diff options
author | brad <> | 2006-10-05 18:42:29 +0000 |
---|---|---|
committer | brad <> | 2006-10-05 18:42:29 +0000 |
commit | 1d20264fcecb551f6a52f5ef0d92b0a89bd89742 (patch) | |
tree | fdc15f42791d34461193464de445bb5935403815 | |
parent | dad0f915038c42085aac55b1821cfa9f4b290638 (diff) | |
download | openbsd-OPENBSD_3_8.tar.gz openbsd-OPENBSD_3_8.tar.bz2 openbsd-OPENBSD_3_8.zip |
MFC:OPENBSD_3_8
Fix by pvalchev@
openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more
-rw-r--r-- | src/lib/libssl/src/crypto/asn1/tasn_dec.c | 2 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dh/dh.h | 3 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_err.c | 1 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_key.c | 6 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa.h | 4 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_err.c | 2 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 12 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa.h | 6 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_eay.c | 44 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_err.c | 1 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/s2_clnt.c | 3 | ||||
-rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 2 |
12 files changed, 84 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 2426cb6253..617ca962cb 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
@@ -628,6 +628,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl | |||
628 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); | 628 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); |
629 | return 0; | 629 | return 0; |
630 | } else if(ret == -1) return -1; | 630 | } else if(ret == -1) return -1; |
631 | |||
632 | ret = 0; | ||
631 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ | 633 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ |
632 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { | 634 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { |
633 | /* Clear context cache for type OTHER because the auto clear when | 635 | /* Clear context cache for type OTHER because the auto clear when |
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h index d51dc130f4..c88f20aefb 100644 --- a/src/lib/libssl/src/crypto/dh/dh.h +++ b/src/lib/libssl/src/crypto/dh/dh.h | |||
@@ -70,6 +70,8 @@ | |||
70 | #include <openssl/crypto.h> | 70 | #include <openssl/crypto.h> |
71 | #include <openssl/ossl_typ.h> | 71 | #include <openssl/ossl_typ.h> |
72 | 72 | ||
73 | #define OPENSSL_DH_MAX_MODULUS_BITS 10000 | ||
74 | |||
73 | #define DH_FLAG_CACHE_MONT_P 0x01 | 75 | #define DH_FLAG_CACHE_MONT_P 0x01 |
74 | 76 | ||
75 | #ifdef __cplusplus | 77 | #ifdef __cplusplus |
@@ -200,6 +202,7 @@ void ERR_load_DH_strings(void); | |||
200 | /* Reason codes. */ | 202 | /* Reason codes. */ |
201 | #define DH_R_BAD_GENERATOR 101 | 203 | #define DH_R_BAD_GENERATOR 101 |
202 | #define DH_R_NO_PRIVATE_VALUE 100 | 204 | #define DH_R_NO_PRIVATE_VALUE 100 |
205 | #define DH_R_MODULUS_TOO_LARGE 103 | ||
203 | 206 | ||
204 | #ifdef __cplusplus | 207 | #ifdef __cplusplus |
205 | } | 208 | } |
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c index c2715044c9..346ed8cdc7 100644 --- a/src/lib/libssl/src/crypto/dh/dh_err.c +++ b/src/lib/libssl/src/crypto/dh/dh_err.c | |||
@@ -79,6 +79,7 @@ static ERR_STRING_DATA DH_str_reasons[]= | |||
79 | { | 79 | { |
80 | {DH_R_BAD_GENERATOR ,"bad generator"}, | 80 | {DH_R_BAD_GENERATOR ,"bad generator"}, |
81 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, | 81 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, |
82 | {DH_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
82 | {0,NULL} | 83 | {0,NULL} |
83 | }; | 84 | }; |
84 | 85 | ||
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c index ff125c2296..51bfc76ca4 100644 --- a/src/lib/libssl/src/crypto/dh/dh_key.c +++ b/src/lib/libssl/src/crypto/dh/dh_key.c | |||
@@ -164,6 +164,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
164 | BIGNUM *tmp; | 164 | BIGNUM *tmp; |
165 | int ret= -1; | 165 | int ret= -1; |
166 | 166 | ||
167 | if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) | ||
168 | { | ||
169 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); | ||
170 | return -1; | ||
171 | } | ||
172 | |||
167 | ctx = BN_CTX_new(); | 173 | ctx = BN_CTX_new(); |
168 | if (ctx == NULL) goto err; | 174 | if (ctx == NULL) goto err; |
169 | BN_CTX_start(ctx); | 175 | BN_CTX_start(ctx); |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h index 225ff391f9..3b0ebc2ee6 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa.h +++ b/src/lib/libssl/src/crypto/dsa/dsa.h | |||
@@ -79,6 +79,8 @@ | |||
79 | # include <openssl/dh.h> | 79 | # include <openssl/dh.h> |
80 | #endif | 80 | #endif |
81 | 81 | ||
82 | #define OPENSSL_DSA_MAX_MODULUS_BITS 3072 | ||
83 | |||
82 | #define DSA_FLAG_CACHE_MONT_P 0x01 | 84 | #define DSA_FLAG_CACHE_MONT_P 0x01 |
83 | 85 | ||
84 | #if defined(OPENSSL_FIPS) | 86 | #if defined(OPENSSL_FIPS) |
@@ -245,8 +247,10 @@ void ERR_load_DSA_strings(void); | |||
245 | #define DSA_F_SIG_CB 114 | 247 | #define DSA_F_SIG_CB 114 |
246 | 248 | ||
247 | /* Reason codes. */ | 249 | /* Reason codes. */ |
250 | #define DSA_R_BAD_Q_VALUE 102 | ||
248 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | 251 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 |
249 | #define DSA_R_MISSING_PARAMETERS 101 | 252 | #define DSA_R_MISSING_PARAMETERS 101 |
253 | #define DSA_R_MODULUS_TOO_LARGE 103 | ||
250 | 254 | ||
251 | #ifdef __cplusplus | 255 | #ifdef __cplusplus |
252 | } | 256 | } |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c index 79aa4ff526..bf96765ccd 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c | |||
@@ -85,8 +85,10 @@ static ERR_STRING_DATA DSA_str_functs[]= | |||
85 | 85 | ||
86 | static ERR_STRING_DATA DSA_str_reasons[]= | 86 | static ERR_STRING_DATA DSA_str_reasons[]= |
87 | { | 87 | { |
88 | {DSA_R_BAD_Q_VALUE ,"bad q value"}, | ||
88 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, | 89 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, |
89 | {DSA_R_MISSING_PARAMETERS ,"missing parameters"}, | 90 | {DSA_R_MISSING_PARAMETERS ,"missing parameters"}, |
91 | {DSA_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
90 | {0,NULL} | 92 | {0,NULL} |
91 | }; | 93 | }; |
92 | 94 | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index f1a85afcde..dda7c3d7c9 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c | |||
@@ -245,6 +245,18 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
245 | return -1; | 245 | return -1; |
246 | } | 246 | } |
247 | 247 | ||
248 | if (BN_num_bits(dsa->q) != 160) | ||
249 | { | ||
250 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); | ||
251 | return -1; | ||
252 | } | ||
253 | |||
254 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) | ||
255 | { | ||
256 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); | ||
257 | return -1; | ||
258 | } | ||
259 | |||
248 | BN_init(&u1); | 260 | BN_init(&u1); |
249 | BN_init(&u2); | 261 | BN_init(&u2); |
250 | BN_init(&t1); | 262 | BN_init(&t1); |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h index fc3bb5f86d..80554c1052 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa.h +++ b/src/lib/libssl/src/crypto/rsa/rsa.h | |||
@@ -154,6 +154,11 @@ struct rsa_st | |||
154 | BN_BLINDING *blinding; | 154 | BN_BLINDING *blinding; |
155 | }; | 155 | }; |
156 | 156 | ||
157 | #define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
158 | |||
159 | #define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | ||
160 | #define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */ | ||
161 | |||
157 | #define RSA_3 0x3L | 162 | #define RSA_3 0x3L |
158 | #define RSA_F4 0x10001L | 163 | #define RSA_F4 0x10001L |
159 | 164 | ||
@@ -347,6 +352,7 @@ void ERR_load_RSA_strings(void); | |||
347 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 | 352 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 |
348 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | 353 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 |
349 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 354 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
355 | #define RSA_R_MODULUS_TOO_LARGE 105 | ||
350 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 356 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
351 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 357 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
352 | #define RSA_R_OAEP_DECODING_ERROR 121 | 358 | #define RSA_R_OAEP_DECODING_ERROR 121 |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index d4caab3f95..94a278d1f0 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c | |||
@@ -259,6 +259,28 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
259 | BN_init(&f); | 259 | BN_init(&f); |
260 | BN_init(&ret); | 260 | BN_init(&ret); |
261 | 261 | ||
262 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
263 | { | ||
264 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
265 | return -1; | ||
266 | } | ||
267 | |||
268 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
269 | { | ||
270 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
271 | return -1; | ||
272 | } | ||
273 | |||
274 | /* for large moduli, enforce exponent limit */ | ||
275 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
276 | { | ||
277 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
278 | { | ||
279 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
280 | return -1; | ||
281 | } | ||
282 | } | ||
283 | |||
262 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 284 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
263 | num=BN_num_bytes(rsa->n); | 285 | num=BN_num_bytes(rsa->n); |
264 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 286 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
@@ -504,6 +526,28 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
504 | unsigned char *buf=NULL; | 526 | unsigned char *buf=NULL; |
505 | BN_CTX *ctx=NULL; | 527 | BN_CTX *ctx=NULL; |
506 | 528 | ||
529 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
530 | { | ||
531 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
532 | return -1; | ||
533 | } | ||
534 | |||
535 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
536 | { | ||
537 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
538 | return -1; | ||
539 | } | ||
540 | |||
541 | /* for large moduli, enforce exponent limit */ | ||
542 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
543 | { | ||
544 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
545 | { | ||
546 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
547 | return -1; | ||
548 | } | ||
549 | } | ||
550 | |||
507 | BN_init(&f); | 551 | BN_init(&f); |
508 | BN_init(&ret); | 552 | BN_init(&ret); |
509 | ctx=BN_CTX_new(); | 553 | ctx=BN_CTX_new(); |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c index a7766c3b76..8221a921e7 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_err.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c | |||
@@ -116,6 +116,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
116 | {RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, | 116 | {RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, |
117 | {RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, | 117 | {RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, |
118 | {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, | 118 | {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, |
119 | {RSA_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
119 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, | 120 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, |
120 | {RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, | 121 | {RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, |
121 | {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, | 122 | {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, |
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index c67829f495..2aec31e4de 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c | |||
@@ -538,7 +538,8 @@ static int get_server_hello(SSL *s) | |||
538 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); | 538 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); |
539 | } | 539 | } |
540 | 540 | ||
541 | if (s->session->peer != s->session->sess_cert->peer_key->x509) | 541 | if (s->session->sess_cert == NULL || |
542 | s->session->peer != s->session->sess_cert->peer_key->x509) | ||
542 | /* can't happen */ | 543 | /* can't happen */ |
543 | { | 544 | { |
544 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | 545 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 631229558f..ad4076aa12 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
@@ -1167,7 +1167,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
1167 | c=sk_SSL_CIPHER_value(sk,i); | 1167 | c=sk_SSL_CIPHER_value(sk,i); |
1168 | for (cp=c->name; *cp; ) | 1168 | for (cp=c->name; *cp; ) |
1169 | { | 1169 | { |
1170 | if (len-- == 0) | 1170 | if (len-- <= 0) |
1171 | { | 1171 | { |
1172 | *p='\0'; | 1172 | *p='\0'; |
1173 | return(buf); | 1173 | return(buf); |