[openssl-commits] [openssl] OpenSSL_1_0_0-stable update

Matt Caswell matt at openssl.org
Thu Dec 3 15:35:15 UTC 2015

The branch OpenSSL_1_0_0-stable has been updated
       via  f93aad4a56a1580a109785c2c922fe6b8baf7df9 (commit)
       via  ce052c8437fb97cbc57f034fa94b5bcd749dbf52 (commit)
       via  a402b2b7bcff8d6901aa771e49c45cf38836e7bf (commit)
       via  d275dbe6eb7b720b8920f712eea79044f845a4bb (commit)
       via  cf432b3b1bd7caa22943b41b94ec2472ae497dc6 (commit)
      from  015b17257855e31003eb29a70280764c3c822710 (commit)

- Log -----------------------------------------------------------------
commit f93aad4a56a1580a109785c2c922fe6b8baf7df9
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Dec 3 14:57:35 2015 +0000

    Prepare for 1.0.0u-dev
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit ce052c8437fb97cbc57f034fa94b5bcd749dbf52
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Dec 3 14:56:22 2015 +0000

    Prepare for 1.0.0t release
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit a402b2b7bcff8d6901aa771e49c45cf38836e7bf
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Dec 1 14:39:47 2015 +0000

    Update CHANGES and NEWS
    Update the CHANGES and NEWS files for the new release.
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit d275dbe6eb7b720b8920f712eea79044f845a4bb
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Mon Feb 23 12:57:50 2015 +0000

    Free up passed ASN.1 structure if reused.
    Change the "reuse" behaviour in ASN1_item_d2i: if successful the old
    structure is freed and a pointer to the new one used. If it is not
    successful then the passed structure is untouched.
    Exception made for primitive types so ssl_asn1.c still works.
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

commit cf432b3b1bd7caa22943b41b94ec2472ae497dc6
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Nov 10 19:03:07 2015 +0000

    Fix leak with ASN.1 combine.
    When parsing a combined structure pass a flag to the decode routine
    so on error a pointer to the parent structure is not zeroed as
    this will leak any additional components in the parent.
    This can leak memory in any application parsing PKCS#7 or CMS structures.
    Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
    Reviewed-by: Richard Levitte <levitte at openssl.org>


Summary of changes:
 CHANGES                 | 25 ++++++++++++++++++++++++-
 NEWS                    |  7 ++++++-
 README                  |  2 +-
 crypto/asn1/tasn_dec.c  | 21 +++++++++++++++------
 crypto/opensslv.h       |  6 +++---
 doc/crypto/d2i_X509.pod | 10 +++++++++-
 openssl.spec            |  2 +-
 7 files changed, 59 insertions(+), 14 deletions(-)

diff --git a/CHANGES b/CHANGES
index ccf2c03..9cea9e6 100644
@@ -2,10 +2,33 @@
- Changes between 1.0.0s and 1.0.0t [xx XXX xxxx]
+ Changes between 1.0.0t and 1.0.0u [xx XXX xxxx]
+ Changes between 1.0.0s and 1.0.0t [3 Dec 2015]
+  *) X509_ATTRIBUTE memory leak
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+  *) Race condition handling PSK identify hint
+     If PSK identity hints are received by a multi-threaded client then
+     the values are wrongly updated in the parent SSL_CTX structure. This can
+     result in a race condition potentially leading to a double free of the
+     identify hint data.
+     (CVE-2015-3196)
+     [Stephen Henson]
  Changes between 1.0.0r and 1.0.0s [11 Jun 2015]
   *) Malformed ECParameters causes infinite loop
diff --git a/NEWS b/NEWS
index 99ba960..d688d4b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
-  Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [under development]
+  Major changes between OpenSSL 1.0.0t and OpenSSL 1.0.0u [under development]
+  Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015]
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
   Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015]
       o Malformed ECParameters causes infinite loop (CVE-2015-1788)
diff --git a/README b/README
index 1a70b7f..f2f62b0 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.0t-dev
+ OpenSSL 1.0.0u-dev
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7fd336a..f56eb4c 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -140,11 +140,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
     ASN1_TLC c;
     ASN1_VALUE *ptmpval = NULL;
-    if (!pval)
-        pval = &ptmpval;
-    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
-        return *pval;
+    if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+        ptmpval = *pval;
+    if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
+        if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
+            if (*pval)
+                ASN1_item_free(*pval, it);
+            *pval = ptmpval;
+        }
+        return ptmpval;
+    }
     return NULL;
@@ -180,6 +186,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
     int otag;
     int ret = 0;
     ASN1_VALUE **pchptr, *ptmpval;
+    int combine = aclass & ASN1_TFLG_COMBINE;
+    aclass &= ~ASN1_TFLG_COMBINE;
     if (!pval)
         return 0;
     if (aux && aux->asn1_cb)
@@ -500,7 +508,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-    ASN1_item_ex_free(pval, it);
+    if (combine == 0)
+        ASN1_item_ex_free(pval, it);
     if (errtt)
         ERR_add_error_data(4, "Field=", errtt->field_name,
                            ", Type=", it->sname);
@@ -689,7 +698,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
     } else {
         /* Nothing special */
         ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-                               -1, 0, opt, ctx);
+                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
         if (!ret) {
             goto err;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 5f79fb0..3f7c741 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -26,11 +26,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
-# define OPENSSL_VERSION_NUMBER  0x10000140L
+# define OPENSSL_VERSION_NUMBER  0x10000150L
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0t-fips-dev xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0u-fips-dev xx XXX xxxx"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0t-dev xx XXX xxxx"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0u-dev xx XXX xxxx"
 # endif
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 298ec54..6fed4b1 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused structure may
 persist if they are not present in the new one. As a result the use
 of this "reuse" behaviour is strongly discouraged.
+Current versions of OpenSSL will not modify B<*px> if an error occurs.
+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
+set to the value of the newly decoded structure. As a result B<*px>
+B<must not> be allocated on the stack or an attempt will be made to
+free an invalid pointer.
 i2d_X509() will not return an error in many versions of OpenSSL,
 if mandatory fields are not initialized due to a programming error
 then the encoded structure may contain invalid data or omit the
@@ -210,7 +216,9 @@ always succeed.
 d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
+with a valid X509 structure being passed in via B<px> then the object is not
+modified in the event of error.
 i2d_X509() returns the number of bytes successfully encoded or a negative
 value if an error occurs. The error code can be obtained by
diff --git a/openssl.spec b/openssl.spec
index e282aca..a45c687 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -6,7 +6,7 @@ Release: 1
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
-Version: 1.0.0t
+Version: 1.0.0u
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
 License: OpenSSL
 Group: System Environment/Libraries

More information about the openssl-commits mailing list