[Midnightbsd-cvs] src [7547] trunk/crypto/openssl/crypto: OpenSSL security patch
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu May 5 03:54:23 EDT 2016
Revision: 7547
http://svnweb.midnightbsd.org/src/?rev=7547
Author: laffer1
Date: 2016-05-05 03:54:23 -0400 (Thu, 05 May 2016)
Log Message:
-----------
OpenSSL security patch
The padding check in AES-NI CBC MAC was rewritten to be in constant time
by making sure that always the same bytes are read and compared against
either the MAC or padding bytes. But it no longer checked that there was
enough data to have both the MAC and padding bytes. [CVE-2016-2107]
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. [CVE-2016-2105]
An overflow can occur in the EVP_EncryptUpdate() function, however it is
believed that there can be no overflows in internal code due to this problem.
[CVE-2016-2106]
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
[CVE-2016-2109]
Modified Paths:
--------------
trunk/crypto/openssl/crypto/asn1/a_type.c
trunk/crypto/openssl/crypto/asn1/tasn_dec.c
trunk/crypto/openssl/crypto/asn1/tasn_enc.c
trunk/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
trunk/crypto/openssl/crypto/evp/encode.c
trunk/crypto/openssl/crypto/evp/evp_enc.c
trunk/crypto/openssl/crypto/x509/x509_obj.c
Modified: trunk/crypto/openssl/crypto/asn1/a_type.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/a_type.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/asn1/a_type.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -126,9 +126,7 @@
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
Modified: trunk/crypto/openssl/crypto/asn1/tasn_dec.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/asn1/tasn_dec.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -903,9 +903,7 @@
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
Modified: trunk/crypto/openssl/crypto/asn1/tasn_enc.c
===================================================================
--- trunk/crypto/openssl/crypto/asn1/tasn_enc.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/asn1/tasn_enc.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -611,9 +611,7 @@
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
/*
* These are all have the same content format as ASN1_INTEGER
*/
Modified: trunk/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -59,6 +59,7 @@
# include <openssl/aes.h>
# include <openssl/sha.h>
# include "evp_locl.h"
+# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -286,6 +287,8 @@
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
+ ret &= constant_time_ge(maxpad, pad);
+
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
Modified: trunk/crypto/openssl/crypto/evp/encode.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/encode.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/evp/encode.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -134,13 +135,13 @@
const unsigned char *in, int inl)
{
int i, j;
- unsigned int total = 0;
+ size_t total = 0;
*outl = 0;
if (inl <= 0)
return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
- if ((ctx->num + inl) < ctx->length) {
+ if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
return;
@@ -157,7 +158,7 @@
*out = '\0';
total = j + 1;
}
- while (inl >= ctx->length) {
+ while (inl >= ctx->length && total <= INT_MAX) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@@ -166,6 +167,11 @@
*out = '\0';
total += j + 1;
}
+ if (total > INT_MAX) {
+ /* Too much output data! */
+ *outl = 0;
+ return;
+ }
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
Modified: trunk/crypto/openssl/crypto/evp/evp_enc.c
===================================================================
--- trunk/crypto/openssl/crypto/evp/evp_enc.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/evp/evp_enc.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -334,7 +334,7 @@
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
- if (i + inl < bl) {
+ if (bl - i > inl) {
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
Modified: trunk/crypto/openssl/crypto/x509/x509_obj.c
===================================================================
--- trunk/crypto/openssl/crypto/x509/x509_obj.c 2016-05-05 07:49:43 UTC (rev 7546)
+++ trunk/crypto/openssl/crypto/x509/x509_obj.c 2016-05-05 07:54:23 UTC (rev 7547)
@@ -117,8 +117,9 @@
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+ if (num > (int)sizeof(ebcdic_buf))
+ num = sizeof(ebcdic_buf);
+ ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
More information about the Midnightbsd-cvs
mailing list