summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDongsun Lee <ds73.lee@samsung.com>2016-10-04 16:39:41 +0900
committerDongsun Lee <ds73.lee@samsung.com>2016-10-04 16:40:10 +0900
commitccded75fc816019781e39dce85d6494b6c6c9c37 (patch)
treede72fed9473ed124c3c4206b9b455a7505ad9c48
parent00fa4cfde370fcd893adae30169ec00d51381581 (diff)
downloadopenssl-ccded75fc816019781e39dce85d6494b6c6c9c37.tar.gz
openssl-ccded75fc816019781e39dce85d6494b6c6c9c37.tar.bz2
openssl-ccded75fc816019781e39dce85d6494b6c6c9c37.zip
Imported Upstream version 1.0.2jupstream/1.0.2j
Change-Id: I57424e369a568144838d2a7b8e2ca3a5737adf58 Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
-rw-r--r--CHANGES12
-rw-r--r--Makefile2
-rw-r--r--Makefile.bak2
-rw-r--r--NEWS4
-rw-r--r--README2
-rw-r--r--crypto/engine/eng_cryptodev.c2
-rw-r--r--crypto/opensslv.h6
-rw-r--r--crypto/x509/x509_vfy.c4
-rw-r--r--openssl.spec2
-rw-r--r--ssl/t1_ext.c2
10 files changed, 28 insertions, 10 deletions
diff --git a/CHANGES b/CHANGES
index 4bdd390..042afe3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,18 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
+
+ *) Missing CRL sanity check
+
+ A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+ but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+ CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+ This issue only affects the OpenSSL 1.0.2i
+ (CVE-2016-7052)
+ [Matt Caswell]
+
Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
*) OCSP Status Request extension unbounded memory growth
diff --git a/Makefile b/Makefile
index 58daaa5..04bfb11 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2i
+VERSION=1.0.2j
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/Makefile.bak b/Makefile.bak
index 644fe4b..7b97fb0 100644
--- a/Makefile.bak
+++ b/Makefile.bak
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2i
+VERSION=1.0.2j
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/NEWS b/NEWS
index 5a65284..c057963 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
+
+ o Fix Use After Free for large message sizes (CVE-2016-6309)
+
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
diff --git a/README b/README
index 70d4ddd..6dedfc0 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2i 22 Sep 2016
+ OpenSSL 1.0.2j 26 Sep 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 65a74df..2a2b95c 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
if (fstate->mac_len != 0) {
if (fstate->mac_data != NULL) {
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
- if (dstate->ac_data == NULL) {
+ if (dstate->mac_data == NULL) {
printf("cryptodev_digest_init: malloc failed\n");
return 0;
}
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 2f585f0..88faad6 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1000209fL
+# define OPENSSL_VERSION_NUMBER 0x100020afL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i-fips 22 Sep 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i 22 Sep 2016"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8334b3f..b147201 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
crl = sk_X509_CRL_value(crls, i);
reasons = *preasons;
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
- if (crl_score < best_score)
+ if (crl_score < best_score || crl_score == 0)
continue;
/* If current CRL is equivalent use it if it is newer */
- if (crl_score == best_score) {
+ if (crl_score == best_score && best_crl != NULL) {
int day, sec;
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
X509_CRL_get_lastUpdate(crl)) == 0)
diff --git a/openssl.spec b/openssl.spec
index e4bf1b7..880a5c3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -7,7 +7,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.2i
+Version: 1.0.2j
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 724ddf7..79ed946 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int ext_type)
case TLSEXT_TYPE_ec_point_formats:
case TLSEXT_TYPE_elliptic_curves:
case TLSEXT_TYPE_heartbeat:
+# ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
+# endif
case TLSEXT_TYPE_padding:
case TLSEXT_TYPE_renegotiate:
case TLSEXT_TYPE_server_name: