mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 12:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2010-0742 and CVS-2010-1633 fixes

Browse Source
This commit is contained in:
Dr. Stephen Henson 2010-06-01 14:39:01 +00:00
parent 2d060267b1
commit 3cbb15ee81
4 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES
View File

@ -103,6 +103,12 @@
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
whose return value is often ignored. whose return value is often ignored.
[Steve Henson] [Steve Henson]
Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
(CVE-2010-1633)
[Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
Changes between 0.9.8n and 1.0.0 [xx XXX xxxx] Changes between 0.9.8n and 1.0.0 [xx XXX xxxx]
@ -947,6 +953,10 @@
Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail. SSL_library_init and not OpenSSL_add_all_algorithms() will fail.

2
NEWS
View File

@ -7,6 +7,7 @@
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
o Fix for security issue CVE-2010-1633.
o GOST MAC and CFB fixes. o GOST MAC and CFB fixes.
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
@ -34,6 +35,7 @@
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes. o Various DTLS fixes.
o Recognise SHA2 certificates if only SSL algorithms added. o Recognise SHA2 certificates if only SSL algorithms added.
o Fix for no-rc4 compilation. o Fix for no-rc4 compilation.

4
crypto/cms/cms_asn1.c
View File

@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = { ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo) } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {

2
crypto/rsa/rsa_pmeth.c
View File

@ -251,6 +251,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
ret = int_rsa_verify(EVP_MD_type(rctx->md), ret = int_rsa_verify(EVP_MD_type(rctx->md),
NULL, 0, rout, &sltmp, NULL, 0, rout, &sltmp,
sig, siglen, ctx->pkey->pkey.rsa); sig, siglen, ctx->pkey->pkey.rsa);
if (ret <= 0)
return 0;
ret = sltmp; ret = sltmp;
} }
else else