Date: Fri, 20 Mar 2015 07:12:03 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r280275 - in releng: 10.1 10.1/crypto/openssl/crypto/asn1 10.1/crypto/openssl/crypto/ec 10.1/crypto/openssl/crypto/x509 10.1/sys/conf 8.4 8.4/crypto/openssl/crypto/asn1 8.4/crypto/opens... Message-ID: <201503200712.t2K7C3IW061976@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Fri Mar 20 07:12:02 2015 New Revision: 280275 URL: https://svnweb.freebsd.org/changeset/base/280275 Log: Fix issues with original SA-15:06.openssl commit: - Revert a portion of ASN1 change per suggested by OpenBSD and OpenSSL developers. The change was removed from the formal OpenSSL release and does not solve security issue. - Properly fix CVE-2015-0209 and CVE-2015-0288. Approved by: so Modified: releng/10.1/UPDATING releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c releng/10.1/crypto/openssl/crypto/x509/x509_req.c releng/10.1/sys/conf/newvers.sh releng/8.4/UPDATING releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c releng/8.4/crypto/openssl/crypto/x509/x509_req.c releng/8.4/sys/conf/newvers.sh releng/9.3/UPDATING releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c releng/9.3/crypto/openssl/crypto/x509/x509_req.c releng/9.3/sys/conf/newvers.sh Modified: releng/10.1/UPDATING ============================================================================== --- releng/10.1/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150320: p8 + Fix patch for SA-15:06.openssl. + 20150319: p7 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/10.1/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/10.1/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/10.1/sys/conf/newvers.sh ============================================================================== --- releng/10.1/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/10.1/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.1" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20150320: p26 + Fix patch for SA-15:06.openssl. + 20150319: p25 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; c.valid = 0; - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/8.4/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/8.4/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/UPDATING Fri Mar 20 07:12:02 2015 (r280275) @@ -11,6 +11,9 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20150320: p12 + Fix patch for SA-15:06.openssl. + 20150319: p11 FreeBSD-SA-15:06.openssl Fix multiple vulnerabilities in OpenSSL. [SA-15:06] Modified: releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:12:02 2015 (r280275) @@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag) ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it) -{ + { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; + if (!pval) + pval = &ptmpval; c.valid = 0; - if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) - ptmpval = *pval; - - if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { - if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { - if (*pval) - ASN1_item_free(*pval, it); - *pval = ptmpval; - } - return ptmpval; - } + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + return *pval; return NULL; -} + } int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) Modified: releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:12:02 2015 (r280275) @@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } Modified: releng/9.3/crypto/openssl/crypto/x509/x509_req.c ============================================================================== --- releng/9.3/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:12:02 2015 (r280275) @@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_ goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i=X509_REQ_set_pubkey(ret,pktmp); EVP_PKEY_free(pktmp); if (!i) goto err; Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Fri Mar 20 07:11:20 2015 (r280274) +++ releng/9.3/sys/conf/newvers.sh Fri Mar 20 07:12:02 2015 (r280275) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503200712.t2K7C3IW061976>