Permalink
Browse files

Merge branch 'vendor/OPENSSL'

  • Loading branch information...
2 parents ad8f657 + 7ca4833 commit 41ef61e26f0b32d5a8e2d8b16a3357f5ef99bc33 Peter Avalos committed May 13, 2012
View
@@ -2,6 +2,24 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in TLS
+ 1.2, 1.1 and DTLS to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ *) In FIPS mode don't try to use composite ciphers as they are not
+ approved.
+ [Steve Henson]
+
Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
*) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
View
@@ -83,7 +83,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1b was released on Apr 26th, 2012.
+OpenSSL 1.0.1c was released on May 10th, 2012.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
View
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+
+ o Fix TLS/DTLS record length checking bug CVE-2012-2333
+ o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
o Fix compilation error on non-x86 platforms.
View
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1b 26 Apr 2012
+ OpenSSL 1.0.1c 10 May 2012
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
+ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
/* Generate random session key */
if (!enc || !ec->key)
{
- tkeylen = EVP_CIPHER_CTX_key_length(ctx);
tkey = OPENSSL_malloc(tkeylen);
if (!tkey)
{
@@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Only reveal failure if debugging so we don't
* leak information which may be useful in MMA.
*/
- if (ec->debug)
+ if (enc || ec->debug)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_INVALID_KEY_LENGTH);
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000102fL
+#define OPENSSL_VERSION_NUMBER 0x1000103fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b-fips 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1b 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
}
/* TLS 1.0 does not bound the number of padding bytes by the block size.
* All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
+ if (i + bs > (int)rec->length)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
* by caller: we don't want to reveal whether this is
@@ -620,6 +620,11 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
s->ssl_version < TLS1_VERSION)
return 1;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return 1;
+#endif
+
if (c->algorithm_enc == SSL_RC4 &&
c->algorithm_mac == SSL_MD5 &&
(evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
@@ -889,6 +889,8 @@ int tls1_enc(SSL *s, int send)
if (s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
{
+ if (bs > (int)rec->length)
+ return -1;
rec->data += bs; /* skip the explicit IV */
rec->input += bs;
rec->length -= bs;

0 comments on commit 41ef61e

Please sign in to comment.