Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1f-52-gebe2219
46 views
Skip to first unread message
Dr. Stephen Henson
Apr 7, 2014, 1:40:55 PM4/7/14
to
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, OpenSSL_1_0_1-stable has been updated
via ebe221948dfea100d49cd4b1e38f4408021bd6f7 (commit)
via b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8 (commit)
via c5993d10a8f28d4448c6161c3a4ca91b68eea78c (commit)
via 5be1ae28ef3c4bdec95b94f14e0e939157be550a (commit)
via 96db9023b881d7cd9f379b0c154650d6c108e9a3 (commit)
from 0d7717fc9c83dafab8153cbd5e2180e6e04cc802 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ebe221948dfea100d49cd4b1e38f4408021bd6f7
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 7 17:58:39 2014 +0100
Prepare for 1.0.1h-dev
commit b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 7 17:55:44 2014 +0100
Prepare for 1.0.1g release
commit c5993d10a8f28d4448c6161c3a4ca91b68eea78c
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 12:59:14 2014 +0100
Update NEWS.
commit 5be1ae28ef3c4bdec95b94f14e0e939157be550a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 23:11:20 2014 +0100
Return if ssleay_rand_add called with zero num.
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.
Thanks to Marcus Meissner <meis...@suse.de> for reporting this bug.
commit 96db9023b881d7cd9f379b0c154650d6c108e9a3
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 00:51:06 2014 +0100
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
preparing the fix (CVE-2014-0160)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 15 ++++++++++++++-
NEWS | 12 ++++++------
README | 2 +-
crypto/opensslv.h | 6 +++---
crypto/rand/md_rand.c | 3 +++
openssl.spec | 2 +-
ssl/d1_both.c | 26 ++++++++++++++++++--------
ssl/t1_lib.c | 14 +++++++++-----
8 files changed, 55 insertions(+), 25 deletions(-)
diff --git a/CHANGES b/CHANGES
index 0484456..b790cee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,20 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.1f and 1.0.1g [xx XXX xxxx]
+ Changes between 1.0.1g and 1.0.1h [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
diff --git a/NEWS b/NEWS
index 676cfbe..c23ac7b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,15 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [under development]
+ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [under development]
- o Add TLS padding extension workaround for broken servers.
- o Fix for CVE-2014-0076
+ o
- Known issues in OpenSL 1.0.1f
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
- o Warning when compiling s23_clnt.c on Windows. Fixed in 1.0.1g-dev.
- o On Windows 8 GetVersion is deprecated. Fixed in 1.0.1g-dev.
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
diff --git a/README b/README
index 3480694..a9eaef9 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1g-dev
+ OpenSSL 1.0.1h-dev
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index aeb40f5..edde898 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001070L
+#define OPENSSL_VERSION_NUMBER 0x10001080L
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips-dev xx XXX xxxx"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-dev xx XXX xxxx"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index dd29163..aee1c30 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
diff --git a/openssl.spec b/openssl.spec
index 44147ce..f0f5ea8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1g
+Version: 1.0.1h
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7a5596a..2e8cf68 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b82fada..bddffd9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
hooks/post-receive
--
OpenSSL source code
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List opens...@openssl.org
Automated List Manager majo...@openssl.org
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, OpenSSL_1_0_1-stable has been updated
via ebe221948dfea100d49cd4b1e38f4408021bd6f7 (commit)
via b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8 (commit)
via c5993d10a8f28d4448c6161c3a4ca91b68eea78c (commit)
via 5be1ae28ef3c4bdec95b94f14e0e939157be550a (commit)
via 96db9023b881d7cd9f379b0c154650d6c108e9a3 (commit)
from 0d7717fc9c83dafab8153cbd5e2180e6e04cc802 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ebe221948dfea100d49cd4b1e38f4408021bd6f7
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 7 17:58:39 2014 +0100
Prepare for 1.0.1h-dev
commit b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 7 17:55:44 2014 +0100
Prepare for 1.0.1g release
commit c5993d10a8f28d4448c6161c3a4ca91b68eea78c
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 12:59:14 2014 +0100
Update NEWS.
commit 5be1ae28ef3c4bdec95b94f14e0e939157be550a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 23:11:20 2014 +0100
Return if ssleay_rand_add called with zero num.
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.
Thanks to Marcus Meissner <meis...@suse.de> for reporting this bug.
commit 96db9023b881d7cd9f379b0c154650d6c108e9a3
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Apr 6 00:51:06 2014 +0100
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
preparing the fix (CVE-2014-0160)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 15 ++++++++++++++-
NEWS | 12 ++++++------
README | 2 +-
crypto/opensslv.h | 6 +++---
crypto/rand/md_rand.c | 3 +++
openssl.spec | 2 +-
ssl/d1_both.c | 26 ++++++++++++++++++--------
ssl/t1_lib.c | 14 +++++++++-----
8 files changed, 55 insertions(+), 25 deletions(-)
diff --git a/CHANGES b/CHANGES
index 0484456..b790cee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,20 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.1f and 1.0.1g [xx XXX xxxx]
+ Changes between 1.0.1g and 1.0.1h [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+ *) A missing bounds check in the handling of the TLS heartbeat extension
+ can be used to reveal up to 64k of memory to a connected client or
+ server.
+
+ Thanks for Neel Mehta of Google Security for discovering this bug and to
+ Adam Langley <a...@chromium.org> and Bodo Moeller <bmoe...@acm.org> for
+ preparing the fix (CVE-2014-0160)
+ [Adam Langley, Bodo Moeller]
*) Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
diff --git a/NEWS b/NEWS
index 676cfbe..c23ac7b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,15 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [under development]
+ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [under development]
- o Add TLS padding extension workaround for broken servers.
- o Fix for CVE-2014-0076
+ o
- Known issues in OpenSL 1.0.1f
+ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
- o Warning when compiling s23_clnt.c on Windows. Fixed in 1.0.1g-dev.
- o On Windows 8 GetVersion is deprecated. Fixed in 1.0.1g-dev.
+ o Fix for CVE-2014-0160
+ o Add TLS padding extension workaround for broken servers.
+ o Fix for CVE-2014-0076
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
diff --git a/README b/README
index 3480694..a9eaef9 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1g-dev
+ OpenSSL 1.0.1h-dev
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index aeb40f5..edde898 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001070L
+#define OPENSSL_VERSION_NUMBER 0x10001080L
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-fips-dev xx XXX xxxx"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1g-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1h-dev xx XXX xxxx"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index dd29163..aee1c30 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
diff --git a/openssl.spec b/openssl.spec
index 44147ce..f0f5ea8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1g
+Version: 1.0.1h
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 7a5596a..2e8cf68 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
+ unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
int r;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+ buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
/* Random padding */
RAND_pseudo_bytes(bp, padding);
- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
if (r >= 0 && s->msg_callback)
s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
- buffer, 3 + payload + padding,
+ buffer, write_length,
s, s->msg_callback_arg);
OPENSSL_free(buffer);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b82fada..bddffd9 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;
hooks/post-receive
--
OpenSSL source code
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List opens...@openssl.org
Automated List Manager majo...@openssl.org
0 new messages