From 122ada69e94a52b60d97f0d7bacd03dcc1e123bf Mon Sep 17 00:00:00 2001 From: vsevolod Date: Thu, 19 Mar 2015 15:30:24 +0000 Subject: - Backport the following fixes from openssl [1]: CVE-2015-0207 Segmentation fault in DTLSv1_listen moderate CVE-2015-0209 Use After Free following d2i_ECPrivatekey error low CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp moderate CVE-2015-0287 ASN.1 structure reuse memory corruption moderate CVE-2015-0289 PKCS7 NULL pointer dereferences moderate - Enable libtls component [2] - Bump portrevision PR: 198681 [1] Submitted by: Bernard Spil [1], naddy [2] --- security/libressl/Makefile | 2 + security/libressl/pkg-plist | 41 ++++++ .../libressl/files/patch-crypto_asn1_a__int.c | 26 ++++ .../libressl/files/patch-crypto_asn1_a__set.c | 17 +++ .../libressl/files/patch-crypto_asn1_a__type.c | 19 +++ .../libressl/files/patch-crypto_asn1_d2i__pr.c | 17 +++ .../libressl/files/patch-crypto_asn1_d2i__pu.c | 17 +++ .../libressl/files/patch-crypto_asn1_n__pkey.c | 24 +++ .../libressl/files/patch-crypto_asn1_tasn__dec.c | 47 ++++++ .../libressl/files/patch-crypto_asn1_x__x509.c | 34 +++++ .../libressl/files/patch-crypto_ec_ec__asn1.c | 102 +++++++++++++ .../libressl/files/patch-crypto_pkcs7_pk7__doit.c | 162 +++++++++++++++++++++ .../libressl/files/patch-crypto_pkcs7_pk7__lib.c | 17 +++ .../security/libressl/files/patch-ssl_d1__lib.c | 18 +++ 14 files changed, 543 insertions(+) create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c create mode 100644 security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c create mode 100644 security/libressl/security/libressl/files/patch-ssl_d1__lib.c (limited to 'security/libressl') diff --git a/security/libressl/Makefile b/security/libressl/Makefile index 08c9b03c6fa4..9562ef613e5b 100644 --- a/security/libressl/Makefile +++ b/security/libressl/Makefile @@ -3,6 +3,7 @@ PORTNAME= libressl PORTVERSION= 2.1.5 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= ${MASTER_SITE_OPENBSD} MASTER_SITE_SUBDIR= LibreSSL @@ -16,6 +17,7 @@ CPE_VENDOR= openbsd CONFLICTS?= openssl-* GNU_CONFIGURE= yes +CONFIGURE_ARGS= --enable-libtls USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes diff --git a/security/libressl/pkg-plist b/security/libressl/pkg-plist index cdc49c07d1ad..e1abae09dd94 100644 --- a/security/libressl/pkg-plist +++ b/security/libressl/pkg-plist @@ -71,6 +71,7 @@ include/openssl/whrlpool.h include/openssl/x509.h include/openssl/x509_vfy.h include/openssl/x509v3.h +include/tls.h lib/libcrypto.a lib/libcrypto.so lib/libcrypto.so.32 @@ -79,8 +80,13 @@ lib/libssl.a lib/libssl.so lib/libssl.so.32 lib/libssl.so.32.0.0 +lib/libtls.a +lib/libtls.so +lib/libtls.so.3 +lib/libtls.so.3.0.0 libdata/pkgconfig/libcrypto.pc libdata/pkgconfig/libssl.pc +libdata/pkgconfig/libtls.pc libdata/pkgconfig/openssl.pc man/man1/openssl.1.gz man/man3/ASN1_OBJECT_free.3.gz @@ -1379,6 +1385,41 @@ man/man3/mul_add.3.gz man/man3/rsa.3.gz man/man3/sqr.3.gz man/man3/ssl.3.gz +man/man3/tls_accept_socket.3.gz +man/man3/tls_client.3.gz +man/man3/tls_close.3.gz +man/man3/tls_config_clear_keys.3.gz +man/man3/tls_config_free.3.gz +man/man3/tls_config_insecure_noverifycert.3.gz +man/man3/tls_config_insecure_noverifyname.3.gz +man/man3/tls_config_new.3.gz +man/man3/tls_config_parse_protocols.3.gz +man/man3/tls_config_set_ca_file.3.gz +man/man3/tls_config_set_ca_mem.3.gz +man/man3/tls_config_set_ca_path.3.gz +man/man3/tls_config_set_cert_file.3.gz +man/man3/tls_config_set_cert_mem.3.gz +man/man3/tls_config_set_ciphers.3.gz +man/man3/tls_config_set_dheparams.3.gz +man/man3/tls_config_set_ecdhecurve.3.gz +man/man3/tls_config_set_key_file.3.gz +man/man3/tls_config_set_key_mem.3.gz +man/man3/tls_config_set_protocols.3.gz +man/man3/tls_config_set_verify_depth.3.gz +man/man3/tls_config_verify.3.gz +man/man3/tls_configure.3.gz +man/man3/tls_connect.3.gz +man/man3/tls_connect_fds.3.gz +man/man3/tls_connect_servername.3.gz +man/man3/tls_connect_socket.3.gz +man/man3/tls_error.3.gz +man/man3/tls_free.3.gz +man/man3/tls_init.3.gz +man/man3/tls_load_file.3.gz +man/man3/tls_read.3.gz +man/man3/tls_reset.3.gz +man/man3/tls_server.3.gz +man/man3/tls_write.3.gz man/man3/ui.3.gz man/man3/ui_compat.3.gz man/man3/x509.3.gz diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c new file mode 100644 index 000000000000..c3d7d3dcc177 --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c @@ -0,0 +1,26 @@ +--- crypto/asn1/a_int.c.orig 2015-02-10 14:54:46 UTC ++++ crypto/asn1/a_int.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: a_int.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */ ++/* $OpenBSD: a_int.c,v 1.25 2015/02/10 08:33:10 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -268,7 +268,7 @@ c2i_ASN1_INTEGER(ASN1_INTEGER **a, const + + err: + ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ if (a == NULL || *a != ret) + M_ASN1_INTEGER_free(ret); + return (NULL); + } +@@ -335,7 +335,7 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, cons + + err: + ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ if (a == NULL || *a != ret) + M_ASN1_INTEGER_free(ret); + return (NULL); + } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c new file mode 100644 index 000000000000..68c00ab76b0d --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c @@ -0,0 +1,17 @@ +--- crypto/asn1/a_set.c.orig 2014-12-06 23:15:50 UTC ++++ crypto/asn1/a_set.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: a_set.c,v 1.15 2014/07/10 13:58:22 jsing Exp $ */ ++/* $OpenBSD: a_set.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -225,7 +225,7 @@ d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a + return ret; + + err: +- if (ret != NULL && (a == NULL || *a != ret)) { ++ if (a == NULL || *a != ret) { + if (free_func != NULL) + sk_OPENSSL_BLOCK_pop_free(ret, free_func); + else diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c b/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c new file mode 100644 index 000000000000..b928c7a6bf40 --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c @@ -0,0 +1,19 @@ +--- crypto/asn1/a_type.c.orig 2015-02-10 14:54:46 UTC ++++ crypto/asn1/a_type.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: a_type.c,v 1.14 2014/07/11 08:44:47 jsing Exp $ */ ++/* $OpenBSD: a_type.c,v 1.15 2015/02/10 08:33:10 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -119,7 +119,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; +- ++ case V_ASN1_BOOLEAN: ++ result = a->value.boolean - b->value.boolean; ++ break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c new file mode 100644 index 000000000000..3c5a15995404 --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c @@ -0,0 +1,17 @@ +--- crypto/asn1/d2i_pr.c.orig 2015-02-11 14:17:41 UTC ++++ crypto/asn1/d2i_pr.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: d2i_pr.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ ++/* $OpenBSD: d2i_pr.c,v 1.13 2015/02/11 03:19:37 doug Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -118,7 +118,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, c + return (ret); + + err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); + } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c new file mode 100644 index 000000000000..96b706605dbb --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c @@ -0,0 +1,17 @@ +--- crypto/asn1/d2i_pu.c.orig 2014-12-06 23:15:50 UTC ++++ crypto/asn1/d2i_pu.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: d2i_pu.c,v 1.11 2014/07/10 22:45:56 jsing Exp $ */ ++/* $OpenBSD: d2i_pu.c,v 1.12 2014/07/11 08:44:47 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -130,7 +130,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, co + return (ret); + + err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); + } diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c b/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c new file mode 100644 index 000000000000..addab2fdd4dc --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c @@ -0,0 +1,24 @@ +--- crypto/asn1/n_pkey.c.orig 2015-02-11 14:17:41 UTC ++++ crypto/asn1/n_pkey.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: n_pkey.c,v 1.24 2015/02/11 03:39:51 jsing Exp $ */ ++/* $OpenBSD: n_pkey.c,v 1.25 2015/02/11 04:00:39 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -340,11 +340,11 @@ d2i_RSA_NET(RSA **a, const unsigned char + return NULL; + } + +- if ((enckey->os->length != 11) || (strncmp("private-key", +- (char *)enckey->os->data, 11) != 0)) { ++ /* XXX 11 == strlen("private-key") */ ++ if (enckey->os->length != 11 || ++ memcmp("private-key", enckey->os->data, 11) != 0) { + ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); +- NETSCAPE_ENCRYPTED_PKEY_free(enckey); +- return NULL; ++ goto err; + } + if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { + ASN1err(ASN1_F_D2I_RSA_NET, diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c b/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c new file mode 100644 index 000000000000..aa5e0bfa2199 --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c @@ -0,0 +1,47 @@ +--- crypto/asn1/tasn_dec.c.orig 2015-02-14 19:09:01 UTC ++++ crypto/asn1/tasn_dec.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: tasn_dec.c,v 1.24 2014/06/12 15:49:27 deraadt Exp $ */ ++/* $OpenBSD: tasn_dec.c,v 1.25 2015/02/14 15:23:57 miod Exp $ */ + /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +@@ -238,8 +238,16 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + +- /* Allocate structure */ +- if (!*pval && !ASN1_item_ex_new(pval, it)) { ++ if (*pval) { ++ /* Free up and zero CHOICE value if initialised */ ++ i = asn1_get_choice_selector(pval, it); ++ if ((i >= 0) && (i < it->tcount)) { ++ tt = it->templates + i; ++ pchptr = asn1_get_field_ptr(pval, tt); ++ ASN1_template_free(pchptr, tt); ++ asn1_set_choice_selector(pval, -1, it); ++ } ++ } else if (!ASN1_item_ex_new(pval, it)) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ERR_R_NESTED_ASN1_ERROR); + goto err; +@@ -325,6 +333,19 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, cons + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + ++ /* Free up and zero any ADB found */ ++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { ++ if (tt->flags & ASN1_TFLG_ADB_MASK) { ++ const ASN1_TEMPLATE *seqtt; ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ if (!seqtt) ++ goto err; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ ASN1_template_free(pseqval, seqtt); ++ } ++ } ++ + /* Get each field entry */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + const ASN1_TEMPLATE *seqtt; diff --git a/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c b/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c new file mode 100644 index 000000000000..e8012fb0d7a3 --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c @@ -0,0 +1,34 @@ +--- crypto/asn1/x_x509.c.orig 2015-02-11 14:17:41 UTC ++++ crypto/asn1/x_x509.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x_x509.c,v 1.22 2015/02/11 03:39:51 jsing Exp $ */ ++/* $OpenBSD: x_x509.c,v 1.23 2015/02/11 04:00:39 jsing Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -313,16 +313,20 @@ d2i_X509_AUX(X509 **a, const unsigned ch + + /* Save start position */ + q = *pp; +- ret = d2i_X509(a, pp, length); ++ ret = d2i_X509(NULL, pp, length); + /* If certificate unreadable then forget it */ + if (!ret) + return NULL; + /* update length */ + length -= *pp - q; +- if (!length) +- return ret; +- if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) +- goto err; ++ if (length > 0) { ++ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) ++ goto err; ++ } ++ if (a != NULL) { ++ X509_free(*a); ++ *a = ret; ++ } + return ret; + + err: diff --git a/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c b/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c new file mode 100644 index 000000000000..d2bbb173ffaa --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c @@ -0,0 +1,102 @@ +--- crypto/ec/ec_asn1.c.orig 2015-02-10 14:54:46 UTC ++++ crypto/ec/ec_asn1.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ec_asn1.c,v 1.11 2015/02/10 04:01:26 jsing Exp $ */ ++/* $OpenBSD: ec_asn1.c,v 1.12 2015/02/10 05:43:09 jsing Exp $ */ + /* + * Written by Nils Larsch for the OpenSSL project. + */ +@@ -999,19 +999,19 @@ d2i_ECPKParameters(EC_GROUP ** a, const + + if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { + ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); +- ECPKPARAMETERS_free(params); +- return NULL; ++ goto err; + } + if ((group = ec_asn1_pkparameters2group(params)) == NULL) { + ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); +- ECPKPARAMETERS_free(params); +- return NULL; ++ goto err; + } +- if (a && *a) ++ ++ if (a != NULL) { + EC_GROUP_clear_free(*a); +- if (a) + *a = group; ++ } + ++err: + ECPKPARAMETERS_free(params); + return (group); + } +@@ -1039,7 +1039,6 @@ i2d_ECPKParameters(const EC_GROUP * a, u + EC_KEY * + d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) + { +- int ok = 0; + EC_KEY *ret = NULL; + EC_PRIVATEKEY *priv_key = NULL; + +@@ -1054,12 +1053,9 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi + } + if (a == NULL || *a == NULL) { + if ((ret = EC_KEY_new()) == NULL) { +- ECerr(EC_F_D2I_ECPRIVATEKEY, +- ERR_R_MALLOC_FAILURE); ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); + goto err; + } +- if (a) +- *a = ret; + } else + ret = *a; + +@@ -1109,17 +1105,19 @@ d2i_ECPrivateKey(EC_KEY ** a, const unsi + goto err; + } + } +- ok = 1; ++ ++ EC_PRIVATEKEY_free(priv_key); ++ if (a != NULL) ++ *a = ret; ++ return (ret); ++ + err: +- if (!ok) { +- if (ret) +- EC_KEY_free(ret); +- ret = NULL; +- } ++ if (a == NULL || *a != ret) ++ EC_KEY_free(ret); + if (priv_key) + EC_PRIVATEKEY_free(priv_key); + +- return (ret); ++ return (NULL); + } + + int +@@ -1232,8 +1230,6 @@ d2i_ECParameters(EC_KEY ** a, const unsi + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); + return NULL; + } +- if (a) +- *a = ret; + } else + ret = *a; + +@@ -1241,6 +1237,9 @@ d2i_ECParameters(EC_KEY ** a, const unsi + ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + return NULL; + } ++ ++ if (a != NULL) ++ *a = ret; + return ret; + } + diff --git a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c new file mode 100644 index 000000000000..1ceba4477a3b --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c @@ -0,0 +1,162 @@ +--- crypto/pkcs7/pk7_doit.c.orig 2015-02-09 01:31:52 UTC ++++ crypto/pkcs7/pk7_doit.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: pk7_doit.c,v 1.30 2014/10/22 13:02:04 jsing Exp $ */ ++/* $OpenBSD: pk7_doit.c,v 1.31 2015/02/07 13:19:15 doug Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -261,6 +261,28 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio) + PKCS7_RECIP_INFO *ri = NULL; + ASN1_OCTET_STRING *os = NULL; + ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ ++ /* ++ * The content field in the PKCS7 ContentInfo is optional, ++ * but that really only applies to inner content (precisely, ++ * detached signatures). ++ * ++ * When reading content, missing outer content is therefore ++ * treated as an error. ++ * ++ * When creating content, PKCS7_content_new() must be called ++ * before calling this method, so a NULL p7->d is always ++ * an error. ++ */ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); ++ return NULL; ++ } ++ + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + +@@ -417,6 +439,17 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pk + unsigned char *ek = NULL, *tkey = NULL; + int eklen = 0, tkeylen = 0; + ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); ++ return NULL; ++ } ++ + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + +@@ -691,6 +724,17 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; + ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ++ PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); ++ return 0; ++ } ++ + EVP_MD_CTX_init(&ctx_tmp); + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; +@@ -736,6 +780,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { + M_ASN1_OCTET_STRING_free(os); ++ os = NULL; + p7->d.sign->contents->d.data = NULL; + } + break; +@@ -750,6 +795,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + if (PKCS7_type_is_data(p7->d.digest->contents) && + p7->detached) { + M_ASN1_OCTET_STRING_free(os); ++ os = NULL; + p7->d.digest->contents->d.data = NULL; + } + break; +@@ -815,22 +861,32 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } + +- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { +- char *cont; +- long contlen; +- btmp = BIO_find_type(bio, BIO_TYPE_MEM); +- if (btmp == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, +- PKCS7_R_UNABLE_TO_FIND_MEM_BIO); ++ if (!PKCS7_is_detached(p7)) { ++ /* ++ * NOTE: only reach os == NULL here because detached ++ * digested data support is broken? ++ */ ++ if (os == NULL) + goto err; ++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { ++ char *cont; ++ long contlen; ++ ++ btmp = BIO_find_type(bio, BIO_TYPE_MEM); ++ if (btmp == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ++ PKCS7_R_UNABLE_TO_FIND_MEM_BIO); ++ goto err; ++ } ++ contlen = BIO_get_mem_data(btmp, &cont); ++ /* ++ * Mark the BIO read only then we can use its copy ++ * of the data instead of making an extra copy. ++ */ ++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); ++ BIO_set_mem_eof_return(btmp, 0); ++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } +- contlen = BIO_get_mem_data(btmp, &cont); +- /* Mark the BIO read only then we can use its copy of the data +- * instead of making an extra copy. +- */ +- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); +- BIO_set_mem_eof_return(btmp, 0); +- ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } + ret = 1; + err: +@@ -905,6 +961,17 @@ PKCS7_dataVerify(X509_STORE *cert_store, + STACK_OF(X509) *cert; + X509 *x509; + ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ++ PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); ++ return 0; ++ } ++ + if (PKCS7_type_is_signed(p7)) { + cert = p7->d.sign->cert; + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { +@@ -941,6 +1008,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, + + return PKCS7_signatureVerify(bio, p7, si, x509); + err: ++ + return ret; + } + diff --git a/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c new file mode 100644 index 000000000000..9b0ecd4dda8e --- /dev/null +++ b/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c @@ -0,0 +1,17 @@ +--- crypto/pkcs7/pk7_lib.c.orig 2014-12-06 23:15:50 UTC ++++ crypto/pkcs7/pk7_lib.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: pk7_lib.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */ ++/* $OpenBSD: pk7_lib.c,v 1.14 2014/07/12 16:03:37 miod Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -460,6 +460,8 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD + STACK_OF(PKCS7_SIGNER_INFO) * + PKCS7_get_signer_info(PKCS7 *p7) + { ++ if (p7 == NULL || p7->d.ptr == NULL) ++ return (NULL); + if (PKCS7_type_is_signed(p7)) { + return (p7->d.sign->signer_info); + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/security/libressl/security/libressl/files/patch-ssl_d1__lib.c b/security/libressl/security/libressl/files/patch-ssl_d1__lib.c new file mode 100644 index 000000000000..022a27d2c11b --- /dev/null +++ b/security/libressl/security/libressl/files/patch-ssl_d1__lib.c @@ -0,0 +1,18 @@ +--- ssl/d1_lib.c.orig 2015-02-09 23:29:07 UTC ++++ ssl/d1_lib.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: d1_lib.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */ ++/* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */ + /* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. +@@ -443,6 +443,9 @@ dtls1_listen(SSL *s, struct sockaddr *cl + { + int ret; + ++ /* Ensure there is no state left over from a previous invocation */ ++ SSL_clear(s); ++ + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + s->d1->listen = 1; + -- cgit