add CVE-2010-0742 and CVS-2010-1633 fixes

author Dr. Stephen Henson <steve@openssl.org>

Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)
diff --git a/CHANGES b/CHANGES

index 6f713d9e874bfa27204100a699aa9795a928e17a..17ddf7f021bc6f77c978da1a6366eeac03d48720 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -103,6 +103,12 @@
       is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
       whose return value is often ignored. 
       [Steve Henson]
       is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
       whose return value is often ignored. 
       [Steve Henson]
+  
+ Changes between 1.0.0 and 1.0.0a  [xx XXX xxxx]
+  
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
  
   Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
  
  
   Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
  
@@ -947,6 +953,10 @@
    
   Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
  
    
   Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
  
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+
    *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
       common in certificates and some applications which only call
       SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
    *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
       common in certificates and some applications which only call
       SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
diff --git a/NEWS b/NEWS

index 65c0ac933ff0b7d90b464caaa35ade45cf7b9505..3a787ea06cef7296aeaaaf2d5a77e74b2d160f53 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@
  
    Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
  
  
    Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
  
+      o Fix for security issue CVE-2010-1633.
        o GOST MAC and CFB fixes.
  
    Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
        o GOST MAC and CFB fixes.
  
    Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
@@ -34,6 +35,7 @@
  
    Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
  
  
    Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
  
+      o Fix for security issue CVE-2010-0742.
        o Various DTLS fixes.
        o Recognise SHA2 certificates if only SSL algorithms added.
        o Fix for no-rc4 compilation.
        o Various DTLS fixes.
        o Recognise SHA2 certificates if only SSL algorithms added.
        o Fix for no-rc4 compilation.
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c

index 835cae4e0b20dc9bc767a60d9591e39edb065710..cfe67fb6c1835d9cfea21f754da91a8de97bd12b 100644 (file)
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
  } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
  
  ASN1_SEQUENCE(CMS_OriginatorInfo) = {
  } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
  
  ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-       ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-       ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+       ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+       ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
  } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
  
  ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
  } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
  
  ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c

index ff65c071f852c90eb14eda7bcb33af6f7d22cd79..60bf6145abe651703d188dd8bf0b694199122ee1 100644 (file)
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -251,6 +251,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                         ret = int_rsa_verify(EVP_MD_type(rctx->md),
                                                 NULL, 0, rout, &sltmp,
                                         sig, siglen, ctx->pkey->pkey.rsa);
                         ret = int_rsa_verify(EVP_MD_type(rctx->md),
                                                 NULL, 0, rout, &sltmp,
                                         sig, siglen, ctx->pkey->pkey.rsa);
+                       if (ret <= 0)
+                               return 0;
                         ret = sltmp;
                         }
                 else
                         ret = sltmp;
                         }
                 else
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 1 Jun 2010 14:39:01 +0000 (14:39 +0000)
CHANGES		patch \| blob \| history
NEWS		patch \| blob \| history
crypto/cms/cms_asn1.c		patch \| blob \| history
crypto/rsa/rsa_pmeth.c		patch \| blob \| history