prepare for 1.0.1c release

update NEWS
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
2012-05-10 15:16:37 +00:00 · 2012-05-10 15:11:34 +00:00 · 2012-05-10 15:10:15 +00:00 · 2012-05-10 15:01:22 +00:00 · 2012-05-10 13:38:18 +00:00 · 2012-05-10 13:34:22 +00:00
14 changed files with 45 additions and 14 deletions
--- a/18
+++ b/18
@@ -2,6 +2,24 @@
 OpenSSL CHANGES
 _______________

+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
 Changes between 1.0.1a and 1.0.1b [26 Apr 2012]

  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
--- a/2
+++ b/2
@@ -83,7 +83,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1b was released on Apr 26th, 2012.
+OpenSSL 1.0.1c was released on May 10th, 2012.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
--- a/5
+++ b/5
@@ -5,6 +5,11 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:

      o Fix compilation error on non-x86 platforms.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 1.0.1b 26 Apr 2012
+ OpenSSL 1.0.1c 10 May 2012

 Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/3
+++ b/3
@@ -1,10 +1,11 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2012/04/26 10:40:38 $
+  ______________                           $Date: 2012/05/10 15:16:36 $

  DEVELOPMENT STATE

    o  OpenSSL 1.1.0:  Under development...
+    o  OpenSSL 1.0.1c: Released on May       10th, 2012
    o  OpenSSL 1.0.1b: Released on April     26th, 2012
    o  OpenSSL 1.0.1a: Released on April     19th, 2012
    o  OpenSSL 1.0.1:  Released on March     14th, 2012
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 		goto err;
 		}
+	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
 	/* Generate random session key */
 	if (!enc || !ec->key)
 		{
-		tkeylen = EVP_CIPHER_CTX_key_length(ctx);
 		tkey = OPENSSL_malloc(tkeylen);
 		if (!tkey)
 			{
@@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			/* Only reveal failure if debugging so we don't
 			 * leak information which may be useful in MMA.
 			 */
-			if (ec->debug)
+			if (enc || ec->debug)
 				{
 				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
 						CMS_R_INVALID_KEY_LENGTH);
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x1000102fL
+#define OPENSSL_VERSION_NUMBER	0x1000103fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1b-fips 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1c-fips 10 May 2012"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1b 26 Apr 2012"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1c 10 May 2012"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

--- a/crypto/ppccpuid.pl
+++ b/crypto/ppccpuid.pl
@@ -105,7 +105,7 @@ Ladd:	lwarx	r5,0,r3
 Little:	mtctr	r4
 	stb	r0,0(r3)
 	addi	r3,r3,1
-	bdnz-	\$-8
+	bdnz	\$-8
 	blr
 Lot:	andi.	r5,r3,3
 	beq	Laligned
@@ -118,7 +118,7 @@ Laligned:
 	mtctr	r5
 	stw	r0,0(r3)
 	addi	r3,r3,4
-	bdnz-	\$-8
+	bdnz	\$-8
 	andi.	r4,r4,3
 	bne	Little
 	blr
--- a/doc/HOWTO/proxy_certificates.txt
+++ b/doc/HOWTO/proxy_certificates.txt
@@ -57,7 +57,7 @@ following methods:

 - in all other cases, proxy certificate validation can be enabled
   before starting the application by setting the envirnoment variable
-   OPENSSL_ALLOW_PROXY with some non-empty value.
+   OPENSSL_ALLOW_PROXY_CERTS with some non-empty value.

 There are thoughts to allow proxy certificates with a line in the
 default openssl.cnf, but that's still in the future.
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 %define libmaj 1
 %define libmin 0
 %define librel 1
-%define librev b
+%define librev c
 Release: 1

 %define openssldir /var/ssl
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is
--- a/ssl/install-ssl.com
+++ b/ssl/install-ssl.com
@@ -73,7 +73,7 @@ $ if f$parse("wrk_sslxexe:") .eqs. "" then -
 $ if f$parse("wrk_sslxlib:") .eqs. "" then -
   create /directory /log wrk_sslxlib:
 $!
-$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
 $ e_exe := ssl_task
 $ libs := ssl_libssl
 $!
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -620,6 +620,11 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		    s->ssl_version < TLS1_VERSION)
 			return 1;

+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			return 1;
+#endif
+
 		if	(c->algorithm_enc == SSL_RC4 &&
 			 c->algorithm_mac == SSL_MD5 &&
 			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -889,6 +889,8 @@ int tls1_enc(SSL *s, int send)
 			if (s->version >= TLS1_1_VERSION
 				&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
 				{
+				if (bs > (int)rec->length)
+					return -1;
 				rec->data += bs;    /* skip the explicit IV */
 				rec->input += bs;
 				rec->length -= bs;
Author	SHA1	Message	Date
Dr. Stephen Henson	f9885acc8c	prepare for 1.0.1c release	2012-05-10 15:16:37 +00:00
Dr. Stephen Henson	fa9df48401	update NEWS	2012-05-10 15:11:34 +00:00
Dr. Stephen Henson	d414a5a0f0	Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)	2012-05-10 15:10:15 +00:00
Richard Levitte	9eb4460e68	Don't forget to install srtp.h as well	2012-05-10 15:01:22 +00:00
Dr. Stephen Henson	6984d16671	oops, revert unrelated change	2012-05-10 13:38:18 +00:00
Dr. Stephen Henson	5b9d0995a1	Reported by: Solar Designer of Openwall Make sure tkeylen is initialised properly when encrypting CMS messages.	2012-05-10 13:34:22 +00:00
Richard Levitte	7ad8e1fc4e	Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.	2012-05-04 10:43:22 +00:00
Andy Polyakov	c9b31189a9	ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA, why slower algorithm are affected more... [from HEAD]. PR: 2794 Submitted by: Ashley Lai	2012-04-27 20:20:15 +00:00
Dr. Stephen Henson	c76b7a1a82	Don't try to use unvalidated composite ciphers in FIPS mode	2012-04-26 18:49:45 +00:00
Dr. Stephen Henson	c940e07014	prepare for next version	2012-04-26 12:01:38 +00:00