;
631 /* SEQUENCE, SET and "OTHER" are left in encoded form */ 633 /* SEQUENCE, SET and "OTHER" are left in encoded form */
632 if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { 634 if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
633 /* Clear context cache for type OTHER because the auto clear when 635 /* Clear context cache for type OTHER because the auto clear when
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index d51dc130f4..c88f20aefb 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -70,6 +70,8 @@
70#include <openssl/crypto.h> 70#include <openssl/crypto.h>
71#include <openssl/ossl_typ.h> 71#include <openssl/ossl_typ.h>
72 72
73#define OPENSSL_DH_MAX_MODULUS_BITS 10000
74
73#define DH_FLAG_CACHE_MONT_P 0x01 75#define DH_FLAG_CACHE_MONT_P 0x01
74 76
75#ifdef __cplusplus 77#ifdef __cplusplus
@@ -200,6 +202,7 @@ void ERR_load_DH_strings(void);
200/* Reason codes. */ 202/* Reason codes. */
201#define DH_R_BAD_GENERATOR 101 203#define DH_R_BAD_GENERATOR 101
202#define DH_R_NO_PRIVATE_VALUE 100 204#define DH_R_NO_PRIVATE_VALUE 100
205#define DH_R_MODULUS_TOO_LARGE 103
203 206
204#ifdef __cplusplus 207#ifdef __cplusplus
205} 208}
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c
index c2715044c9..346ed8cdc7 100644
--- a/src/lib/libssl/src/crypto/dh/dh_err.c
+++ b/src/lib/libssl/src/crypto/dh/dh_err.c
@@ -79,6 +79,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
79 { 79 {
80{DH_R_BAD_GENERATOR ,"bad generator"}, 80{DH_R_BAD_GENERATOR ,"bad generator"},
81{DH_R_NO_PRIVATE_VALUE ,"no private value"}, 81{DH_R_NO_PRIVATE_VALUE ,"no private value"},
82{DH_R_MODULUS_TOO_LARGE ,"modulus too large"},
82{0,NULL} 83{0,NULL}
83 }; 84 };
84 85
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index ff125c2296..51bfc76ca4 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -164,6 +164,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
164 BIGNUM *tmp; 164 BIGNUM *tmp;
165 int ret= -1; 165 int ret= -1;
166 166
167 if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
168 {
169 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
170 return -1;
171 }
172
167 ctx = BN_CTX_new(); 173 ctx = BN_CTX_new();
168 if (ctx == NULL) goto err; 174 if (ctx == NULL) goto err;
169 BN_CTX_start(ctx); 175 BN_CTX_start(ctx);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 225ff391f9..3b0ebc2ee6 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -79,6 +79,8 @@
79# include <openssl/dh.h> 79# include <openssl/dh.h>
80#endif 80#endif
81 81
82#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
83
82#define DSA_FLAG_CACHE_MONT_P 0x01 84#define DSA_FLAG_CACHE_MONT_P 0x01
83 85
84#if defined(OPENSSL_FIPS) 86#if defined(OPENSSL_FIPS)
@@ -245,8 +247,10 @@ void ERR_load_DSA_strings(void);
245#define DSA_F_SIG_CB 114 247#define DSA_F_SIG_CB 114
246 248
247/* Reason codes. */ 249/* Reason codes. */
250#define DSA_R_BAD_Q_VALUE 102
248#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 251#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
249#define DSA_R_MISSING_PARAMETERS 101 252#define DSA_R_MISSING_PARAMETERS 101
253#define DSA_R_MODULUS_TOO_LARGE 103
250 254
251#ifdef __cplusplus 255#ifdef __cplusplus
252} 256}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
index 79aa4ff526..bf96765ccd 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -85,8 +85,10 @@ static ERR_STRING_DATA DSA_str_functs[]=
85 85
86static ERR_STRING_DATA DSA_str_reasons[]= 86static ERR_STRING_DATA DSA_str_reasons[]=
87 { 87 {
88{DSA_R_BAD_Q_VALUE ,"bad q value"},
88{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 89{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
89{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, 90{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
91{DSA_R_MODULUS_TOO_LARGE ,"modulus too large"},
90{0,NULL} 92{0,NULL}
91 }; 93 };
92 94
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index f1a85afcde..dda7c3d7c9 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -245,6 +245,18 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
245 return -1; 245 return -1;
246 } 246 }
247 247
248 if (BN_num_bits(dsa->q) != 160)
249 {
250 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
251 return -1;
252 }
253
254 if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
255 {
256 DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
257 return -1;
258 }
259
248 BN_init(&u1); 260 BN_init(&u1);
249 BN_init(&u2); 261 BN_init(&u2);
250 BN_init(&t1); 262 BN_init(&t1);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index fc3bb5f86d..80554c1052 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -154,6 +154,11 @@ struct rsa_st
154 BN_BLINDING *blinding; 154 BN_BLINDING *blinding;
155 }; 155 };
156 156
157#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
158
159#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
160#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
161
157#define RSA_3 0x3L 162#define RSA_3 0x3L
158#define RSA_F4 0x10001L 163#define RSA_F4 0x10001L
159 164
@@ -347,6 +352,7 @@ void ERR_load_RSA_strings(void);
347#define RSA_R_INVALID_MESSAGE_LENGTH 131 352#define RSA_R_INVALID_MESSAGE_LENGTH 131
348#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 353#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
349#define RSA_R_KEY_SIZE_TOO_SMALL 120 354#define RSA_R_KEY_SIZE_TOO_SMALL 120
355#define RSA_R_MODULUS_TOO_LARGE 105
350#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 356#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
351#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 357#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
352#define RSA_R_OAEP_DECODING_ERROR 121 358#define RSA_R_OAEP_DECODING_ERROR 121
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index d4caab3f95..94a278d1f0 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -259,6 +259,28 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
259 BN_init(&f); 259 BN_init(&f);
260 BN_init(&ret); 260 BN_init(&ret);
261 261
262 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
263 {
264 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
265 return -1;
266 }
267
268 if (BN_ucmp(rsa->n, rsa->e) <= 0)
269 {
270 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
271 return -1;
272 }
273
274 /* for large moduli, enforce exponent limit */
275 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
276 {
277 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
278 {
279 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
280 return -1;
281 }
282 }
283
262 if ((ctx=BN_CTX_new()) == NULL) goto err; 284 if ((ctx=BN_CTX_new()) == NULL) goto err;
263 num=BN_num_bytes(rsa->n); 285 num=BN_num_bytes(rsa->n);
264 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) 286 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
@@ -504,6 +526,28 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
504 unsigned char *buf=NULL; 526 unsigned char *buf=NULL;
505 BN_CTX *ctx=NULL; 527 BN_CTX *ctx=NULL;
506 528
529 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
530 {
531 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
532 return -1;
533 }
534
535 if (BN_ucmp(rsa->n, rsa->e) <= 0)
536 {
537 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
538 return -1;
539 }
540
541 /* for large moduli, enforce exponent limit */
542 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
543 {
544 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
545 {
546 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
547 return -1;
548 }
549 }
550
507 BN_init(&f); 551 BN_init(&f);
508 BN_init(&ret); 552 BN_init(&ret);
509 ctx=BN_CTX_new(); 553 ctx=BN_CTX_new();
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
index a7766c3b76..8221a921e7 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -116,6 +116,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
116{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, 116{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},
117{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, 117{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
118{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, 118{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
119{RSA_R_MODULUS_TOO_LARGE ,"modulus too large"},
119{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, 120{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
120{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, 121{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"},
121{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, 122{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index c67829f495..2aec31e4de 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -538,7 +538,8 @@ static int get_server_hello(SSL *s)
538 CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); 538 CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
539 } 539 }
540 540
541 if (s->session->peer != s->session->sess_cert->peer_key->x509) 541 if (s->session->sess_cert == NULL ||
542 s->session->peer != s->session->sess_cert->peer_key->x509)
542 /* can't happen */ 543 /* can't happen */
543 { 544 {
544 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); 545 ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 631229558f..ad4076aa12 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1167,7 +1167,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1167 c=sk_SSL_CIPHER_value(sk,i); 1167 c=sk_SSL_CIPHER_value(sk,i);
1168 for (cp=c->name; *cp; ) 1168 for (cp=c->name; *cp; )
1169 { 1169 {
1170 if (len-- == 0) 1170 if (len-- <= 0)
1171 { 1171 {
1172 *p='\0'; 1172 *p='\0';
1173 return(buf); 1173 return(buf);