[Midnightbsd-cvs] src [7550] stable/0.8: fix openssl security issue

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu May 5 04:05:45 EDT 2016 

Revision: 7550
          http://svnweb.midnightbsd.org/src/?rev=7550
Author:   laffer1
Date:     2016-05-05 04:05:44 -0400 (Thu, 05 May 2016)
Log Message:
-----------
fix openssl security issue

Modified Paths:
--------------
    stable/0.8/UPDATING
    stable/0.8/crypto/openssl/crypto/asn1/a_type.c
    stable/0.8/crypto/openssl/crypto/asn1/tasn_dec.c
    stable/0.8/crypto/openssl/crypto/asn1/tasn_enc.c
    stable/0.8/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
    stable/0.8/crypto/openssl/crypto/evp/encode.c
    stable/0.8/crypto/openssl/crypto/evp/evp_enc.c
    stable/0.8/crypto/openssl/crypto/x509/x509_obj.c

Modified: stable/0.8/UPDATING
===================================================================
--- stable/0.8/UPDATING	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/UPDATING	2016-05-05 08:05:44 UTC (rev 7550)
@@ -1,5 +1,25 @@
 Updating Information for MidnightBSD users.
 
+20160505:
+	OpenSSL security patch
+
+	The padding check in AES-NI CBC MAC was rewritten to be in constant time
+	by making sure that always the same bytes are read and compared against
+	either the MAC or padding bytes. But it no longer checked that there was
+	enough data to have both the MAC and padding bytes. [CVE-2016-2107]
+
+	An overflow can occur in the EVP_EncodeUpdate() function which is used for
+	Base64 encoding of binary data. [CVE-2016-2105]
+
+	An overflow can occur in the EVP_EncryptUpdate() function, however it is
+	believed that there can be no overflows in internal code due to this problem.
+	[CVE-2016-2106]
+
+	When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+	a short invalid encoding can casuse allocation of large amounts of memory
+	potentially consuming excessive resources or exhausting memory.
+	[CVE-2016-2109]
+
 20160317:
 	OpenSSH doesn't have the luck of the Irish. 
 

Modified: stable/0.8/crypto/openssl/crypto/asn1/a_type.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/asn1/a_type.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/asn1/a_type.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -126,9 +126,7 @@
         result = 0;             /* They do not have content. */
         break;
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
     case V_ASN1_BIT_STRING:
     case V_ASN1_OCTET_STRING:
     case V_ASN1_SEQUENCE:

Modified: stable/0.8/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/asn1/tasn_dec.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/asn1/tasn_dec.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -903,9 +903,7 @@
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         tint = (ASN1_INTEGER **)pval;
         if (!c2i_ASN1_INTEGER(tint, &cont, len))
             goto err;

Modified: stable/0.8/crypto/openssl/crypto/asn1/tasn_enc.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/asn1/tasn_enc.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/asn1/tasn_enc.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -611,9 +611,7 @@
         break;
 
     case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
     case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
         /*
          * These are all have the same content format as ASN1_INTEGER
          */

Modified: stable/0.8/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -59,6 +59,7 @@
 # include <openssl/aes.h>
 # include <openssl/sha.h>
 # include "evp_locl.h"
+# include "constant_time_locl.h"
 
 # ifndef EVP_CIPH_FLAG_AEAD_CIPHER
 #  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
@@ -286,6 +287,8 @@
             maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
             maxpad &= 255;
 
+            ret &= constant_time_ge(maxpad, pad);
+
             inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
             mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
             inp_len &= mask;

Modified: stable/0.8/crypto/openssl/crypto/evp/encode.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/evp/encode.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/evp/encode.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 
@@ -134,13 +135,13 @@
                       const unsigned char *in, int inl)
 {
     int i, j;
-    unsigned int total = 0;
+    size_t total = 0;
 
     *outl = 0;
     if (inl <= 0)
         return;
     OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-    if ((ctx->num + inl) < ctx->length) {
+    if (ctx->length - ctx->num > inl) {
         memcpy(&(ctx->enc_data[ctx->num]), in, inl);
         ctx->num += inl;
         return;
@@ -157,7 +158,7 @@
         *out = '\0';
         total = j + 1;
     }
-    while (inl >= ctx->length) {
+    while (inl >= ctx->length && total <= INT_MAX) {
         j = EVP_EncodeBlock(out, in, ctx->length);
         in += ctx->length;
         inl -= ctx->length;
@@ -166,6 +167,11 @@
         *out = '\0';
         total += j + 1;
     }
+    if (total > INT_MAX) {
+        /* Too much output data! */
+        *outl = 0;
+        return;
+    }
     if (inl != 0)
         memcpy(&(ctx->enc_data[0]), in, inl);
     ctx->num = inl;

Modified: stable/0.8/crypto/openssl/crypto/evp/evp_enc.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/evp/evp_enc.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/evp/evp_enc.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -334,7 +334,7 @@
     bl = ctx->cipher->block_size;
     OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
     if (i != 0) {
-        if (i + inl < bl) {
+        if (bl - i > inl) {
             memcpy(&(ctx->buf[i]), in, inl);
             ctx->buf_len += inl;
             *outl = 0;

Modified: stable/0.8/crypto/openssl/crypto/x509/x509_obj.c
===================================================================
--- stable/0.8/crypto/openssl/crypto/x509/x509_obj.c	2016-05-05 07:58:50 UTC (rev 7549)
+++ stable/0.8/crypto/openssl/crypto/x509/x509_obj.c	2016-05-05 08:05:44 UTC (rev 7550)
@@ -117,8 +117,9 @@
             type == V_ASN1_PRINTABLESTRING ||
             type == V_ASN1_TELETEXSTRING ||
             type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-            ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
-                         ? sizeof ebcdic_buf : num);
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
             q = ebcdic_buf;
         }
 #endif

More information about the Midnightbsd-cvs mailing list