Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.11471
openssl-CVE-2019-1559.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2019-1559.patch of Package compat-openssl098.11471
commit e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 Author: Matt Caswell <matt@openssl.org> Date: Thu Apr 23 20:01:33 2015 +0100 Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a) Conflicts: ssl/s3_srvr.c ssl/ssl_stat.c Index: openssl-0.9.8j/ssl/s3_srvr.c =================================================================== --- openssl-0.9.8j.orig/ssl/s3_srvr.c +++ openssl-0.9.8j/ssl/s3_srvr.c @@ -210,6 +210,7 @@ int ssl3_accept(SSL *s) if ((s->version>>8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type=SSL_ST_ACCEPT; @@ -219,11 +220,13 @@ int ssl3_accept(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; @@ -232,6 +235,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -243,7 +247,11 @@ int ssl3_accept(SSL *s) /* Ok, we now need to push on a buffering BIO so that * the output is sent in a way that TCP likes :-) */ - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,1)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; @@ -259,6 +267,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else @@ -552,8 +561,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CHANGE_B: s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - { ret= -1; goto end; } + if (!s->method->ssl3_enc->setup_key_block(s)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } ret=ssl3_send_change_cipher_spec(s, SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); @@ -566,6 +578,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -618,6 +631,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -1116,8 +1130,9 @@ int ssl3_get_client_hello(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return(ret); } @@ -1135,8 +1150,10 @@ int ssl3_send_server_hello(SSL *s) p=s->s3->server_random; Time=(unsigned long)time(NULL); /* Time */ l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) { + s->state = SSL_ST_ERR; return -1; + } /* Do the message type and length last */ d=p= &(buf[4]); @@ -1170,6 +1187,7 @@ int ssl3_send_server_hello(SSL *s) if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++)=sl; @@ -1193,6 +1211,7 @@ int ssl3_send_server_hello(SSL *s) if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -1656,6 +1675,7 @@ err: BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return(-1); } @@ -1745,6 +1765,7 @@ int ssl3_send_certificate_request(SSL *s /* SSL3_ST_SW_CERT_REQ_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return(-1); } @@ -2369,6 +2390,7 @@ err: EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return(-1); } @@ -2521,6 +2543,7 @@ int ssl3_get_cert_verify(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); + s->state = SSL_ST_ERR; } end: EVP_PKEY_free(pkey); @@ -2676,8 +2699,9 @@ int ssl3_get_client_certificate(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } if (x != NULL) X509_free(x); if (sk != NULL) sk_X509_pop_free(sk,X509_free); return(ret); @@ -2698,6 +2722,7 @@ int ssl3_send_server_certificate(SSL *s) != (SSL_aKRB5|SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return(0); } @@ -2777,13 +2802,15 @@ static int nid2curve_id(int nid) #ifndef OPENSSL_NO_TLSEXT int ssl3_send_newsession_ticket(SSL *s) { + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; int len, slen; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -2793,8 +2820,10 @@ int ssl3_send_newsession_ticket(SSL *s) /* Some length values are 16 bits, so forget it if session is * too long */ - if (slen > 0xFF00) + if (slen == 0 || slen > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } /* Grow buffer if need be: the length calculation is as * follows 1 (size of message name) + 3 (message length * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + @@ -2807,18 +2836,23 @@ int ssl3_send_newsession_ticket(SSL *s) EVP_MAX_MD_SIZE + slen)) return -1; senc = OPENSSL_malloc(slen); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; p=(unsigned char *)s->init_buf->data; /* do the header */ *(p++)=SSL3_MT_NEWSESSION_TICKET; /* Skip message length for now */ p += 3; - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* Initialize HMAC and cipher contexts. If callback present * it does all the work otherwise use generated values * from parent ctx. @@ -2827,10 +2861,7 @@ int ssl3_send_newsession_ticket(SSL *s) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, &hctx, 1) < 0) - { - OPENSSL_free(senc); - return -1; - } + goto err; } else { @@ -2860,6 +2891,8 @@ int ssl3_send_newsession_ticket(SSL *s) HMAC_Update(&hctx, macstart, p - macstart); HMAC_Final(&hctx, p, &hlen); + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -2880,6 +2913,13 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; + return -1; } int ssl3_send_cert_status(SSL *s) @@ -2892,8 +2932,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) - return -1; + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; + return -1; + } p=(unsigned char *)s->init_buf->data; Index: openssl-0.9.8j/ssl/ssl.h =================================================================== --- openssl-0.9.8j.orig/ssl/ssl.h +++ openssl-0.9.8j/ssl/ssl.h @@ -1100,6 +1100,7 @@ extern "C" { #define SSL_ST_BEFORE 0x4000 #define SSL_ST_OK 0x03 #define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +#define SSL_ST_ERR (0x05|SSL_ST_INIT) #define SSL_CB_LOOP 0x01 #define SSL_CB_EXIT 0x02 Index: openssl-0.9.8j/ssl/ssl_stat.c =================================================================== --- openssl-0.9.8j.orig/ssl/ssl_stat.c +++ openssl-0.9.8j/ssl/ssl_stat.c @@ -74,6 +74,7 @@ case SSL_ST_BEFORE|SSL_ST_CONNECT: str=" case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; +case SSL_ST_ERR: str="error"; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; @@ -233,6 +234,7 @@ case SSL_ST_BEFORE: str="PINIT "; bre case SSL_ST_ACCEPT: str="AINIT "; break; case SSL_ST_CONNECT: str="CINIT "; break; case SSL_ST_OK: str="SSLOK "; break; +case SSL_ST_ERR: str="SSLERR"; break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; Index: openssl-0.9.8j/ssl/s3_clnt.c =================================================================== --- openssl-0.9.8j.orig/ssl/s3_clnt.c +++ openssl-0.9.8j/ssl/s3_clnt.c @@ -206,6 +206,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00 ) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -218,11 +219,13 @@ int ssl3_connect(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; @@ -232,7 +235,11 @@ int ssl3_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,0)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* don't push the buffering BIO quite yet */ @@ -323,6 +330,7 @@ int ssl3_connect(SSL *s) if (!ssl3_check_cert_and_algorithm(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -416,6 +424,7 @@ int ssl3_connect(SSL *s) if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -423,6 +432,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -541,7 +551,8 @@ int ssl3_connect(SSL *s) goto end; /* break; */ - + + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -688,6 +699,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return(-1); } @@ -891,6 +903,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: + s->state = SSL_ST_ERR; return(-1); } @@ -1078,8 +1091,9 @@ int ssl3_get_server_certificate(SSL *s) { f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); - } err: + s->state = SSL_ST_ERR; + } EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk,X509_free); @@ -1561,6 +1575,7 @@ err: EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return(-1); } @@ -1707,7 +1722,10 @@ cont: ca_sk=NULL; ret=1; + goto done; err: + s->state = SSL_ST_ERR; +done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); return(ret); } @@ -1835,6 +1853,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: + s->state = SSL_ST_ERR; return(-1); } @@ -1904,6 +1923,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); + s->state = SSL_ST_ERR; return(-1); } #endif @@ -1926,6 +1946,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret=1; @@ -2447,6 +2468,7 @@ err: EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return(-1); } @@ -2535,6 +2557,7 @@ int ssl3_send_client_verify(SSL *s) } return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return(-1); } Index: openssl-0.9.8j/ssl/d1_clnt.c =================================================================== --- openssl-0.9.8j.orig/ssl/d1_clnt.c +++ openssl-0.9.8j/ssl/d1_clnt.c @@ -185,6 +185,7 @@ int dtls1_connect(SSL *s) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -196,21 +197,31 @@ int dtls1_connect(SSL *s) if ((buf=BUF_MEM_new()) == NULL) { ret= -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf=buf; buf=NULL; } - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } + if (!ssl3_setup_buffers(s)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } + if (!ssl_init_wbio_buffer(s,0)) { + ret= -1; + s->state = SSL_ST_ERR; + goto end; + } /* don't push the buffering BIO quite yet */ @@ -329,6 +340,7 @@ int dtls1_connect(SSL *s) if (!ssl3_check_cert_and_algorithm(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -415,6 +427,7 @@ int dtls1_connect(SSL *s) if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -422,6 +435,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret= -1; + s->state = SSL_ST_ERR; goto end; } @@ -548,7 +562,8 @@ int dtls1_connect(SSL *s) dtls1_clear_received_buffer(s); goto end; /* break; */ - + + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE); ret= -1; @@ -758,6 +773,7 @@ static int dtls1_get_hello_verify(SSL *s f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } Index: openssl-0.9.8j/ssl/d1_pkt.c =================================================================== --- openssl-0.9.8j.orig/ssl/d1_pkt.c +++ openssl-0.9.8j/ssl/d1_pkt.c @@ -1052,6 +1052,7 @@ start: ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); + s->state = SSL_ST_ERR; return(0); } else Index: openssl-0.9.8j/ssl/s3_pkt.c =================================================================== --- openssl-0.9.8j.orig/ssl/s3_pkt.c +++ openssl-0.9.8j/ssl/s3_pkt.c @@ -1117,6 +1117,7 @@ start: ERR_add_error_data(2,"SSL alert number ",tmp); s->shutdown|=SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->ctx,s->session); + s->state = SSL_ST_ERR; return(0); } else @@ -1339,9 +1340,12 @@ void ssl3_send_alert(SSL *s, int level, if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ if (desc < 0) return; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx,s->session); + /* If a fatal one, remove from cache and go into the error state */ + if (level == SSL3_AL_FATAL) { + if (s->session != NULL) + SSL_CTX_remove_session(s->session_ctx, s->session); + s->state = SSL_ST_ERR; + } s->s3->alert_dispatch=1; s->s3->send_alert[0]=level;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor