diff options
| author | Dongsun Lee <ds73.lee@samsung.com> | 2016-10-04 16:39:41 +0900 |
|---|---|---|
| committer | Dongsun Lee <ds73.lee@samsung.com> | 2016-10-04 16:40:10 +0900 |
| commit | ccded75fc816019781e39dce85d6494b6c6c9c37 (patch) | |
| tree | de72fed9473ed124c3c4206b9b455a7505ad9c48 | |
| parent | 00fa4cfde370fcd893adae30169ec00d51381581 (diff) | |
| download | openssl-ccded75fc816019781e39dce85d6494b6c6c9c37.tar.gz openssl-ccded75fc816019781e39dce85d6494b6c6c9c37.tar.bz2 openssl-ccded75fc816019781e39dce85d6494b6c6c9c37.zip | |
Imported Upstream version 1.0.2jupstream/1.0.2j
Change-Id: I57424e369a568144838d2a7b8e2ca3a5737adf58
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
| -rw-r--r-- | CHANGES | 12 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | Makefile.bak | 2 | ||||
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | crypto/engine/eng_cryptodev.c | 2 | ||||
| -rw-r--r-- | crypto/opensslv.h | 6 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 4 | ||||
| -rw-r--r-- | openssl.spec | 2 | ||||
| -rw-r--r-- | ssl/t1_ext.c | 2 |
10 files changed, 28 insertions, 10 deletions
@@ -2,6 +2,18 @@ OpenSSL CHANGES _______________ + Changes between 1.0.2i and 1.0.2j [26 Sep 2016] + + *) Missing CRL sanity check + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted from OpenSSL 1.0.2i. As a result any attempt to use + CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + + This issue only affects the OpenSSL 1.0.2i + (CVE-2016-7052) + [Matt Caswell] + Changes between 1.0.2h and 1.0.2i [22 Sep 2016] *) OCSP Status Request extension unbounded memory growth @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2i +VERSION=1.0.2j MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/Makefile.bak b/Makefile.bak index 644fe4b..7b97fb0 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2i +VERSION=1.0.2j MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] + + o Fix Use After Free for large message sizes (CVE-2016-6309) + Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2i 22 Sep 2016 + OpenSSL 1.0.2j 26 Sep 2016 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 65a74df..2a2b95c 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) if (fstate->mac_len != 0) { if (fstate->mac_data != NULL) { dstate->mac_data = OPENSSL_malloc(fstate->mac_len); - if (dstate->ac_data == NULL) { + if (dstate->mac_data == NULL) { printf("cryptodev_digest_init: malloc failed\n"); return 0; } diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 2f585f0..88faad6 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000209fL +# define OPENSSL_VERSION_NUMBER 0x100020afL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i-fips 22 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i 22 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8334b3f..b147201 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, crl = sk_X509_CRL_value(crls, i); reasons = *preasons; crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); - if (crl_score < best_score) + if (crl_score < best_score || crl_score == 0) continue; /* If current CRL is equivalent use it if it is newer */ - if (crl_score == best_score) { + if (crl_score == best_score && best_crl != NULL) { int day, sec; if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), X509_CRL_get_lastUpdate(crl)) == 0) diff --git a/openssl.spec b/openssl.spec index e4bf1b7..880a5c3 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2i +Version: 1.0.2j Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 724ddf7..79ed946 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int ext_type) case TLSEXT_TYPE_ec_point_formats: case TLSEXT_TYPE_elliptic_curves: case TLSEXT_TYPE_heartbeat: +# ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: +# endif case TLSEXT_TYPE_padding: case TLSEXT_TYPE_renegotiate: case TLSEXT_TYPE_server_name: |