Introduce limits to prevent malicious keys being able to (951dfbb1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+14 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,20 @@

		Changes between 0.9.8c and 0.9.8d [xx XXX xxxx]

		*) Introduce limits to prevent malicious keys being able to
		cause a denial of service. (CVE-2006-2940)
		[Steve Henson, Bodo Moeller]

		*) Fix ASN.1 parsing of certain invalid structures that can result
		in a denial of service. (CVE-2006-2937) [Steve Henson]

		*) Fix buffer overflow in SSL_get_shared_ciphers() function.
		(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

		*) Fix SSL client code which could crash if connecting to a
		malicious SSLv2 server. (CVE-2006-4343)
		[Tavis Ormandy and Will Drewry, Google Security Team]

		*) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
		match only those. Before that, "AES256-SHA" would be interpreted
		as a pattern and match "AES128-SHA" too (since AES128-SHA got

+6 −0

Original line number	Diff line number	Diff line
		@@ -5,6 +5,12 @@
		This file gives a brief overview of the major changes between each OpenSSL
		release. For more details please read the CHANGES file.

		Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.8d:

		o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
		o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
		o Changes to ciphersuite selection algorithm

		Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:

		o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339

+1 −0

Original line number	Diff line number	Diff line
		@@ -832,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
		}
		else if (ret == -1)
		return -1;
		ret = 0;
		/* SEQUENCE, SET and "OTHER" are left in encoded form */
		if ((utype == V_ASN1_SEQUENCE)
		\|\| (utype == V_ASN1_SET) \|\| (utype == V_ASN1_OTHER))

+5 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,10 @@
		#include <openssl/bn.h>
		#endif

		#ifndef OPENSSL_DH_MAX_MODULUS_BITS
		# define OPENSSL_DH_MAX_MODULUS_BITS 10000
		#endif

		#define DH_FLAG_CACHE_MONT_P 0x01
		#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
		* implementation now uses constant time
		@@ -221,6 +225,7 @@ void ERR_load_DH_strings(void);
		/* Reason codes. */
		#define DH_R_BAD_GENERATOR 101
		#define DH_R_INVALID_PUBKEY 102
		#define DH_R_MODULUS_TOO_LARGE 103
		#define DH_R_NO_PRIVATE_VALUE 100

		#ifdef __cplusplus

+1 −0

Original line number	Diff line number	Diff line
		@@ -84,6 +84,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
		{
		{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
		{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
		{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
		{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
		{0,NULL}
		};