rpms / openssl098e

Clone
Source Code
GIT

Blame SOURCES/openssl-fips-0.9.8e-cve-2015-0293.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   5820f55c83d296decb4f8def2db1aa47ac8b3e88
  2.   SOURCES
  3.   openssl-fips-0.9.8e-cve-2015-0293.patch
Blob History Raw
5820f5 
diff -up openssl-fips-0.9.8e/ssl/s2_lib.c.ssl2-assert openssl-fips-0.9.8e/ssl/s2_lib.c
5820f5 
--- openssl-fips-0.9.8e/ssl/s2_lib.c.ssl2-assert	2015-04-01 12:41:28.023403066 +0200
5820f5 
+++ openssl-fips-0.9.8e/ssl/s2_lib.c	2015-04-02 15:29:37.468346462 +0200
5820f5 
@@ -410,7 +410,7 @@ int ssl2_generate_key_material(SSL *s)
5820f5
5820f5 
 		OPENSSL_assert(s->session->master_key_length >= 0
5820f5 
 		    && s->session->master_key_length
5820f5 
-		    < (int)sizeof(s->session->master_key));
5820f5 
+		    <= (int)sizeof(s->session->master_key));
5820f5 
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
5820f5 
 		EVP_DigestUpdate(&ctx,&c,1);
5820f5 
 		c++;
5820f5 
diff -up openssl-fips-0.9.8e/ssl/s2_srvr.c.ssl2-assert openssl-fips-0.9.8e/ssl/s2_srvr.c
5820f5 
--- openssl-fips-0.9.8e/ssl/s2_srvr.c.ssl2-assert	2015-04-01 12:41:27.950401420 +0200
5820f5 
+++ openssl-fips-0.9.8e/ssl/s2_srvr.c	2015-04-02 15:33:51.109049368 +0200
5820f5 
@@ -363,7 +363,8 @@ end:
5820f5
5820f5 
 static int get_client_master_key(SSL *s)
5820f5 
 	{
5820f5 
-	int is_export,i,n,keya,ek;
5820f5 
+	int is_export,i,n,keya;
5820f5 
+	unsigned int ek;
5820f5 
 	unsigned long len;
5820f5 
 	unsigned char *p;
5820f5 
 	SSL_CIPHER *cp;
5820f5 
@@ -445,9 +446,6 @@ static int get_client_master_key(SSL *s)
5820f5 
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
5820f5 
 		return(-1);
5820f5 
 		}
5820f5 
-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
5820f5 
-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
5820f5 
-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
5820f5
5820f5 
 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
5820f5
5820f5 
@@ -466,21 +464,61 @@ static int get_client_master_key(SSL *s)
5820f5 
 	else
5820f5 
 		ek=5;
5820f5
5820f5 
+	/*
5820f5 
+	 * The format of the CLIENT-MASTER-KEY message is
5820f5 
+	 * 1 byte message type
5820f5 
+	 * 3 bytes cipher
5820f5 
+	 * 2-byte clear key length (stored in s->s2->tmp.clear)
5820f5 
+	 * 2-byte encrypted key length (stored in s->s2->tmp.enc)
5820f5 
+	 * 2-byte key args length (IV etc)
5820f5 
+	 * clear key
5820f5 
+	 * encrypted key
5820f5 
+	 * key args
5820f5 
+	 *
5820f5 
+	 * If the cipher is an export cipher, then the encrypted key bytes
5820f5 
+	 * are a fixed portion of the total key (5 or 8 bytes). The size of
5820f5 
+	 * this portion is in |ek|. If the cipher is not an export cipher,
5820f5 
+	 * then the entire key material is encrypted (i.e., clear key length
5820f5 
+	 * must be zero).
5820f5 
+	 */
5820f5 
+	 if ((!is_export && s->s2->tmp.clear != 0) ||
5820f5 
+		(is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c)))
5820f5 
+		{
5820f5 
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
5820f5 
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
5820f5 
+		return -1;
5820f5 
+		}
5820f5 
+	/*
5820f5 
+	 * The encrypted blob must decrypt to the encrypted portion of the key.
5820f5 
+	 * Decryption can't be expanding, so if we don't have enough encrypted
5820f5 
+	 * bytes to fit the key in the buffer, stop now.
5820f5 
+	 */
5820f5 
+	if ((is_export && s->s2->tmp.enc < ek) ||
5820f5 
+		(!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c)))
5820f5 
+		{
5820f5 
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
5820f5 
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
5820f5 
+		return -1;
5820f5 
+		}
5820f5 
+
5820f5 
+	i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
5820f5 
+		&(p[s->s2->tmp.clear]),
5820f5 
+		&(p[s->s2->tmp.clear]),
5820f5 
+		(s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING);
5820f5 
+
5820f5 
 	/* bad decrypt */
5820f5 
 #if 1
5820f5 
 	/* If a bad decrypt, continue with protocol but with a
5820f5 
 	 * random master secret (Bleichenbacher attack) */
5820f5 
-	if ((i < 0) ||
5820f5 
-		((!is_export && (i != EVP_CIPHER_key_length(c)))
5820f5 
-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
5820f5 
-			(unsigned int)EVP_CIPHER_key_length(c))))))
5820f5 
+	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
5820f5 
+		|| (is_export && i != (int)ek)))
5820f5 
 		{
5820f5 
 		ERR_clear_error();
5820f5 
 		if (is_export)
5820f5 
 			i=ek;
5820f5 
 		else
5820f5 
 			i=EVP_CIPHER_key_length(c);
5820f5 
-		if (RAND_pseudo_bytes(p,i) <= 0)
5820f5 
+		if (RAND_pseudo_bytes(&p[s->s2->tmp.clear],i) <= 0)
5820f5 
 			return 0;
5820f5 
 		}
5820f5 
 #else
5820f5 
@@ -504,7 +542,8 @@ static int get_client_master_key(SSL *s)
5820f5 
 		}
5820f5 
 #endif
5820f5
5820f5 
-	if (is_export) i+=s->s2->tmp.clear;
5820f5 
+	if (is_export)
5820f5 
+		i = EVP_CIPHER_key_length(c);
5820f5
5820f5 
 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
5820f5 
 		{

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation