Author: delphij
Date: Fri Mar 20 07:11:20 2015
New Revision: 280274
URL: https://svnweb.freebsd.org/changeset/base/280274
Log:
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
Pointy hat to: delphij
Modified:
stable/9/crypto/openssl/crypto/asn1/tasn_dec.c
stable/9/crypto/openssl/crypto/ec/ec_asn1.c
stable/9/crypto/openssl/crypto/x509/x509_req.c
Changes in other areas also in this revision:
Modified:
stable/10/crypto/openssl/crypto/asn1/tasn_dec.c
stable/10/crypto/openssl/crypto/ec/ec_asn1.c
stable/10/crypto/openssl/crypto/x509/x509_req.c
stable/8/crypto/openssl/crypto/asn1/tasn_dec.c
stable/8/crypto/openssl/crypto/ec/ec_asn1.c
stable/8/crypto/openssl/crypto/x509/x509_req.c
Modified: stable/9/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- stable/9/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 01:07:48
2015 (r280273)
+++ stable/9/crypto/openssl/crypto/asn1/tasn_dec.c Fri Mar 20 07:11:20
2015 (r280274)
@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag)
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+ {
ASN1_TLC c;
ASN1_VALUE *ptmpval = NULL;
+ if (!pval)
+ pval = &ptmpval;
c.valid = 0;
- if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
- ptmpval = *pval;
-
- if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
- if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
- if (*pval)
- ASN1_item_free(*pval, it);
- *pval = ptmpval;
- }
- return ptmpval;
- }
+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ return *pval;
return NULL;
-}
+ }
int ASN1_template_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
Modified: stable/9/crypto/openssl/crypto/ec/ec_asn1.c
==============================================================================
--- stable/9/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 01:07:48 2015
(r280273)
+++ stable/9/crypto/openssl/crypto/ec/ec_asn1.c Fri Mar 20 07:11:20 2015
(r280274)
@@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (a)
- *a = ret;
}
else
ret = *a;
@@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
}
}
+ if (a)
+ *a = ret;
ok = 1;
err:
if (!ok)
{
- if (ret)
+ if (ret && (a == NULL || *a != ret))
EC_KEY_free(ret);
ret = NULL;
}
Modified: stable/9/crypto/openssl/crypto/x509/x509_req.c
==============================================================================
--- stable/9/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 01:07:48
2015 (r280273)
+++ stable/9/crypto/openssl/crypto/x509/x509_req.c Fri Mar 20 07:11:20
2015 (r280274)
@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
goto err;
pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
i=X509_REQ_set_pubkey(ret,pktmp);
EVP_PKEY_free(pktmp);
if (!i) goto err;
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
