Introduce limits to prevent malicious keys being able to (b2139664) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+14 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,20 @@

		Changes between 0.9.7k and 0.9.7l [xx XXX xxxx]

		*) Introduce limits to prevent malicious keys being able to
		cause a denial of service. (CVE-2006-2940)
		[Steve Henson, Bodo Moeller]

		*) Fix ASN.1 parsing of certain invalid structures that can result
		in a denial of service. (CVE-2006-2937) [Steve Henson]

		*) Fix buffer overflow in SSL_get_shared_ciphers() function.
		(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

		*) Fix SSL client code which could crash if connecting to a
		malicious SSLv2 server. (CVE-2006-4343)
		[Tavis Ormandy and Will Drewry, Google Security Team]

		*) Change ciphersuite string processing so that an explicit
		ciphersuite selects this one ciphersuite (so that "AES256-SHA"
		will no longer include "AES128-SHA"), and any other similar

+5 −0

Original line number	Diff line number	Diff line
		@@ -5,6 +5,11 @@
		This file gives a brief overview of the major changes between each OpenSSL
		release. For more details please read the CHANGES file.

		Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:

		o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
		o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)

		Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:

		o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339

+1 −0

Original line number	Diff line number	Diff line
		@@ -629,6 +629,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE pval, unsigned char in, long inl
		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
		return 0;
		} else if(ret == -1) return -1;
		ret = 0;
		/* SEQUENCE, SET and "OTHER" are left in encoded form */
		if((utype == V_ASN1_SEQUENCE) \|\| (utype == V_ASN1_SET) \|\| (utype == V_ASN1_OTHER)) {
		/* Clear context cache for type OTHER because the auto clear when

+5 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,10 @@
		#include <openssl/crypto.h>
		#include <openssl/ossl_typ.h>

		#ifndef OPENSSL_DH_MAX_MODULUS_BITS
		# define OPENSSL_DH_MAX_MODULUS_BITS 10000
		#endif

		#define DH_FLAG_CACHE_MONT_P 0x01
		#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
		* implementation now uses constant time
		@@ -207,6 +211,7 @@ void ERR_load_DH_strings(void);
		/* Reason codes. */
		#define DH_R_BAD_GENERATOR 101
		#define DH_R_NO_PRIVATE_VALUE 100
		#define DH_R_MODULUS_TOO_LARGE 103

		#ifdef __cplusplus
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -82,6 +82,7 @@ static ERR_STRING_DATA DH_str_functs[]=
		static ERR_STRING_DATA DH_str_reasons[]=
		{
		{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
		{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
		{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
		{0,NULL}
		};