From 618265e64540307f0d1764208b9c048702df9b59 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 1 Jun 2010 13:17:06 +0000 Subject: [PATCH] Fix CVE-2010-1633 and CVE-2010-0742. --- CHANGES | 8 +++++++- NEWS | 2 ++ crypto/cms/cms_asn1.c | 4 ++-- crypto/rsa/rsa_pmeth.c | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 230535d781..ccf09e174f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,9 @@ Changes between 1.0.0 and 1.0.0a [xx XXX xxxx] - *) + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + (CVE-2010-1633) + [Steve Henson, Peter-Michael Hager ] Changes between 0.9.8n and 1.0.0 [29 Mar 2010] @@ -849,6 +851,10 @@ Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen ] + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more common in certificates and some applications which only call SSL_library_init and not OpenSSL_add_all_algorithms() will fail. diff --git a/NEWS b/NEWS index 65c0ac933f..3a787ea06c 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + o Fix for security issue CVE-2010-1633. o GOST MAC and CFB fixes. Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: @@ -34,6 +35,7 @@ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + o Fix for security issue CVE-2010-0742. o Various DTLS fixes. o Recognise SHA2 certificates if only SSL algorithms added. o Fix for no-rc4 compilation. diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 7f7132c3bb..fcba4dcbcc 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 297e17cdcf..c6892ecd09 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0, rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; ret = sltmp; } else -- 2.25.1