packages (AC-branch): openssl/openssl.spec, openssl/openssl-0.9.7a-cve-2008...
glen
glen at pld-linux.org
Tue May 25 17:04:04 CEST 2010
Author: glen Date: Tue May 25 15:04:05 2010 GMT
Module: packages Tag: AC-branch
---- Log message:
- add cve-2007-5135, cve-2008-5077, cve-2009-2409, cve-2009-3555 fixes from rhel
- cve-2009-3555 needs more work
---- Files affected:
packages/openssl:
openssl.spec (1.146.2.3.2.10 -> 1.146.2.3.2.11) , openssl-0.9.7a-cve-2008-5077.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.7a-cve-2009-2409.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.7a-cve-2009-3555.patch (NONE -> 1.1.2.1) (NEW), openssl-0.9.8b-cve-2007-5135.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: packages/openssl/openssl.spec
diff -u packages/openssl/openssl.spec:1.146.2.3.2.10 packages/openssl/openssl.spec:1.146.2.3.2.11
--- packages/openssl/openssl.spec:1.146.2.3.2.10 Tue May 25 16:31:04 2010
+++ packages/openssl/openssl.spec Tue May 25 17:03:56 2010
@@ -15,7 +15,7 @@
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
Version: 0.9.7m
-Release: 2
+Release: 2.1
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
@@ -32,6 +32,10 @@
Patch5: %{name}-ssl-algs.patch
Patch6: %{name}-CVE-2007-3108.patch
Patch7: %{name}-c_rehash.patch
+Patch15: %{name}-0.9.8b-cve-2007-5135.patch
+Patch16: %{name}-0.9.7a-cve-2008-5077.patch
+Patch18: %{name}-0.9.7a-cve-2009-2409.patch
+Patch19: %{name}-0.9.7a-cve-2009-3555.patch
URL: http://www.openssl.org/
BuildRequires: perl-devel >= 1:5.6.1
BuildRequires: rpm-perlprov >= 4.1-13
@@ -198,6 +202,10 @@
%patch6 -p1
cp -a %{SOURCE4} c_rehash.sh
%patch7 -p1
+%patch15 -p1
+%patch16 -p1
+%patch18 -p1
+%patch19 -p1
# conflicts with i386-only DES implementation
# (missing #ifdef OPENSSL_FIPS ... #endif)
@@ -444,6 +452,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.146.2.3.2.11 2010/05/25 15:03:56 glen
+- add cve-2007-5135, cve-2008-5077, cve-2009-2409, cve-2009-3555 fixes from rhel
+- cve-2009-3555 needs more work
+
Revision 1.146.2.3.2.10 2010/05/25 14:31:04 glen
- utf8
================================================================
Index: packages/openssl/openssl-0.9.7a-cve-2008-5077.patch
diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2008-5077.patch:1.1.2.1
--- /dev/null Tue May 25 17:04:05 2010
+++ packages/openssl/openssl-0.9.7a-cve-2008-5077.patch Tue May 25 17:03:56 2010
@@ -0,0 +1,119 @@
+diff -up openssl-0.9.7a/apps/speed.c.verifysig openssl-0.9.7a/apps/speed.c
+--- openssl-0.9.7a/apps/speed.c.verifysig 2007-10-16 20:57:51.000000000 +0200
++++ openssl-0.9.7a/apps/speed.c 2008-12-17 17:25:29.000000000 +0100
+@@ -1478,7 +1478,7 @@ int MAIN(int argc, char **argv)
+ {
+ ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ rsa_num, rsa_key[j]);
+- if (ret == 0)
++ if (ret <= 0)
+ {
+ BIO_printf(bio_err,
+ "RSA verify failure\n");
+diff -up openssl-0.9.7a/apps/verify.c.verifysig openssl-0.9.7a/apps/verify.c
+--- openssl-0.9.7a/apps/verify.c.verifysig 2003-01-30 18:37:36.000000000 +0100
++++ openssl-0.9.7a/apps/verify.c 2008-12-17 17:25:29.000000000 +0100
+@@ -275,7 +275,7 @@ static int check(X509_STORE *ctx, char *
+
+ ret=0;
+ end:
+- if (i)
++ if (i > 0)
+ {
+ fprintf(stdout,"OK\n");
+ ret=1;
+@@ -365,4 +365,3 @@ static int MS_CALLBACK cb(int ok, X509_S
+ ERR_clear_error();
+ return(ok);
+ }
+-
+diff -up openssl-0.9.7a/apps/spkac.c.verifysig openssl-0.9.7a/apps/spkac.c
+--- openssl-0.9.7a/apps/spkac.c.verifysig 2003-01-30 18:37:36.000000000 +0100
++++ openssl-0.9.7a/apps/spkac.c 2008-12-17 17:25:29.000000000 +0100
+@@ -284,7 +284,7 @@ bad:
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ if(verify) {
+ i = NETSCAPE_SPKI_verify(spki, pkey);
+- if(i) BIO_printf(bio_err, "Signature OK\n");
++ if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ else {
+ BIO_printf(bio_err, "Signature Failure\n");
+ ERR_print_errors(bio_err);
+diff -up openssl-0.9.7a/apps/x509.c.verifysig openssl-0.9.7a/apps/x509.c
+--- openssl-0.9.7a/apps/x509.c.verifysig 2003-01-30 18:37:36.000000000 +0100
++++ openssl-0.9.7a/apps/x509.c 2008-12-17 17:25:29.000000000 +0100
+@@ -1156,7 +1156,7 @@ static int x509_certify(X509_STORE *ctx,
+ /* NOTE: this certificate can/should be self signed, unless it was
+ * a certificate request in which case it is not. */
+ X509_STORE_CTX_set_cert(&xsc,x);
+- if (!reqfile && !X509_verify_cert(&xsc))
++ if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ goto end;
+
+ if (!X509_check_private_key(xca,pkey))
+diff -up openssl-0.9.7a/ssl/s2_clnt.c.verifysig openssl-0.9.7a/ssl/s2_clnt.c
+--- openssl-0.9.7a/ssl/s2_clnt.c.verifysig 2007-10-16 20:57:51.000000000 +0200
++++ openssl-0.9.7a/ssl/s2_clnt.c 2008-12-17 17:25:29.000000000 +0100
+@@ -1060,7 +1060,7 @@ int ssl2_set_certificate(SSL *s, int typ
+
+ i=ssl_verify_cert_chain(s,sk);
+
+- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
++ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
+ {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+ goto err;
+diff -up openssl-0.9.7a/ssl/s2_srvr.c.verifysig openssl-0.9.7a/ssl/s2_srvr.c
+--- openssl-0.9.7a/ssl/s2_srvr.c.verifysig 2002-11-12 14:23:28.000000000 +0100
++++ openssl-0.9.7a/ssl/s2_srvr.c 2008-12-17 17:25:29.000000000 +0100
+@@ -1068,7 +1068,7 @@ static int request_certificate(SSL *s)
+
+ i=ssl_verify_cert_chain(s,sk);
+
+- if (i) /* we like the packet, now check the chksum */
++ if (i > 0) /* we like the packet, now check the chksum */
+ {
+ EVP_MD_CTX ctx;
+ EVP_PKEY *pkey=NULL;
+@@ -1097,7 +1097,7 @@ static int request_certificate(SSL *s)
+ EVP_PKEY_free(pkey);
+ EVP_MD_CTX_cleanup(&ctx);
+
+- if (i)
++ if (i > 0)
+ {
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+diff -up openssl-0.9.7a/ssl/s3_clnt.c.verifysig openssl-0.9.7a/ssl/s3_clnt.c
+--- openssl-0.9.7a/ssl/s3_clnt.c.verifysig 2002-12-22 00:49:25.000000000 +0100
++++ openssl-0.9.7a/ssl/s3_clnt.c 2008-12-17 17:25:29.000000000 +0100
+@@ -832,7 +832,7 @@ static int ssl3_get_server_certificate(S
+ }
+
+ i=ssl_verify_cert_chain(s,sk);
+- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
++ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+ #ifndef OPENSSL_NO_KRB5
+ && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ != (SSL_aKRB5|SSL_kKRB5)
+@@ -1196,7 +1196,7 @@ static int ssl3_get_key_exchange(SSL *s)
+ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx,param,param_len);
+- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ {
+ /* bad signature */
+ al=SSL_AD_DECRYPT_ERROR;
+diff -up openssl-0.9.7a/ssl/s3_srvr.c.verifysig openssl-0.9.7a/ssl/s3_srvr.c
+--- openssl-0.9.7a/ssl/s3_srvr.c.verifysig 2007-10-16 20:57:51.000000000 +0200
++++ openssl-0.9.7a/ssl/s3_srvr.c 2008-12-17 17:25:29.000000000 +0100
+@@ -1998,7 +1998,7 @@ static int ssl3_get_client_certificate(S
+ else
+ {
+ i=ssl_verify_cert_chain(s,sk);
+- if (!i)
++ if (i <= 0)
+ {
+ al=ssl_verify_alarm_type(s->verify_result);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
================================================================
Index: packages/openssl/openssl-0.9.7a-cve-2009-2409.patch
diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2009-2409.patch:1.1.2.1
--- /dev/null Tue May 25 17:04:05 2010
+++ packages/openssl/openssl-0.9.7a-cve-2009-2409.patch Tue May 25 17:03:56 2010
@@ -0,0 +1,59 @@
+Skip signature validation on selfsigned certificates and
+drop MD2 algorithm from the list of algorithms added to
+EVP tables by default. (CVE-2009-2409)
+diff -up openssl-0.9.7a/crypto/evp/c_alld.c.nomd2 openssl-0.9.7a/crypto/evp/c_alld.c
+--- openssl-0.9.7a/crypto/evp/c_alld.c.nomd2 2001-02-19 17:03:53.000000000 +0100
++++ openssl-0.9.7a/crypto/evp/c_alld.c 2010-02-10 12:55:31.000000000 +0100
+@@ -64,9 +64,6 @@
+
+ void OpenSSL_add_all_digests(void)
+ {
+-#ifndef OPENSSL_NO_MD2
+- EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD4
+ EVP_add_digest(EVP_md4());
+ #endif
+diff -up openssl-0.9.7a/crypto/x509/x509_vfy.c.nomd2 openssl-0.9.7a/crypto/x509/x509_vfy.c
+--- openssl-0.9.7a/crypto/x509/x509_vfy.c.nomd2 2010-02-10 12:53:02.000000000 +0100
++++ openssl-0.9.7a/crypto/x509/x509_vfy.c 2010-02-10 12:53:16.000000000 +0100
+@@ -665,7 +665,11 @@ static int internal_verify(X509_STORE_CT
+ while (n >= 0)
+ {
+ ctx->error_depth=n;
+- if (!xs->valid)
++
++ /* Skip signature check for self signed certificates. It
++ * doesn't add any security and just wastes time.
++ */
++ if (!xs->valid && xs != xi)
+ {
+ if ((pkey=X509_get_pubkey(xi)) == NULL)
+ {
+@@ -675,13 +679,6 @@ static int internal_verify(X509_STORE_CT
+ if (!ok) goto end;
+ }
+ else if (X509_verify(xs,pkey) <= 0)
+- /* XXX For the final trusted self-signed cert,
+- * this is a waste of time. That check should
+- * optional so that e.g. 'openssl x509' can be
+- * used to detect invalid self-signatures, but
+- * we don't verify again and again in SSL
+- * handshakes and the like once the cert has
+- * been declared trusted. */
+ {
+ ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+ ctx->current_cert=xs;
+diff -up openssl-0.9.7a/ssl/ssl_algs.c.nomd2 openssl-0.9.7a/ssl/ssl_algs.c
+--- openssl-0.9.7a/ssl/ssl_algs.c.nomd2 2001-02-20 09:11:58.000000000 +0100
++++ openssl-0.9.7a/ssl/ssl_algs.c 2010-02-10 12:57:10.000000000 +0100
+@@ -82,9 +82,6 @@ int SSL_library_init(void)
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_256_cbc());
+ #endif
+-#ifndef OPENSSL_NO_MD2
+- EVP_add_digest(EVP_md2());
+-#endif
+ #ifndef OPENSSL_NO_MD5
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest_alias(SN_md5,"ssl2-md5");
================================================================
Index: packages/openssl/openssl-0.9.7a-cve-2009-3555.patch
diff -u /dev/null packages/openssl/openssl-0.9.7a-cve-2009-3555.patch:1.1.2.1
--- /dev/null Tue May 25 17:04:05 2010
+++ packages/openssl/openssl-0.9.7a-cve-2009-3555.patch Tue May 25 17:03:56 2010
@@ -0,0 +1,1410 @@
+diff -up openssl-0.9.7a/apps/s_client.c.reneg openssl-0.9.7a/apps/s_client.c
+--- openssl-0.9.7a/apps/s_client.c.reneg 2003-01-30 18:37:36.000000000 +0100
++++ openssl-0.9.7a/apps/s_client.c 2010-02-10 13:01:47.000000000 +0100
+@@ -226,14 +226,14 @@ static void sc_usage(void)
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+ #endif
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+-
++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ }
+
+ int MAIN(int, char **);
+
+ int MAIN(int argc, char **argv)
+ {
+- int off=0;
++ int off=0, clr = 0;
+ SSL *con=NULL,*con2=NULL;
+ X509_STORE *store = NULL;
+ int s,k,width,state=0;
+@@ -401,6 +401,12 @@ int MAIN(int argc, char **argv)
+ off|=SSL_OP_NO_SSLv2;
+ else if (strcmp(*argv,"-serverpref") == 0)
+ off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
++ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
++ else if (strcmp(*argv,"-legacy_server_connect") == 0)
++ { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
++ else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
++ { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+@@ -488,6 +494,9 @@ bad:
+ else
+ SSL_CTX_set_options(ctx,off);
+
++ if (clr)
++ SSL_CTX_clear_options(ctx, clr);
++
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (cipher != NULL)
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+@@ -1042,6 +1051,8 @@ static void print_stuff(BIO *bio, SSL *s
+ EVP_PKEY_bits(pktmp));
+ EVP_PKEY_free(pktmp);
+ }
++ BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
++ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+ SSL_SESSION_print(bio,SSL_get_session(s));
+ BIO_printf(bio,"---\n");
+ if (peer != NULL)
+diff -up openssl-0.9.7a/apps/s_server.c.reneg openssl-0.9.7a/apps/s_server.c
+--- openssl-0.9.7a/apps/s_server.c.reneg 2003-01-30 18:37:36.000000000 +0100
++++ openssl-0.9.7a/apps/s_server.c 2010-02-10 13:01:47.000000000 +0100
+@@ -325,6 +325,7 @@ static void sv_usage(void)
+ #endif
+ BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
++ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ }
+
+ static int local_argc=0;
+@@ -605,6 +606,8 @@ int MAIN(int argc, char *argv[])
+ }
+ else if (strcmp(*argv,"-serverpref") == 0)
+ { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
++ else if (strcmp(*argv,"-legacy_renegotiation") == 0)
++ off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv,"-cipher") == 0)
+ {
+ if (--argc < 1) goto bad;
+@@ -1263,6 +1266,8 @@ static int init_ssl_connection(SSL *con)
+ if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+ TLS1_FLAGS_TLS_PADDING_BUG)
+ BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
++ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
++ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+
+ return(1);
+ }
+diff -up openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod.reneg openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod
+--- openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod.reneg 2010-02-10 13:01:47.000000000 +0100
++++ openssl-0.9.7a/doc/ssl/SSL_CTX_set_options.pod 2010-02-18 16:48:45.000000000 +0100
+@@ -2,7 +2,7 @@
+
+ =head1 NAME
+
+-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
++SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
+
+ =head1 SYNOPSIS
+
+@@ -11,26 +11,41 @@ SSL_CTX_set_options, SSL_set_options, SS
+ long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
+
++ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
++ long SSL_clear_options(SSL *ssl, long options);
++
+ long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
+
++ long SSL_get_secure_renegotiation_support(SSL *ssl);
++
+ =head1 DESCRIPTION
+
++Note: all these functions are implemented using macros.
++
+ SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+ Options already set before are not cleared!
+
+ SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+ Options already set before are not cleared!
+
++SSL_CTX_clear_options() clears the options set via bitmask in B<options>
++to B<ctx>.
++
++SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
++
+ SSL_CTX_get_options() returns the options set for B<ctx>.
+
+ SSL_get_options() returns the options set for B<ssl>.
+
++SSL_get_secure_renegotiation_support() indicates whether the peer supports
++secure renegotiation.
++
+ =head1 NOTES
+
+ The behaviour of the SSL library can be changed by setting several options.
+ The options are coded as bitmasks and can be combined by a logical B<or>
+-operation (|). Options can only be added but can never be reset.
++operation (|).
+
+ SSL_CTX_set_options() and SSL_set_options() affect the (external)
+ protocol behaviour of the SSL library. The (internal) behaviour of
+@@ -199,17 +214,109 @@ Do not use the TLSv1 protocol.
+
+ When performing renegotiation as a server, always start a new session
+ (i.e., session resumption requests are only accepted in the initial
+-handshake). This option is not needed for clients.
++handshake). This option is not needed for clients.
++
++=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
++
++Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
++servers. See the B<SECURE RENEGOTIATION> section for more details.
++
++=item SSL_OP_LEGACY_SERVER_CONNECT
++
++Allow legacy insecure renegotiation between OpenSSL and unpatched servers
++B<only>: this option is currently set by default. See the
++B<SECURE RENEGOTIATION> section for more details.
+
+ =back
+
++=head1 SECURE RENEGOTIATION
++
++OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
++described in RFC5746. This counters the prefix attack described in
++CVE-2009-3555 and elsewhere.
++
++The deprecated and highly broken SSLv2 protocol does not support
++renegotiation at all: its use is B<strongly> discouraged.
++
++This attack has far reaching consequences which application writers should be
++aware of. In the description below an implementation supporting secure
++renegotiation is referred to as I<patched>. A server not supporting secure
++renegotiation is referred to as I<unpatched>.
++
++The following sections describe the operations permitted by OpenSSL's secure
++renegotiation implementation.
++
++=head2 Patched client and server
++
++Connections and renegotiation are always permitted by OpenSSL implementations.
++
++=head2 Unpatched client and patched OpenSSL server
++
++The initial connection suceeds but client renegotiation is denied by the
++server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
++B<handshake_failure> alert in SSL v3.0.
++
++If the patched OpenSSL server attempts to renegotiate a fatal
++B<handshake_failure> alert is sent. This is because the server code may be
++unaware of the unpatched nature of the client.
++
++If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
++renegotiation B<always> succeeds.
++
++B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
++unpatched) will result in the connection hanging if it receives a
++B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
++a B<no_renegotiation> alert as fatal and respond with a fatal
++B<handshake_failure> alert. This is because the OpenSSL API currently has
++no provision to indicate to an application that a renegotiation attempt
++was refused.
++
++=head2 Patched OpenSSL client and unpatched server.
++
++If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
++and renegotiation between patched OpenSSL clients and unpatched servers
++succeeds. If neither option is set then initial connections to unpatched
++servers will fail.
++
++The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
++though it has security implications: otherwise it would be impossible to
++connect to unpatched servers (i.e. all of them initially) and this is clearly
++not acceptable. Renegotiation is permitted because this does not add any
++additional security issues: during an attack clients do not see any
++renegotiations anyway.
++
++As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
++B<not> be set by default in a future version of OpenSSL.
++
++OpenSSL client applications wishing to ensure they can connect to unpatched
++servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
++
++OpenSSL client applications that want to ensure they can B<not> connect to
++unpatched servers (and thus avoid any security issues) should always B<clear>
++B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
++SSL_clear_options().
++
++The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
++B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
++renegotiation between OpenSSL clients and unpatched servers B<only>, while
++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
++and renegotiation between OpenSSL and unpatched clients or servers.
++
+ =head1 RETURN VALUES
+
+ SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+ after adding B<options>.
+
++SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
++after clearing B<options>.
++
+ SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+
++SSL_get_secure_renegotiation_support() returns 1 is the peer supports
++secure renegotiation and 0 if it does not.
++
+ =head1 SEE ALSO
+
+ L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+@@ -232,4 +339,11 @@ Versions up to OpenSSL 0.9.6c do not inc
+ can be disabled with this option (in OpenSSL 0.9.6d, it was always
+ enabled).
+
++SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
++0.9.8m.
++
++B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
++and the function SSL_get_secure_renegotiation_support() were first added in
++OpenSSL 0.9.8m.
++
+ =cut
+diff -up openssl-0.9.7a/ssl/Makefile.ssl.reneg openssl-0.9.7a/ssl/Makefile.ssl
+--- openssl-0.9.7a/ssl/Makefile.ssl.reneg 2002-12-19 23:10:20.000000000 +0100
++++ openssl-0.9.7a/ssl/Makefile.ssl 2010-02-10 13:01:47.000000000 +0100
+@@ -34,7 +34,7 @@ LIBSRC= \
+ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+ ssl_ciph.c ssl_stat.c ssl_rsa.c \
+ ssl_asn1.c ssl_txt.c ssl_algs.c \
+- bio_ssl.c ssl_err.c kssl.c
++ bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+ LIBOBJ= \
+ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
+ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
+@@ -43,7 +43,7 @@ LIBOBJ= \
+ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+ ssl_ciph.o ssl_stat.o ssl_rsa.o \
+ ssl_asn1.o ssl_txt.o ssl_algs.o \
+- bio_ssl.o ssl_err.o kssl.o
++ bio_ssl.o ssl_err.o kssl.o t1_reneg.o
+
+ SRC= $(LIBSRC)
+
+diff -up openssl-0.9.7a/ssl/ssl_err.c.reneg openssl-0.9.7a/ssl/ssl_err.c
+--- openssl-0.9.7a/ssl/ssl_err.c.reneg 2002-11-12 14:23:36.000000000 +0100
++++ openssl-0.9.7a/ssl/ssl_err.c 2010-02-10 13:01:47.000000000 +0100
+@@ -138,8 +138,12 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
+ {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"},
+ {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"},
++{ERR_PACK(0,SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,0), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
++{ERR_PACK(0,SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,0), "SSL_ADD_CLIENTHELLO_TLSEXT"},
+ {ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"},
+ {ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"},
++{ERR_PACK(0,SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,0), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
++{ERR_PACK(0,SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,0), "SSL_ADD_SERVERHELLO_TLSEXT"},
+ {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"},
+ {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
+ {ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"},
+@@ -177,6 +181,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"},
+ {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"},
+ {ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"},
++{ERR_PACK(0,SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,0), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
++{ERR_PACK(0,SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,0), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
++{ERR_PACK(0,SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,0), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
++{ERR_PACK(0,SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,0), "SSL_PARSE_SERVERHELLO_TLSEXT"},
+ {ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
+ {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"},
+@@ -329,12 +337,14 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
+ {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
+ {SSL_R_NO_PUBLICKEY ,"no publickey"},
++{SSL_R_NO_RENEGOTIATION ,"no renegotiation"},
+ {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
+ {SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
+ {SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
+ {SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
+ {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
+ {SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"},
++{SSL_R_PARSE_TLSEXT ,"parse tlsext"},
+ {SSL_R_PATH_TOO_LONG ,"path too long"},
+ {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
+ {SSL_R_PEER_ERROR ,"peer error"},
+@@ -353,10 +363,14 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
+ {SSL_R_RECORD_TOO_LARGE ,"record too large"},
+ {SSL_R_RECORD_TOO_SMALL ,"record too small"},
++{SSL_R_RENEGOTIATE_EXT_TOO_LONG ,"renegotiate ext too long"},
++{SSL_R_RENEGOTIATION_ENCODING_ERR ,"renegotiation encoding err"},
++{SSL_R_RENEGOTIATION_MISMATCH ,"renegotiation mismatch"},
+ {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
+ {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
+ {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
+ {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
++{SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING ,"scsv received when renegotiating"},
+ {SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"},
+ {SSL_R_SHORT_READ ,"short read"},
+ {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+@@ -425,6 +439,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"},
+ {SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"},
+ {SSL_R_UNKNOWN_STATE ,"unknown state"},
++{SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED,"unsafe legacy renegotiation disabled"},
+ {SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
+ {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+ {SSL_R_UNSUPPORTED_OPTION ,"unsupported option"},
+diff -up openssl-0.9.7a/ssl/ssl.h.reneg openssl-0.9.7a/ssl/ssl.h
+--- openssl-0.9.7a/ssl/ssl.h.reneg 2010-02-10 13:01:47.000000000 +0100
++++ openssl-0.9.7a/ssl/ssl.h 2010-02-10 13:01:47.000000000 +0100
+@@ -463,6 +463,8 @@ typedef struct ssl_session_st
+
+ #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
+ #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
++/* Allow initial connection to servers that don't support RI */
++#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl.spec?r1=1.146.2.3.2.10&r2=1.146.2.3.2.11&f=u
More information about the pld-cvs-commit
mailing list