From 3cbb15ee813453c52694c1d6f9a89eb7ae757943 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 1 Jun 2010 14:39:01 +0000 Subject: [PATCH] add CVE-2010-0742 and CVS-2010-1633 fixes --- CHANGES | 10 ++++++++++ NEWS | 2 ++ crypto/cms/cms_asn1.c | 4 ++-- crypto/rsa/rsa_pmeth.c | 2 ++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 6f713d9e87..17ddf7f021 100644 --- a/CHANGES +++ b/CHANGES @@ -103,6 +103,12 @@ is enable if DEBUG_UNUSED is set. Add to several functions in evp.h whose return value is often ignored. [Steve Henson] + + Changes between 1.0.0 and 1.0.0a [xx XXX xxxx] + + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + (CVE-2010-1633) + [Steve Henson, Peter-Michael Hager ] Changes between 0.9.8n and 1.0.0 [xx XXX xxxx] @@ -947,6 +953,10 @@ Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen ] + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. diff --git a/NEWS b/NEWS index 65c0ac933f..3a787ea06c 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: @@ -34,6 +35,7 @@ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + o Fix for security issue CVE-2010-0742. o Various DTLS fixes. o Recognise SHA2 certificates if only SSL algorithms added. o Fix for no-rc4 compilation. diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 835cae4e0b..cfe67fb6c1 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index ff65c071f8..60bf6145ab 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -251,6 +251,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0, rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; ret = sltmp; } else -- 2.34.1