add CVE-2010-0742 and CVS-2010-1633 fixes
This commit is contained in:
Dr. Stephen Henson
parent
2d060267b1
commit
3cbb15ee81
4 changed files with 16 additions and 2 deletions
10
CHANGES
10
CHANGES
|
|
@ -103,6 +103,12 @@
|
|||
is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
|
||||
whose return value is often ignored.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 1.0.0 and 1.0.0a [xx XXX xxxx]
|
||||
|
||||
*) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
|
||||
(CVE-2010-1633)
|
||||
[Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
|
||||
|
||||
Changes between 0.9.8n and 1.0.0 [xx XXX xxxx]
|
||||
|
||||
|
|
@ -947,6 +953,10 @@
|
|||
|
||||
Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
|
||||
|
||||
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
|
||||
access or freeing data twice (CVE-2010-0742)
|
||||
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
|
||||
|
||||
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
|
||||
common in certificates and some applications which only call
|
||||
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
|
||||
|
|
|
|||
2
NEWS
2
NEWS
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
|
||||
|
||||
o Fix for security issue CVE-2010-1633.
|
||||
o GOST MAC and CFB fixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0:
|
||||
|
|
@ -34,6 +35,7 @@
|
|||
|
||||
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
|
||||
|
||||
o Fix for security issue CVE-2010-0742.
|
||||
o Various DTLS fixes.
|
||||
o Recognise SHA2 certificates if only SSL algorithms added.
|
||||
o Fix for no-rc4 compilation.
|
||||
|
|
|
|||
|
|
@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
|
|||
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
|
||||
|
||||
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
|
||||
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
|
||||
ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
|
||||
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
|
||||
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
|
||||
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
|
||||
|
||||
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
|
||||
|
|
|
|||
|
|
@ -251,6 +251,8 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
|
|||
ret = int_rsa_verify(EVP_MD_type(rctx->md),
|
||||
NULL, 0, rout, &sltmp,
|
||||
sig, siglen, ctx->pkey->pkey.rsa);
|
||||
if (ret <= 0)
|
||||
return 0;
|
||||
ret = sltmp;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
Loading…
Reference in a new issue