svn commit: r280275 - in releng: 10.1 10.1/crypto/openssl/crypto/asn1 10.1/crypto/openssl/crypto/ec 10.1/crypto/openssl/crypto/x509 10.1/sys/conf 8.4 8.4/crypto/openssl/crypto/asn1 8.4/crypto/opens...

Xin LI delphij at FreeBSD.org
Fri Mar 20 07:12:09 UTC 2015 

Author: delphij
Date: Fri Mar 20 07:12:02 2015
New Revision: 280275
URL: https://svnweb.freebsd.org/changeset/base/280275

Log:
  Fix issues with original SA-15:06.openssl commit:
  
   - Revert a portion of ASN1 change per suggested by OpenBSD
     and OpenSSL developers.  The change was removed from the
     formal OpenSSL release and does not solve security issue.
   - Properly fix CVE-2015-0209 and CVE-2015-0288.
  
  Approved by:	so

Modified:
  releng/10.1/UPDATING
  releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c
  releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c
  releng/10.1/crypto/openssl/crypto/x509/x509_req.c
  releng/10.1/sys/conf/newvers.sh
  releng/8.4/UPDATING
  releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c
  releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c
  releng/8.4/crypto/openssl/crypto/x509/x509_req.c
  releng/8.4/sys/conf/newvers.sh
  releng/9.3/UPDATING
  releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c
  releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c
  releng/9.3/crypto/openssl/crypto/x509/x509_req.c
  releng/9.3/sys/conf/newvers.sh

Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/10.1/UPDATING	Fri Mar 20 07:12:02 2015	(r280275)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20150320:	p8
+	Fix patch for SA-15:06.openssl.
+
 20150319:	p7	FreeBSD-SA-15:06.openssl
 	Fix multiple vulnerabilities in OpenSSL.  [SA-15:06]
 

Modified: releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/10.1/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag)
 
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+	{
 	ASN1_TLC c;
 	ASN1_VALUE *ptmpval = NULL;
+	if (!pval)
+		pval = &ptmpval;
 	asn1_tlc_clear_nc(&c);
-	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-		ptmpval = *pval;
-	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-		if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-			if (*pval)
-				ASN1_item_free(*pval, it);
-			*pval = ptmpval;
-		}
-		return ptmpval;
-	}
+	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
 	return NULL;
-}
+	}
 
 int ASN1_template_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)

Modified: releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/10.1/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+		if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}

Modified: releng/10.1/crypto/openssl/crypto/x509/x509_req.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/10.1/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
 		goto err;
 
 	pktmp = X509_get_pubkey(x);
+	if (pktmp == NULL)
+		goto err;
 	i=X509_REQ_set_pubkey(ret,pktmp);
 	EVP_PKEY_free(pktmp);
 	if (!i) goto err;

Modified: releng/10.1/sys/conf/newvers.sh
==============================================================================
--- releng/10.1/sys/conf/newvers.sh	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/10.1/sys/conf/newvers.sh	Fri Mar 20 07:12:02 2015	(r280275)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.1"
-BRANCH="RELEASE-p7"
+BRANCH="RELEASE-p8"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/8.4/UPDATING	Fri Mar 20 07:12:02 2015	(r280275)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20150320:       p26
+        Fix patch for SA-15:06.openssl.
+
 20150319:	p25	FreeBSD-SA-15:06.openssl
 	Fix multiple vulnerabilities in OpenSSL.  [SA-15:06]
 

Modified: releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag)
 
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+	{
 	ASN1_TLC c;
 	ASN1_VALUE *ptmpval = NULL;
+	if (!pval)
+		pval = &ptmpval;
 	c.valid = 0;
-	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-		ptmpval = *pval;
-
-	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-		if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-			if (*pval)
-				ASN1_item_free(*pval, it);
-			*pval = ptmpval;
-		}
-		return ptmpval;
-	}
+	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
 	return NULL;
-}
+	}
 
 int ASN1_template_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)

Modified: releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c
==============================================================================
--- releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/8.4/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
 			}
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+		if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}

Modified: releng/8.4/crypto/openssl/crypto/x509/x509_req.c
==============================================================================
--- releng/8.4/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/8.4/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
 		goto err;
 
 	pktmp = X509_get_pubkey(x);
+	if (pktmp == NULL)
+		goto err;
 	i=X509_REQ_set_pubkey(ret,pktmp);
 	EVP_PKEY_free(pktmp);
 	if (!i) goto err;

Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/8.4/sys/conf/newvers.sh	Fri Mar 20 07:12:02 2015	(r280275)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="8.4"
-BRANCH="RELEASE-p25"
+BRANCH="RELEASE-p26"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/9.3/UPDATING	Fri Mar 20 07:12:02 2015	(r280275)
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20150320:	p12
+	Fix patch for SA-15:06.openssl.
+
 20150319:	p11	FreeBSD-SA-15:06.openssl
 	Fix multiple vulnerabilities in OpenSSL.  [SA-15:06]
 

Modified: releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c
==============================================================================
--- releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag)
 
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_ITEM *it)
-{
+	{
 	ASN1_TLC c;
 	ASN1_VALUE *ptmpval = NULL;
+	if (!pval)
+		pval = &ptmpval;
 	c.valid = 0;
-	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-		ptmpval = *pval;
-
-	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-		if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-			if (*pval)
-				ASN1_item_free(*pval, it);
-			*pval = ptmpval;
-		}
-		return ptmpval;
-	}
+	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
 	return NULL;
-}
+	}
 
 int ASN1_template_d2i(ASN1_VALUE **pval,
 		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)

Modified: releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c
==============================================================================
--- releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/9.3/crypto/openssl/crypto/ec/ec_asn1.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
                                  ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		if (a)
-			*a = ret;
 		}
 	else
 		ret = *a;
@@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
 			}
 		}
 
+	if (a)
+		*a = ret;
 	ok = 1;
 err:
 	if (!ok)
 		{
-		if (ret)
+		if (ret && (a == NULL || *a != ret))
 			EC_KEY_free(ret);
 		ret = NULL;
 		}

Modified: releng/9.3/crypto/openssl/crypto/x509/x509_req.c
==============================================================================
--- releng/9.3/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/9.3/crypto/openssl/crypto/x509/x509_req.c	Fri Mar 20 07:12:02 2015	(r280275)
@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
 		goto err;
 
 	pktmp = X509_get_pubkey(x);
+	if (pktmp == NULL)
+		goto err;
 	i=X509_REQ_set_pubkey(ret,pktmp);
 	EVP_PKEY_free(pktmp);
 	if (!i) goto err;

Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh	Fri Mar 20 07:11:20 2015	(r280274)
+++ releng/9.3/sys/conf/newvers.sh	Fri Mar 20 07:12:02 2015	(r280275)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

More information about the svn-src-releng mailing list