From owner-svn-src-releng@FreeBSD.ORG Thu Mar 19 17:41:21 2015 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DFA8C843; Thu, 19 Mar 2015 17:41:20 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C9E8E7E2; Thu, 19 Mar 2015 17:41:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2JHfK2f075426; Thu, 19 Mar 2015 17:41:20 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2JHfIKX075407; Thu, 19 Mar 2015 17:41:18 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201503191741.t2JHfIKX075407@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Thu, 19 Mar 2015 17:41:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r280267 - in releng: 10.1 10.1/sys/conf 8.4 8.4/sys/conf 9.3 9.3/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2015 17:41:21 -0000 Author: delphij Date: Thu Mar 19 17:41:17 2015 New Revision: 280267 URL: https://svnweb.freebsd.org/changeset/base/280267 Log: Fix multiple OpenSSL vulnerabilities. Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so Modified: releng/10.1/UPDATING releng/10.1/sys/conf/newvers.sh releng/8.4/UPDATING releng/8.4/sys/conf/newvers.sh releng/9.3/UPDATING releng/9.3/sys/conf/newvers.sh Modified: releng/10.1/UPDATING ============================================================================== --- releng/10.1/UPDATING Thu Mar 19 17:40:43 2015 (r280266) +++ releng/10.1/UPDATING Thu Mar 19 17:41:17 2015 (r280267) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150319: p7 FreeBSD-SA-15:06.openssl + Fix multiple vulnerabilities in OpenSSL. [SA-15:06] + 20150225: p6 FreeBSD-SA-15:04.igmp FreeBSD-EN-15:01.vt FreeBSD-EN-15:02.openssl Modified: releng/10.1/sys/conf/newvers.sh ============================================================================== --- releng/10.1/sys/conf/newvers.sh Thu Mar 19 17:40:43 2015 (r280266) +++ releng/10.1/sys/conf/newvers.sh Thu Mar 19 17:41:17 2015 (r280267) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Thu Mar 19 17:40:43 2015 (r280266) +++ releng/8.4/UPDATING Thu Mar 19 17:41:17 2015 (r280267) @@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20150319: p25 FreeBSD-SA-15:06.openssl + Fix multiple vulnerabilities in OpenSSL. [SA-15:06] + 20150225: p24 FreeBSD-SA-15:04.igmp FreeBSD-SA-15:05.bind FreeBSD-EN-15:01.vt Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Thu Mar 19 17:40:43 2015 (r280266) +++ releng/8.4/sys/conf/newvers.sh Thu Mar 19 17:41:17 2015 (r280267) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p24" +BRANCH="RELEASE-p25" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Thu Mar 19 17:40:43 2015 (r280266) +++ releng/9.3/UPDATING Thu Mar 19 17:41:17 2015 (r280267) @@ -11,6 +11,9 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20150319: p11 FreeBSD-SA-15:06.openssl + Fix multiple vulnerabilities in OpenSSL. [SA-15:06] + 20150225: p10 FreeBSD-SA-15:04.igmp FreeBSD-SA-15:05.bind FreeBSD-EN-15:01.vt Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Thu Mar 19 17:40:43 2015 (r280266) +++ releng/9.3/sys/conf/newvers.sh Thu Mar 19 17:41:17 2015 (r280267) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Thu Mar 19 17:42:47 2015 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4E4C997; Thu, 19 Mar 2015 17:42:46 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC118806; Thu, 19 Mar 2015 17:42:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2JHgkcf075669; Thu, 19 Mar 2015 17:42:46 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2JHgdMl075624; Thu, 19 Mar 2015 17:42:39 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201503191742.t2JHgdMl075624@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Thu, 19 Mar 2015 17:42:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r280268 - in releng: 10.1/crypto/openssl/crypto/asn1 10.1/crypto/openssl/crypto/pkcs7 10.1/crypto/openssl/doc/crypto 10.1/crypto/openssl/ssl 10.1/secure/lib/libcrypto/man 8.4/crypto/ope... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2015 17:42:47 -0000 Author: delphij Date: Thu Mar 19 17:42:38 2015 New Revision: 280268 URL: https://svnweb.freebsd.org/changeset/base/280268 Log: Fix multiple OpenSSL vulnerabilities. Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so Modified: releng/10.1/crypto/openssl/crypto/asn1/a_type.c releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/10.1/crypto/openssl/crypto/pkcs7/pk7_lib.c releng/10.1/crypto/openssl/doc/crypto/d2i_X509.pod releng/10.1/crypto/openssl/ssl/s2_lib.c releng/10.1/crypto/openssl/ssl/s2_srvr.c releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 releng/8.4/crypto/openssl/crypto/asn1/a_type.c releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c releng/8.4/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/8.4/crypto/openssl/crypto/pkcs7/pk7_lib.c releng/8.4/crypto/openssl/doc/crypto/d2i_X509.pod releng/8.4/crypto/openssl/ssl/s2_lib.c releng/8.4/crypto/openssl/ssl/s2_srvr.c releng/8.4/secure/lib/libcrypto/man/d2i_X509.3 releng/9.3/crypto/openssl/crypto/asn1/a_type.c releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c releng/9.3/crypto/openssl/doc/crypto/d2i_X509.pod releng/9.3/crypto/openssl/ssl/s2_lib.c releng/9.3/crypto/openssl/ssl/s2_srvr.c releng/9.3/secure/lib/libcrypto/man/d2i_X509.3 Modified: releng/10.1/crypto/openssl/crypto/asn1/a_type.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:42:38 2015 (r280268) @@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; Modified: releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:42:38 2015 (r280268) @@ -127,16 +127,22 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) - { +{ ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) - pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; - return NULL; + if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) + ptmpval = *pval; + if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { + if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { + if (*pval) + ASN1_item_free(*pval, it); + *pval = ptmpval; + } + return ptmpval; } + return NULL; +} int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) @@ -311,13 +317,20 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) - { + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; - } + } /* CHOICE type, try each possibility in turn */ p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) @@ -407,6 +420,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { Modified: releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:42:38 2015 (r280268) @@ -272,6 +272,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) PKCS7_RECIP_INFO *ri=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -433,6 +452,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -752,6 +781,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -796,6 +835,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -806,6 +846,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -866,8 +907,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } } } - else if (i == NID_pkcs7_digest) - { + else if (i == NID_pkcs7_digest) { unsigned char md_data[EVP_MAX_MD_SIZE]; unsigned int md_len; if (!PKCS7_find_digest(&mdc, bio, @@ -878,24 +918,31 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) - { - char *cont; - long contlen; - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); - goto err; + if (!PKCS7_is_detached(p7)) { + /* + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. + */ + if (os == NULL) + goto err; + if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; } - contlen = BIO_get_mem_data(btmp, &cont); - /* Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. - */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy of the data + * instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); } + } ret=1; err: EVP_MD_CTX_cleanup(&ctx_tmp); @@ -971,6 +1018,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert=p7->d.sign->cert; Modified: releng/10.1/crypto/openssl/crypto/pkcs7/pk7_lib.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:42:38 2015 (r280268) @@ -71,6 +71,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { @@ -459,6 +460,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return(p7->d.sign->signer_info); Modified: releng/10.1/crypto/openssl/doc/crypto/d2i_X509.pod ============================================================================== --- releng/10.1/crypto/openssl/doc/crypto/d2i_X509.pod Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/doc/crypto/d2i_X509.pod Thu Mar 19 17:42:38 2015 (r280268) @@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts persist if they are not present in the new one. As a result the use of this "reuse" behaviour is strongly discouraged. +Current versions of OpenSSL will not modify B<*px> if an error occurs. +If parsing succeeds then B<*px> is freed (if it is not NULL) and then +set to the value of the newly decoded structure. As a result B<*px> +B be allocated on the stack or an attempt will be made to +free an invalid pointer. + i2d_X509() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -210,7 +216,9 @@ always succeed. d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +modified in the event of error. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by Modified: releng/10.1/crypto/openssl/ssl/s2_lib.c ============================================================================== --- releng/10.1/crypto/openssl/ssl/s2_lib.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/ssl/s2_lib.c Thu Mar 19 17:42:38 2015 (r280268) @@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < (int)sizeof(s->session->master_key)); + <= (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; Modified: releng/10.1/crypto/openssl/ssl/s2_srvr.c ============================================================================== --- releng/10.1/crypto/openssl/ssl/s2_srvr.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/crypto/openssl/ssl/s2_srvr.c Thu Mar 19 17:42:38 2015 (r280268) @@ -454,9 +454,6 @@ static int get_client_master_key(SSL *s) SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); return(-1); } - i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, - &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); is_export=SSL_C_IS_EXPORT(s->session->cipher); @@ -475,23 +472,61 @@ static int get_client_master_key(SSL *s) else ek=5; + /* + * The format of the CLIENT-MASTER-KEY message is + * 1 byte message type + * 3 bytes cipher + * 2-byte clear key length (stored in s->s2->tmp.clear) + * 2-byte encrypted key length (stored in s->s2->tmp.enc) + * 2-byte key args length (IV etc) + * clear key + * encrypted key + * key args + * + * If the cipher is an export cipher, then the encrypted key bytes + * are a fixed portion of the total key (5 or 8 bytes). The size of + * this portion is in |ek|. If the cipher is not an export cipher, + * then the entire key material is encrypted (i.e., clear key length + * must be zero). + */ + if ((!is_export && s->s2->tmp.clear != 0) || + (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); + return -1; + } + /* + * The encrypted blob must decrypt to the encrypted portion of the key. + * Decryption can't be expanding, so if we don't have enough encrypted + * bytes to fit the key in the buffer, stop now. + */ + if ((is_export && s->s2->tmp.enc < ek) || + (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); + return -1; + } + + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, + &(p[s->s2->tmp.clear]), + &(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : + RSA_PKCS1_PADDING); + /* bad decrypt */ #if 1 /* If a bad decrypt, continue with protocol but with a * random master secret (Bleichenbacher attack) */ - if ((i < 0) || - ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != - (unsigned int)EVP_CIPHER_key_length(c)))))) - { + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) + || (is_export && i != ek))) { ERR_clear_error(); if (is_export) i=ek; else i=EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p,i) <= 0) + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) return 0; - } + } #else if (i < 0) { @@ -513,7 +548,8 @@ static int get_client_master_key(SSL *s) } #endif - if (is_export) i+=s->s2->tmp.clear; + if (is_export) + i = EVP_CIPHER_key_length(c); if (i > SSL_MAX_MASTER_KEY_LENGTH) { Modified: releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 ============================================================================== --- releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 Thu Mar 19 17:41:17 2015 (r280267) +++ releng/10.1/secure/lib/libcrypto/man/d2i_X509.3 Thu Mar 19 17:42:38 2015 (r280268) @@ -342,6 +342,12 @@ In some versions of OpenSSL the \*(L"reu persist if they are not present in the new one. As a result the use of this \*(L"reuse\*(R" behaviour is strongly discouraged. .PP +Current versions of OpenSSL will not modify \fB*px\fR if an error occurs. +If parsing succeeds then \fB*px\fR is freed (if it is not \s-1NULL\s0) and then +set to the value of the newly decoded structure. As a result \fB*px\fR +\&\fBmust not\fR be allocated on the stack or an attempt will be made to +free an invalid pointer. +.PP \&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -352,7 +358,9 @@ always succeed. .IX Header "RETURN VALUES" \&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fIERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used +with a valid X509 structure being passed in via \fBpx\fR then the object is not +modified in the event of error. .PP \&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by Modified: releng/8.4/crypto/openssl/crypto/asn1/a_type.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:42:38 2015 (r280268) @@ -121,6 +121,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; Modified: releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:42:38 2015 (r280268) @@ -125,16 +125,23 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) - { +{ ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) - pval = &ptmpval; c.valid = 0; - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; - return NULL; + if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) + ptmpval = *pval; + + if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { + if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { + if (*pval) + ASN1_item_free(*pval, it); + *pval = ptmpval; + } + return ptmpval; } + return NULL; +} int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) @@ -309,13 +316,20 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) - { + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; - } + } /* CHOICE type, try each possibility in turn */ p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) @@ -405,6 +419,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { Modified: releng/8.4/crypto/openssl/crypto/pkcs7/pk7_doit.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:42:38 2015 (r280268) @@ -151,6 +151,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) EVP_PKEY *pkey; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -344,6 +363,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; PKCS7_RECIP_INFO *ri=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -637,6 +666,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -668,6 +707,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -678,6 +718,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -813,8 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7)) - { + if (!PKCS7_is_detached(p7)) { + /* + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. + */ + if (os == NULL) + goto err; btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { @@ -849,6 +895,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert=p7->d.sign->cert; Modified: releng/8.4/crypto/openssl/crypto/pkcs7/pk7_lib.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:42:38 2015 (r280268) @@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { @@ -473,6 +474,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return(p7->d.sign->signer_info); Modified: releng/8.4/crypto/openssl/doc/crypto/d2i_X509.pod ============================================================================== --- releng/8.4/crypto/openssl/doc/crypto/d2i_X509.pod Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/doc/crypto/d2i_X509.pod Thu Mar 19 17:42:38 2015 (r280268) @@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts persist if they are not present in the new one. As a result the use of this "reuse" behaviour is strongly discouraged. +Current versions of OpenSSL will not modify B<*px> if an error occurs. +If parsing succeeds then B<*px> is freed (if it is not NULL) and then +set to the value of the newly decoded structure. As a result B<*px> +B be allocated on the stack or an attempt will be made to +free an invalid pointer. + i2d_X509() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -210,7 +216,9 @@ always succeed. d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +modified in the event of error. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by Modified: releng/8.4/crypto/openssl/ssl/s2_lib.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/s2_lib.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/ssl/s2_lib.c Thu Mar 19 17:42:38 2015 (r280268) @@ -410,7 +410,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < (int)sizeof(s->session->master_key)); + <= (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; Modified: releng/8.4/crypto/openssl/ssl/s2_srvr.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/s2_srvr.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/crypto/openssl/ssl/s2_srvr.c Thu Mar 19 17:42:38 2015 (r280268) @@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s) SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY); return(-1); } - i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc, - &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING); is_export=SSL_C_IS_EXPORT(s->session->cipher); @@ -467,23 +464,61 @@ static int get_client_master_key(SSL *s) else ek=5; + /* + * The format of the CLIENT-MASTER-KEY message is + * 1 byte message type + * 3 bytes cipher + * 2-byte clear key length (stored in s->s2->tmp.clear) + * 2-byte encrypted key length (stored in s->s2->tmp.enc) + * 2-byte key args length (IV etc) + * clear key + * encrypted key + * key args + * + * If the cipher is an export cipher, then the encrypted key bytes + * are a fixed portion of the total key (5 or 8 bytes). The size of + * this portion is in |ek|. If the cipher is not an export cipher, + * then the entire key material is encrypted (i.e., clear key length + * must be zero). + */ + if ((!is_export && s->s2->tmp.clear != 0) || + (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); + return -1; + } + /* + * The encrypted blob must decrypt to the encrypted portion of the key. + * Decryption can't be expanding, so if we don't have enough encrypted + * bytes to fit the key in the buffer, stop now. + */ + if ((is_export && s->s2->tmp.enc < ek) || + (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); + return -1; + } + + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, + &(p[s->s2->tmp.clear]), + &(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : + RSA_PKCS1_PADDING); + /* bad decrypt */ #if 1 /* If a bad decrypt, continue with protocol but with a * random master secret (Bleichenbacher attack) */ - if ((i < 0) || - ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != - (unsigned int)EVP_CIPHER_key_length(c)))))) - { + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) + || (is_export && i != ek))) { ERR_clear_error(); if (is_export) i=ek; else i=EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p,i) <= 0) + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) return 0; - } + } #else if (i < 0) { @@ -505,7 +540,8 @@ static int get_client_master_key(SSL *s) } #endif - if (is_export) i+=s->s2->tmp.clear; + if (is_export) + i = EVP_CIPHER_key_length(c); if (i > SSL_MAX_MASTER_KEY_LENGTH) { Modified: releng/8.4/secure/lib/libcrypto/man/d2i_X509.3 ============================================================================== --- releng/8.4/secure/lib/libcrypto/man/d2i_X509.3 Thu Mar 19 17:41:17 2015 (r280267) +++ releng/8.4/secure/lib/libcrypto/man/d2i_X509.3 Thu Mar 19 17:42:38 2015 (r280268) @@ -342,6 +342,12 @@ In some versions of OpenSSL the \*(L"reu persist if they are not present in the new one. As a result the use of this \*(L"reuse\*(R" behaviour is strongly discouraged. .PP +Current versions of OpenSSL will not modify \fB*px\fR if an error occurs. +If parsing succeeds then \fB*px\fR is freed (if it is not \s-1NULL\s0) and then +set to the value of the newly decoded structure. As a result \fB*px\fR +\&\fBmust not\fR be allocated on the stack or an attempt will be made to +free an invalid pointer. +.PP \&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -352,7 +358,9 @@ always succeed. .IX Header "RETURN VALUES" \&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by -\&\fIERR_get_error\fR\|(3). +\&\fIERR_get_error\fR\|(3). If the \*(L"reuse\*(R" capability has been used +with a valid X509 structure being passed in via \fBpx\fR then the object is not +modified in the event of error. .PP \&\fIi2d_X509()\fR returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by Modified: releng/9.3/crypto/openssl/crypto/asn1/a_type.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/9.3/crypto/openssl/crypto/asn1/a_type.c Thu Mar 19 17:42:38 2015 (r280268) @@ -121,6 +121,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; Modified: releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Thu Mar 19 17:42:38 2015 (r280268) @@ -125,16 +125,23 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) - { +{ ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) - pval = &ptmpval; c.valid = 0; - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; - return NULL; + if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) + ptmpval = *pval; + + if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { + if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { + if (*pval) + ASN1_item_free(*pval, it); + *pval = ptmpval; + } + return ptmpval; } + return NULL; +} int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) @@ -309,13 +316,20 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) - { + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; - } + } /* CHOICE type, try each possibility in turn */ p = *in; for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) @@ -405,6 +419,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { Modified: releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/9.3/crypto/openssl/crypto/pkcs7/pk7_doit.c Thu Mar 19 17:42:38 2015 (r280268) @@ -151,6 +151,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) EVP_PKEY *pkey; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -344,6 +363,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; PKCS7_RECIP_INFO *ri=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -637,6 +666,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; ASN1_OCTET_STRING *os=NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -668,6 +707,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -678,6 +718,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -813,8 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7)) - { + if (!PKCS7_is_detached(p7)) { + /* + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. + */ + if (os == NULL) + goto err; btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { @@ -849,6 +895,16 @@ int PKCS7_dataVerify(X509_STORE *cert_st STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert=p7->d.sign->cert; Modified: releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:41:17 2015 (r280267) +++ releng/9.3/crypto/openssl/crypto/pkcs7/pk7_lib.c Thu Mar 19 17:42:38 2015 (r280268) @@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { @@ -473,6 +474,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return(p7->d.sign->signer_info); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@FreeBSD.ORG Fri Mar 20 07:12:09 2015 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 96CC8397; Fri, 20 Mar 2015 07:12:09 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 735CBDA6; Fri, 20 Mar 2015 07:12:09 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2K7C9qP062004; Fri, 20 Mar 2015 07:12:09 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2K7C3IW061976; Fri, 20 Mar 2015 07:12:03 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201503200712.t2K7C3IW061976@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Fri, 20 Mar 2015 07:12:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r280275 - in releng: 10.1 10.1/crypto/openssl/crypto/asn1 10.1/crypto/openssl/crypto/ec 10.1/crypto/openssl/crypto/x509 10.1/sys/conf 8.4 8.4/crypto/openssl/crypto/asn1 8.4/crypto/opens... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2015 07:12:09 -0000 Author: delphij Date: Fri Mar 20 07:12:02 2015 New Revision: 280275 URL: https://svnweb.freebsd.org/changeset/base/280275 Log: Fix issues with original SA-15:06.openssl commit: - Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288. Approved by: so Modified: releng/10.1/UPDATING releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c releng/10.1/crypto/openssl/crypto/x509/x509_req.c releng/10.1/sys/conf/newvers.sh releng/8.4/UPDATING releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c releng/8.4/crypto/openssl/crypto/x509/x509_req.c releng/8.4/sys/conf/newvers.sh releng/9.3/UPDATING releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c releng/9.3/crypto/openssl/crypto/x509/x509_req.c releng/9.3/sys/conf/newvers.sh Modified: releng/10.1/UPDATING ============================================================================== --- releng/10.1/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150320: p8 + Fix patch for SA-15:06.openssl. + 20150319: p7 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/10.1/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/10.1/sys/conf/newvers.sh ============================================================================== --- releng/10.1/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20150320: p26 + Fix patch for SA-15:06.openssl. + 20150319: p25 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; c.valid = 0; - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/8.4/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -11,6 +11,9 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20150320: p12 + Fix patch for SA-15:06.openssl. + 20150319: p11 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; c.valid = 0; - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/9.3/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi