Accepting request 212714 from Base:System

Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss; Add file: CVE-2013-6450.patch (forwarded request 212653 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/212714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=105

CVE-2013-6450.patch

@@ -0,0 +1,60 @@
+Index: openssl-1.0.1e/ssl/d1_both.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/d1_both.c
++++ openssl-1.0.1e/ssl/d1_both.c
+@@ -214,6 +214,11 @@ dtls1_hm_fragment_new(unsigned long frag
+ static void
+ dtls1_hm_fragment_free(hm_fragment *frag)
+ 	{
++       if (frag->msg_header.is_ccs)
++               {
++               EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
++               EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
++               }
+ 	if (frag->fragment) OPENSSL_free(frag->fragment);
+ 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
+ 	OPENSSL_free(frag);
+Index: openssl-1.0.1e/ssl/ssl_locl.h
+===================================================================
+--- openssl-1.0.1e.orig/ssl/ssl_locl.h
++++ openssl-1.0.1e/ssl/ssl_locl.h
+@@ -625,6 +625,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
+ extern SSL3_ENC_METHOD SSLv3_enc_data;
+ extern SSL3_ENC_METHOD DTLSv1_enc_data;
+ 
++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
++
+ #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+ 				s_get_meth) \
+ const SSL_METHOD *func_name(void)  \
+Index: openssl-1.0.1e/ssl/t1_enc.c
+===================================================================
+--- openssl-1.0.1e.orig/ssl/t1_enc.c
++++ openssl-1.0.1e/ssl/t1_enc.c
+@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int
+ 			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+ 			else
+ 			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+-		if (s->enc_write_ctx != NULL)
++                if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+ 			reuse_dd = 1;
+-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
++                else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
+ 			goto err;
+-		else
+-			/* make sure it's intialized in case we exit later with an error */
+-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ 		dd= s->enc_write_ctx;
+-		mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
++               if (SSL_IS_DTLS(s))
++                       {
++                       mac_ctx = EVP_MD_CTX_create();
++                       if (!mac_ctx)
++                               goto err;
++                       s->write_hash = mac_ctx;
++                       }
++               else
++                       mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+ #ifndef OPENSSL_NO_COMP
+ 		if (s->compress != NULL)
+ 			{

openssl.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan  2 17:28:41 UTC 2014 - shchang@suse.com
+
+- Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss
+  Add file: CVE-2013-6450.patch 
+
 -------------------------------------------------------------------
 Sun Dec 22 08:10:55 UTC 2013 - shchang@suse.com
 

openssl.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openssl
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,6 +64,7 @@ Patch15:        openssl-1.0.1e-fips.patch
 Patch16:        openssl-1.0.1e-fips-ec.patch
 Patch17:        openssl-1.0.1e-fips-ctor.patch
 Patch18:        CVE-2013-6449.patch
+Patch19:        CVE-2013-6450.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -171,6 +172,7 @@ this package's base documentation.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p1
 
 cp -p %{S:10} .
 cp -p %{S:11} .