diff options
| author | tedu <> | 2015-03-19 14:00:22 +0000 |
|---|---|---|
| committer | tedu <> | 2015-03-19 14:00:22 +0000 |
| commit | 325847dec91a0775a2c9806147ab783c0737cc84 (patch) | |
| tree | e1849327a9d18d917e7698c775d31f7ae7c4e34f /src/lib/libcrypto/ec | |
| parent | 5018b21486fe3d91084c0d32a86d1240d832e25e (diff) | |
| download | openbsd-325847dec91a0775a2c9806147ab783c0737cc84.tar.gz openbsd-325847dec91a0775a2c9806147ab783c0737cc84.tar.bz2 openbsd-325847dec91a0775a2c9806147ab783c0737cc84.zip | |
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
Refer to https://www.openssl.org/news/secadv_20150319.txt
joint work with beck, doug, guenther, jsing, miod
Diffstat (limited to 'src/lib/libcrypto/ec')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_asn1.c | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c index c0ef6f40e4..f01008ec43 100644 --- a/src/lib/libcrypto/ec/ec_asn1.c +++ b/src/lib/libcrypto/ec/ec_asn1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */ | 1 | /* $OpenBSD: ec_asn1.c,v 1.13 2015/03/19 14:00:22 tedu Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) | |||
| 999 | 999 | ||
| 1000 | if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { | 1000 | if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { |
| 1001 | ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); | 1001 | ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); |
| 1002 | ECPKPARAMETERS_free(params); | 1002 | goto err; |
| 1003 | return NULL; | ||
| 1004 | } | 1003 | } |
| 1005 | if ((group = ec_asn1_pkparameters2group(params)) == NULL) { | 1004 | if ((group = ec_asn1_pkparameters2group(params)) == NULL) { |
| 1006 | ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); | 1005 | ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); |
| 1007 | ECPKPARAMETERS_free(params); | 1006 | goto err; |
| 1008 | return NULL; | ||
| 1009 | } | 1007 | } |
| 1010 | if (a && *a) | 1008 | |
| 1009 | if (a != NULL) { | ||
| 1011 | EC_GROUP_clear_free(*a); | 1010 | EC_GROUP_clear_free(*a); |
| 1012 | if (a) | ||
| 1013 | *a = group; | 1011 | *a = group; |
| 1012 | } | ||
| 1014 | 1013 | ||
| 1014 | err: | ||
| 1015 | ECPKPARAMETERS_free(params); | 1015 | ECPKPARAMETERS_free(params); |
| 1016 | return (group); | 1016 | return (group); |
| 1017 | } | 1017 | } |
| @@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) | |||
| 1039 | EC_KEY * | 1039 | EC_KEY * |
| 1040 | d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) | 1040 | d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) |
| 1041 | { | 1041 | { |
| 1042 | int ok = 0; | ||
| 1043 | EC_KEY *ret = NULL; | 1042 | EC_KEY *ret = NULL; |
| 1044 | EC_PRIVATEKEY *priv_key = NULL; | 1043 | EC_PRIVATEKEY *priv_key = NULL; |
| 1045 | 1044 | ||
| @@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) | |||
| 1054 | } | 1053 | } |
| 1055 | if (a == NULL || *a == NULL) { | 1054 | if (a == NULL || *a == NULL) { |
| 1056 | if ((ret = EC_KEY_new()) == NULL) { | 1055 | if ((ret = EC_KEY_new()) == NULL) { |
| 1057 | ECerr(EC_F_D2I_ECPRIVATEKEY, | 1056 | ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 1058 | ERR_R_MALLOC_FAILURE); | ||
| 1059 | goto err; | 1057 | goto err; |
| 1060 | } | 1058 | } |
| 1061 | if (a) | ||
| 1062 | *a = ret; | ||
| 1063 | } else | 1059 | } else |
| 1064 | ret = *a; | 1060 | ret = *a; |
| 1065 | 1061 | ||
| @@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) | |||
| 1109 | goto err; | 1105 | goto err; |
| 1110 | } | 1106 | } |
| 1111 | } | 1107 | } |
| 1112 | ok = 1; | 1108 | |
| 1109 | EC_PRIVATEKEY_free(priv_key); | ||
| 1110 | if (a != NULL) | ||
| 1111 | *a = ret; | ||
| 1112 | return (ret); | ||
| 1113 | |||
| 1113 | err: | 1114 | err: |
| 1114 | if (!ok) { | 1115 | if (a == NULL || *a != ret) |
| 1115 | if (ret) | 1116 | EC_KEY_free(ret); |
| 1116 | EC_KEY_free(ret); | ||
| 1117 | ret = NULL; | ||
| 1118 | } | ||
| 1119 | if (priv_key) | 1117 | if (priv_key) |
| 1120 | EC_PRIVATEKEY_free(priv_key); | 1118 | EC_PRIVATEKEY_free(priv_key); |
| 1121 | 1119 | ||
| 1122 | return (ret); | 1120 | return (NULL); |
| 1123 | } | 1121 | } |
| 1124 | 1122 | ||
| 1125 | int | 1123 | int |
| @@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) | |||
| 1232 | ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); | 1230 | ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); |
| 1233 | return NULL; | 1231 | return NULL; |
| 1234 | } | 1232 | } |
| 1235 | if (a) | ||
| 1236 | *a = ret; | ||
| 1237 | } else | 1233 | } else |
| 1238 | ret = *a; | 1234 | ret = *a; |
| 1239 | 1235 | ||
| @@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) | |||
| 1241 | ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); | 1237 | ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); |
| 1242 | return NULL; | 1238 | return NULL; |
| 1243 | } | 1239 | } |
| 1240 | |||
| 1241 | if (a != NULL) | ||
| 1242 | *a = ret; | ||
| 1244 | return ret; | 1243 | return ret; |
| 1245 | } | 1244 | } |
| 1246 | 1245 | ||