On Mon, Mar 02, 2009 at 05:36:15PM -0800, Claus Assmann wrote:
> Out of the box OpenSSL 0.9.8j fails to install on SunOS 5.10 ( cp:
> cannot access fipscanister.o). I found a mail in the archives about
> this and applied the patch to disable FIPS (see below). However,
> after doing that compilation fails because fips.h is missing:
>
> [ ... ]
>
> What's the "correct" way to fix this? For now I "hacked" the Makefile
> to ignore the result of the cp command.
For me the "correct" solution was to not even consider using 0.9.8j at
this time. It is IMNSHO not a "patch" release, rather a major feature
release, with a lot of new code that has been sufficiently stress-tested.
The fact that this release is also a critical security release, in my
opinion, highlights a significant deficiency in the OpenSSL release
process. There are no OpenSSL "patch" releases, there are only feature
releases, some with fewer new features, and some with more.
So, I back-ported the recent security patch and other miscellaneous fixes
to 0.9.8i instead. I won't be adopting the 0.9.8j+ releases until the
new FIPS code undergoes significant field testing.
You can check the CVS histories of the patched files to find the relevant
fixes these represent. I should have these handy, but I don't...
It should not be necessary for distribution maintainers to back-port
critical fixes while weeding out new OpenSSL features, but sadly this
is for now the situation we are in.
--
Viktor.
--- apps/speed.c 2007-11-15 13:33:47.000000000 +0000
+++ apps/speed-new.c 2008-12-04 00:00:00.000000000 +0000
@@ -2132,7 +2132,7 @@
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
rsa_num, rsa_key[j]);
- if (ret == 0)
+ if (ret <= 0)
{
BIO_printf(bio_err,
"RSA verify failure\n");
--- apps/spkac.c 2005-04-05 19:11:18.000000000 +0000
+++ apps/spkac.c 2008-12-04 00:00:00.000000000 +0000
@@ -285,7 +285,7 @@
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
- if(i) BIO_printf(bio_err, "Signature OK\n");
+ if (i > 0) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
--- apps/verify.c 2004-11-29 11:28:07.000000000 +0000
+++ apps/verify.c 2008-12-04 00:00:00.600000000 +0000
@@ -266,7 +266,7 @@
ret=0;
end:
- if (i)
+ if (i > 0)
{
fprintf(stdout,"OK\n");
ret=1;
@@ -367,4 +367,3 @@
ERR_clear_error();
return(ok);
}
-
--- apps/x509.c 2007-10-12 00:00:10.000000000 +0000
+++ apps/x509.c 2008-12-04 00:00:00.400000000 +0000
@@ -1151,7 +1151,7 @@
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */
X509_STORE_CTX_set_cert(&xsc,x);
- if (!reqfile && !X509_verify_cert(&xsc))
+ if (!reqfile && X509_verify_cert(&xsc) <= 0)
goto end;
if (!X509_check_private_key(xca,pkey))
--- crypto/cms/cms_sd.c 2008-04-06 16:30:38.000000000 +0000
+++ crypto/cms/cms_sd.c 2008-12-04 00:00:00.400000000 +0000
@@ -830,7 +830,7 @@
cms_fixup_mctx(&mctx, si->pkey);
r = EVP_VerifyFinal(&mctx,
si->signature->data, si->signature->length, si->pkey);
- if (!r)
+ if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
EVP_MD_CTX_cleanup(&mctx);
--- ssl/s2_clnt.c 2007-09-06 12:43:53.000000000 +0000
+++ ssl/s2_clnt.c 2008-12-04 00:00:00.100000000 +0000
@@ -1044,7 +1044,7 @@
i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
goto err;
--- ssl/s2_srvr.c 2007-09-06 12:43:53.000000000 +0000
+++ ssl/s2_srvr.c 2008-12-04 00:00:00.900000000 +0000
@@ -1054,7 +1054,7 @@
i=ssl_verify_cert_chain(s,sk);
- if (i) /* we like the packet, now check the chksum */
+ if (i > 0) /* we like the packet, now check the chksum */
{
EVP_MD_CTX ctx;
EVP_PKEY *pkey=NULL;
@@ -1083,7 +1083,7 @@
EVP_PKEY_free(pkey);
EVP_MD_CTX_cleanup(&ctx);
- if (i)
+ if (i > 0)
{
if (s->session->peer != NULL)
X509_free(s->session->peer);
--- ssl/s3_clnt.c 2008-06-16 16:56:41.000000000 +0000
+++ ssl/s3_clnt.c 2008-12-04 00:00:00.100000000 +0000
@@ -972,7 +972,7 @@
}
i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
#ifndef OPENSSL_NO_KRB5
&& (s->s3->tmp.new_cipher->algorithms &
(SSL_MKEY_MASK|SSL_AUTH_MASK))
!= (SSL_aKRB5|SSL_kKRB5)
@@ -1459,7 +1459,7 @@
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
{
/* bad signature */
al=SSL_AD_DECRYPT_ERROR;
@@ -1477,7 +1477,7 @@
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
{
/* bad signature */
al=SSL_AD_DECRYPT_ERROR;
--- ssl/s3_srvr.c 2008-09-14 18:16:09.000000000 +0000
+++ ssl/s3_srvr.c 2008-12-04 00:00:00.100000000 +0000
@@ -2560,7 +2560,7 @@
else
{
i=ssl_verify_cert_chain(s,sk);
- if (!i)
+ if (i <= 0)
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
--- ssl/ssltest.c 2008-06-16 16:56:42.000000000 +0000
+++ ssl/ssltest.c 2008-12-04 00:00:00.900000000 +0000
@@ -2093,7 +2093,7 @@
if (cb_arg->proxy_auth)
{
- if (ok)
+ if (ok > 0)
{
const char *cond_end = NULL;
--- crypto/asn1/a_sign.c 2005-05-08 20:27:32.679157175 -0400
+++ crypto/asn1/a_sign.c 2008-09-25 13:01:32.000000000 -0400
@@ -267,7 +267,12 @@
goto err;
}
- EVP_SignInit_ex(&ctx,type, NULL);
+ if (!EVP_SignInit_ex(&ctx,type, NULL))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+ goto err;
+ }
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
(unsigned int *)&outl,pkey))
--- crypto/asn1/a_verify.c 2005-05-08 20:27:32.095808360 -0400
+++ crypto/asn1/a_verify.c 2008-09-25 13:01:32.000000000 -0400
@@ -100,7 +100,12 @@
p=buf_in;
i2d(data,&p);
- EVP_VerifyInit_ex(&ctx,type, NULL);
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
--- crypto/bn/bn_shift.c 2003-11-13 10:03:14.000000000 -0500
+++ crypto/bn/bn_shift.c 2008-10-28 10:01:41.000000000 -0400
@@ -177,7 +177,7 @@
nw=n/BN_BITS2;
rb=n%BN_BITS2;
lb=BN_BITS2-rb;
- if (nw > a->top || a->top == 0)
+ if (nw >= a->top || a->top == 0)
{
BN_zero(r);
return(1);
--- crypto/ec/ec_key.c 2005-05-17 08:23:16.992458116 -0400
+++ crypto/ec/ec_key.c 2008-09-23 14:02:17.000000000 -0400
@@ -296,7 +296,7 @@
{
int ok = 0;
BN_CTX *ctx = NULL;
- BIGNUM *order = NULL;
+ const BIGNUM *order = NULL;
EC_POINT *point = NULL;
if (!eckey || !eckey->group || !eckey->pub_key)
@@ -307,8 +307,6 @@
if ((ctx = BN_CTX_new()) == NULL)
goto err;
- if ((order = BN_new()) == NULL)
- goto err;
if ((point = EC_POINT_new(eckey->group)) == NULL)
goto err;
@@ -319,17 +317,13 @@
goto err;
}
/* testing whether pub_key * order is the point at infinity */
- if (!EC_GROUP_get_order(eckey->group, order, ctx))
+ order = &eckey->group->order;
+ if (BN_is_zero(order))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
goto err;
}
- if (!EC_POINT_copy(point, eckey->pub_key))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
- goto err;
- }
- if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))
+ if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order,
ctx))
{
ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
goto err;
@@ -366,8 +360,6 @@
err:
if (ctx != NULL)
BN_CTX_free(ctx);
- if (order != NULL)
- BN_free(order);
if (point != NULL)
EC_POINT_free(point);
return(ok);
--- crypto/pqueue/pq_compat.h 2007-09-17 12:21:21.736417599 -0400
+++ crypto/pqueue/pq_compat.h 2008-10-20 09:01:36.000000000 -0400
@@ -57,6 +57,9 @@
*
*/
+#ifndef HEADER_PQ_COMPAT_H
+#define HEADER_PQ_COMPAT_H
+
#include <openssl/opensslconf.h>
#include <openssl/bn.h>
@@ -145,3 +148,5 @@
*(x) |= mask; \
} while(0)
#endif /* OPENSSL_SYS_VMS */
+
+#endif
--- crypto/x509v3/v3_addr.c 2008-09-14 11:46:35.439805980 -0400
+++ crypto/x509v3/v3_addr.c 2008-10-14 16:01:46.000000000 -0400
@@ -878,6 +878,7 @@
v3_addr_get_afi(f)))
return 0;
}
+ sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
sk_IPAddressFamily_sort(addr);
assert(v3_addr_is_canonical(addr));
return 1;
--- ssl/s3_srvr.c 2008-09-14 14:16:09.000000000 -0400
+++ ssl/s3_srvr.c 2008-09-22 18:02:13.000000000 -0400
@@ -902,22 +902,28 @@
break;
}
}
- if (j == 0)
+ if (j == 0 && (s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
- if ((s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+ /* Special case as client bug workaround: the
previously used cipher may
+ * not be in the current list, the client instead might
be trying to
+ * continue using a cipher that before wasn't chosen
due to server
+ * preferences. We'll have to reject the connection if
the cipher is not
+ * enabled, though. */
+ c = sk_SSL_CIPHER_value(ciphers, 0);
+ if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
{
- /* Very bad for multi-threading.... */
- s->session->cipher=sk_SSL_CIPHER_value(ciphers,
0);
- }
- else
- {
- /* we need to have the cipher in the cipher
- * list if we are asked to reuse it */
- al=SSL_AD_ILLEGAL_PARAMETER;
-
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
+ s->session->cipher = c;
+ j = 1;
}
}
+ if (j == 0)
+ {
+ /* we need to have the cipher in the cipher
+ * list if we are asked to reuse it */
+ al=SSL_AD_ILLEGAL_PARAMETER;
+
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+ goto f_err;
+ }
}
/* compression */
