diff options
| author | brad <> | 2006-10-05 18:42:29 +0000 |
|---|---|---|
| committer | brad <> | 2006-10-05 18:42:29 +0000 |
| commit | 1d20264fcecb551f6a52f5ef0d92b0a89bd89742 (patch) | |
| tree | fdc15f42791d34461193464de445bb5935403815 | |
| parent | dad0f915038c42085aac55b1821cfa9f4b290638 (diff) | |
| download | openbsd-OPENBSD_3_8.tar.gz openbsd-OPENBSD_3_8.tar.bz2 openbsd-OPENBSD_3_8.zip | |
MFC:OPENBSD_3_8
Fix by pvalchev@
openssl security fixes, diff from markus@, ok & "commit it" djm@
http://www.openssl.org/news/secadv_20060928.txt for more
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/tasn_dec.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dh/dh.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_err.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_key.c | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_err.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_eay.c | 44 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_err.c | 1 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s2_clnt.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 2 |
12 files changed, 84 insertions, 2 deletions
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 2426cb6253..617ca962cb 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c | |||
| @@ -628,6 +628,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl | |||
| 628 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); | 628 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); |
| 629 | return 0; | 629 | return 0; |
| 630 | } else if(ret == -1) return -1; | 630 | } else if(ret == -1) return -1; |
| 631 | |||
| 632 | ret = 0; | ||
| 631 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ | 633 | /* SEQUENCE, SET and "OTHER" are left in encoded form */ |
| 632 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { | 634 | if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { |
| 633 | /* Clear context cache for type OTHER because the auto clear when | 635 | /* Clear context cache for type OTHER because the auto clear when |
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h index d51dc130f4..c88f20aefb 100644 --- a/src/lib/libssl/src/crypto/dh/dh.h +++ b/src/lib/libssl/src/crypto/dh/dh.h | |||
| @@ -70,6 +70,8 @@ | |||
| 70 | #include <openssl/crypto.h> | 70 | #include <openssl/crypto.h> |
| 71 | #include <openssl/ossl_typ.h> | 71 | #include <openssl/ossl_typ.h> |
| 72 | 72 | ||
| 73 | #define OPENSSL_DH_MAX_MODULUS_BITS 10000 | ||
| 74 | |||
| 73 | #define DH_FLAG_CACHE_MONT_P 0x01 | 75 | #define DH_FLAG_CACHE_MONT_P 0x01 |
| 74 | 76 | ||
| 75 | #ifdef __cplusplus | 77 | #ifdef __cplusplus |
| @@ -200,6 +202,7 @@ void ERR_load_DH_strings(void); | |||
| 200 | /* Reason codes. */ | 202 | /* Reason codes. */ |
| 201 | #define DH_R_BAD_GENERATOR 101 | 203 | #define DH_R_BAD_GENERATOR 101 |
| 202 | #define DH_R_NO_PRIVATE_VALUE 100 | 204 | #define DH_R_NO_PRIVATE_VALUE 100 |
| 205 | #define DH_R_MODULUS_TOO_LARGE 103 | ||
| 203 | 206 | ||
| 204 | #ifdef __cplusplus | 207 | #ifdef __cplusplus |
| 205 | } | 208 | } |
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c index c2715044c9..346ed8cdc7 100644 --- a/src/lib/libssl/src/crypto/dh/dh_err.c +++ b/src/lib/libssl/src/crypto/dh/dh_err.c | |||
| @@ -79,6 +79,7 @@ static ERR_STRING_DATA DH_str_reasons[]= | |||
| 79 | { | 79 | { |
| 80 | {DH_R_BAD_GENERATOR ,"bad generator"}, | 80 | {DH_R_BAD_GENERATOR ,"bad generator"}, |
| 81 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, | 81 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, |
| 82 | {DH_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
| 82 | {0,NULL} | 83 | {0,NULL} |
| 83 | }; | 84 | }; |
| 84 | 85 | ||
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c index ff125c2296..51bfc76ca4 100644 --- a/src/lib/libssl/src/crypto/dh/dh_key.c +++ b/src/lib/libssl/src/crypto/dh/dh_key.c | |||
| @@ -164,6 +164,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 164 | BIGNUM *tmp; | 164 | BIGNUM *tmp; |
| 165 | int ret= -1; | 165 | int ret= -1; |
| 166 | 166 | ||
| 167 | if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) | ||
| 168 | { | ||
| 169 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); | ||
| 170 | return -1; | ||
| 171 | } | ||
| 172 | |||
| 167 | ctx = BN_CTX_new(); | 173 | ctx = BN_CTX_new(); |
| 168 | if (ctx == NULL) goto err; | 174 | if (ctx == NULL) goto err; |
| 169 | BN_CTX_start(ctx); | 175 | BN_CTX_start(ctx); |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h index 225ff391f9..3b0ebc2ee6 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa.h +++ b/src/lib/libssl/src/crypto/dsa/dsa.h | |||
| @@ -79,6 +79,8 @@ | |||
| 79 | # include <openssl/dh.h> | 79 | # include <openssl/dh.h> |
| 80 | #endif | 80 | #endif |
| 81 | 81 | ||
| 82 | #define OPENSSL_DSA_MAX_MODULUS_BITS 3072 | ||
| 83 | |||
| 82 | #define DSA_FLAG_CACHE_MONT_P 0x01 | 84 | #define DSA_FLAG_CACHE_MONT_P 0x01 |
| 83 | 85 | ||
| 84 | #if defined(OPENSSL_FIPS) | 86 | #if defined(OPENSSL_FIPS) |
| @@ -245,8 +247,10 @@ void ERR_load_DSA_strings(void); | |||
| 245 | #define DSA_F_SIG_CB 114 | 247 | #define DSA_F_SIG_CB 114 |
| 246 | 248 | ||
| 247 | /* Reason codes. */ | 249 | /* Reason codes. */ |
| 250 | #define DSA_R_BAD_Q_VALUE 102 | ||
| 248 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | 251 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 |
| 249 | #define DSA_R_MISSING_PARAMETERS 101 | 252 | #define DSA_R_MISSING_PARAMETERS 101 |
| 253 | #define DSA_R_MODULUS_TOO_LARGE 103 | ||
| 250 | 254 | ||
| 251 | #ifdef __cplusplus | 255 | #ifdef __cplusplus |
| 252 | } | 256 | } |
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c index 79aa4ff526..bf96765ccd 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c | |||
| @@ -85,8 +85,10 @@ static ERR_STRING_DATA DSA_str_functs[]= | |||
| 85 | 85 | ||
| 86 | static ERR_STRING_DATA DSA_str_reasons[]= | 86 | static ERR_STRING_DATA DSA_str_reasons[]= |
| 87 | { | 87 | { |
| 88 | {DSA_R_BAD_Q_VALUE ,"bad q value"}, | ||
| 88 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, | 89 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, |
| 89 | {DSA_R_MISSING_PARAMETERS ,"missing parameters"}, | 90 | {DSA_R_MISSING_PARAMETERS ,"missing parameters"}, |
| 91 | {DSA_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
| 90 | {0,NULL} | 92 | {0,NULL} |
| 91 | }; | 93 | }; |
| 92 | 94 | ||
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index f1a85afcde..dda7c3d7c9 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c | |||
| @@ -245,6 +245,18 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
| 245 | return -1; | 245 | return -1; |
| 246 | } | 246 | } |
| 247 | 247 | ||
| 248 | if (BN_num_bits(dsa->q) != 160) | ||
| 249 | { | ||
| 250 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); | ||
| 251 | return -1; | ||
| 252 | } | ||
| 253 | |||
| 254 | if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) | ||
| 255 | { | ||
| 256 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); | ||
| 257 | return -1; | ||
| 258 | } | ||
| 259 | |||
| 248 | BN_init(&u1); | 260 | BN_init(&u1); |
| 249 | BN_init(&u2); | 261 | BN_init(&u2); |
| 250 | BN_init(&t1); | 262 | BN_init(&t1); |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h index fc3bb5f86d..80554c1052 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa.h +++ b/src/lib/libssl/src/crypto/rsa/rsa.h | |||
| @@ -154,6 +154,11 @@ struct rsa_st | |||
| 154 | BN_BLINDING *blinding; | 154 | BN_BLINDING *blinding; |
| 155 | }; | 155 | }; |
| 156 | 156 | ||
| 157 | #define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | ||
| 158 | |||
| 159 | #define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | ||
| 160 | #define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */ | ||
| 161 | |||
| 157 | #define RSA_3 0x3L | 162 | #define RSA_3 0x3L |
| 158 | #define RSA_F4 0x10001L | 163 | #define RSA_F4 0x10001L |
| 159 | 164 | ||
| @@ -347,6 +352,7 @@ void ERR_load_RSA_strings(void); | |||
| 347 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 | 352 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 |
| 348 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | 353 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 |
| 349 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 354 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
| 355 | #define RSA_R_MODULUS_TOO_LARGE 105 | ||
| 350 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 356 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 351 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 357 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
| 352 | #define RSA_R_OAEP_DECODING_ERROR 121 | 358 | #define RSA_R_OAEP_DECODING_ERROR 121 |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index d4caab3f95..94a278d1f0 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c | |||
| @@ -259,6 +259,28 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 259 | BN_init(&f); | 259 | BN_init(&f); |
| 260 | BN_init(&ret); | 260 | BN_init(&ret); |
| 261 | 261 | ||
| 262 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 263 | { | ||
| 264 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 265 | return -1; | ||
| 266 | } | ||
| 267 | |||
| 268 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 269 | { | ||
| 270 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 271 | return -1; | ||
| 272 | } | ||
| 273 | |||
| 274 | /* for large moduli, enforce exponent limit */ | ||
| 275 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 276 | { | ||
| 277 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 278 | { | ||
| 279 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 280 | return -1; | ||
| 281 | } | ||
| 282 | } | ||
| 283 | |||
| 262 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 284 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 263 | num=BN_num_bytes(rsa->n); | 285 | num=BN_num_bytes(rsa->n); |
| 264 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | 286 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| @@ -504,6 +526,28 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | |||
| 504 | unsigned char *buf=NULL; | 526 | unsigned char *buf=NULL; |
| 505 | BN_CTX *ctx=NULL; | 527 | BN_CTX *ctx=NULL; |
| 506 | 528 | ||
| 529 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 530 | { | ||
| 531 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 532 | return -1; | ||
| 533 | } | ||
| 534 | |||
| 535 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 536 | { | ||
| 537 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
| 538 | return -1; | ||
| 539 | } | ||
| 540 | |||
| 541 | /* for large moduli, enforce exponent limit */ | ||
| 542 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 543 | { | ||
| 544 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 545 | { | ||
| 546 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); | ||
| 547 | return -1; | ||
| 548 | } | ||
| 549 | } | ||
| 550 | |||
| 507 | BN_init(&f); | 551 | BN_init(&f); |
| 508 | BN_init(&ret); | 552 | BN_init(&ret); |
| 509 | ctx=BN_CTX_new(); | 553 | ctx=BN_CTX_new(); |
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c index a7766c3b76..8221a921e7 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_err.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c | |||
| @@ -116,6 +116,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
| 116 | {RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, | 116 | {RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, |
| 117 | {RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, | 117 | {RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, |
| 118 | {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, | 118 | {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, |
| 119 | {RSA_R_MODULUS_TOO_LARGE ,"modulus too large"}, | ||
| 119 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, | 120 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, |
| 120 | {RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, | 121 | {RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, |
| 121 | {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, | 122 | {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, |
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index c67829f495..2aec31e4de 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c | |||
| @@ -538,7 +538,8 @@ static int get_server_hello(SSL *s) | |||
| 538 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); | 538 | CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); |
| 539 | } | 539 | } |
| 540 | 540 | ||
| 541 | if (s->session->peer != s->session->sess_cert->peer_key->x509) | 541 | if (s->session->sess_cert == NULL || |
| 542 | s->session->peer != s->session->sess_cert->peer_key->x509) | ||
| 542 | /* can't happen */ | 543 | /* can't happen */ |
| 543 | { | 544 | { |
| 544 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); | 545 | ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 631229558f..ad4076aa12 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1167,7 +1167,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
| 1167 | c=sk_SSL_CIPHER_value(sk,i); | 1167 | c=sk_SSL_CIPHER_value(sk,i); |
| 1168 | for (cp=c->name; *cp; ) | 1168 | for (cp=c->name; *cp; ) |
| 1169 | { | 1169 | { |
| 1170 | if (len-- == 0) | 1170 | if (len-- <= 0) |
| 1171 | { | 1171 | { |
| 1172 | *p='\0'; | 1172 | *p='\0'; |
| 1173 | return(buf); | 1173 | return(buf); |