Add patch errata and revised advisory.

svn path=/head/; revision=46361

share/security/advisories/FreeBSD-SA-15:06.openssl.asc

@@ -9,14 +9,14 @@ Topic:          Multiple OpenSSL vulnerabilities
 
 Category:       contrib
 Module:         openssl
-Announced:      2015-03-19
+Announced:      2015-03-19; Last revised on 2015-03-20.
 Affects:        All supported versions of FreeBSD.
-Corrected:      2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)
-                2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)
-                2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)
-                2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)
-                2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)
-                2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)
+Corrected:      2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE)
+                2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8)
+                2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE)
+                2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12)
+                2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE)
+                2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26)
 CVE Name:       CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,
                 CVE-2015-0289, CVE-2015-0293
 
@@ -24,6 +24,14 @@ For general information regarding FreeBSD Security Advisories,
 including descriptions of the fields above, security branches, and the
 following sections, please visit <URL:https://security.FreeBSD.org/>.
 
+0.   Revision history
+
+v1.0  2015-03-19 Initial release.
+v1.1  2015-03-20 Reverted a portion of change that should not belong to the
+                 advisory and did not end up in the final OpenSSL release.
+                 The patch is also revised to include fixes for
+                 CVE-2015-0209 and CVE-2015-0288.
+
 I.   Background
 
 FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
@@ -120,11 +128,19 @@ detached PGP signature using your PGP utility.
 # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc
 # gpg --verify openssl-0.9.8.patch.asc
 
+# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8-errata.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8-errata.patch.asc
+# gpg --verify openssl-0.9.8-errata.patch.asc
+
 [FreeBSD 10.1]
 # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch
 # fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc
 # gpg --verify openssl-1.0.1.patch.asc
 
+# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1-errata.patch
+# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1-errata.patch.asc
+# gpg --verify openssl-1.0.1-errata.patch.asc
+
 b) Apply the patch.  Execute the following commands as root:
 
 # cd /usr/src
@@ -142,12 +158,12 @@ affected branch.
 
 Branch/path                                                      Revision
 - -------------------------------------------------------------------------
-stable/8/                                                         r280266
-releng/8.4/                                                       r280268
-stable/9/                                                         r280266
-releng/9.3/                                                       r280268
-stable/10/                                                        r280266
-releng/10.1/                                                      r280268
+stable/8/                                                         r280274
+releng/8.4/                                                       r280275
+stable/9/                                                         r280274
+releng/9.3/                                                       r280275
+stable/10/                                                        r280274
+releng/10.1/                                                      r280275
 - -------------------------------------------------------------------------
 
 To see which files were modified by a particular revision, run the
@@ -181,17 +197,17 @@ The latest revision of this advisory is available at
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.1.2 (FreeBSD)
 
-iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns
-hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp
-jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy
-R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C
-3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln
-rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H
-t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs
-x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu
-5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH
-sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq
-CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd
-UQg3YfrXHDlxCsqEzN7o
-=wi0T
+iQIcBAEBCgAGBQJVC8m8AAoJEO1n7NZdz2rn/lQP/1ZrUSnxaoaZxQbLrBZlg7Jr
+dAgjo4JTSPwyJM3gQY+WD1WPChxIJvbndR/NQux9grrn6N06kD+q0DUHOXi6MAL0
+TqMEGxAqVlIUVdn18xZJaIwEzcx5HJKQz2UOMk3UGjy3WSh93p25oewF/cIcaryN
+FKAmpXmmPm77Qv5Vr1st8OyjnP7XiMmerSEWVGqFLsJPye5lvHcPOZrzQkRQRQJf
+1b896UaOezw4v8C2HJvJMrQLN4l/ahCV6NsuQnN1/yzo8cS75OxMsooo8VgA8k0G
+ADuNFb1oZIygoin6ZOxlSHeeh+A6mdhitU4hNNy2rBNTC9IwijCg/dx/x1rutAxb
+3MHUcCmF0sNewTkDwdzSvVCR4pYAAPI3yG0gUlXMTepQpH6Ozjf77OPW5KQPVGzf
+ijqOS32hprqVklDu2yREUv1AY0srboES5b9XQyfkFCFyNF8VX3OaDL8jHdfQezSx
+njF8UVUydmC7szDCW+MmQoNo4NaPCLd2m3l25RRD8SAdR9jB8WIox59E1k2O+LP/
+rgO6wial36CUiTc5SdbCzVom9K/KhKXeBWAlCnK9R9DCNaUaiBIvTBngtGdfjxxi
+bJxoSqXSnfVwhGE565cwtODR/qMfRxY6Z8g4JEkSQN5SmzezmyLCdmXCpktHkC21
+XQG0M1dIh8m3m67rEyE6
+=C2Zp
 -----END PGP SIGNATURE-----

share/security/patches/SA-15:06/openssl-0.9.8-errata.patch

@@ -0,0 +1,75 @@
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+--- crypto/openssl/crypto/asn1/tasn_dec.c	(revision 280272)
++++ crypto/openssl/crypto/asn1/tasn_dec.c	(working copy)
+@@ -125,23 +125,16 @@ unsigned long ASN1_tag2bit(int tag)
+ 
+ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ 		const unsigned char **in, long len, const ASN1_ITEM *it)
+-{
++	{
+ 	ASN1_TLC c;
+ 	ASN1_VALUE *ptmpval = NULL;
++	if (!pval)
++		pval = &ptmpval;
+ 	c.valid = 0;
+-	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+-		ptmpval = *pval;
+-
+-	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
+-		if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
+-			if (*pval)
+-				ASN1_item_free(*pval, it);
+-			*pval = ptmpval;
+-		}
+-		return ptmpval;
++	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
++		return *pval;
++	return NULL;
+ 	}
+-	return NULL;
+-}
+ 
+ int ASN1_template_d2i(ASN1_VALUE **pval,
+ 		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+Index: crypto/openssl/crypto/ec/ec_asn1.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_asn1.c	(revision 280272)
++++ crypto/openssl/crypto/ec/ec_asn1.c	(working copy)
+@@ -1126,8 +1126,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
+                                  ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1192,11 +1190,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
+ 			}
+ 		}
+ 
++	if (a)
++		*a = ret;
+ 	ok = 1;
+ err:
+ 	if (!ok)
+ 		{
+-		if (ret)
++		if (ret && (a == NULL || *a != ret))
+ 			EC_KEY_free(ret);
+ 		ret = NULL;
+ 		}
+Index: crypto/openssl/crypto/x509/x509_req.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_req.c	(revision 280272)
++++ crypto/openssl/crypto/x509/x509_req.c	(working copy)
+@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey
+ 		goto err;
+ 
+ 	pktmp = X509_get_pubkey(x);
++	if (pktmp == NULL)
++		goto err;
+ 	i=X509_REQ_set_pubkey(ret,pktmp);
+ 	EVP_PKEY_free(pktmp);
+ 	if (!i) goto err;

share/security/patches/SA-15:06/openssl-0.9.8-errata.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAABCgAGBQJVC8nLAAoJEO1n7NZdz2rntVsP/Am0uqGCczvjo7Osj/Arpqs2
+/qMFqlmp8YpUOqOP4Nw/4JNcODry6pJOzK8jff0aDhVQn3vPMnNWhsYDAipG8p3e
+2vQHgOkgBEO4o4qXxk2cmJzi/vH3lQ/71D8SpiNnX9+RkXjEYOSTBgjFiM7n1Scq
+nfsT4HRd3n6Pggo0Gicf02ToCV409oktExqt8CUBVtYwP22RUi4Jv/zoUiVjNTDW
+XxdZemsGvEvt7xVKBVjddfbKR0GxZ4zR7KqEBdqoqvntVGZtyGaOpHa82XMd3EFL
+2KVqVNVjChtkchU8f4elU9nvWFeiUuw7t2cPIRSFsd0iieGH3dMmiyBFhr4YXvSg
+3uRR55vOP0PElI1sSSKqcLq8cpmXKaKNDh/xuAqllPz2IdSuzVVCdmqN+0ShC30X
+bPgBxqYg3MIj8/zCgWqcqoOhX8ZPQ1GdvU7Sua6PxNKujRNf4QDVMlRNM/RNOWPs
+rmO3wRiBcsejpxayV0L3SGaCHqECxP+UkwCMcSi70LtzMQImbrevQny+1xXcP5Rm
+wB8Use66LbV4pFoXsVrIpENa4rXacI+4fLsey9Dm1z5vRFyQtZkeFcQAgucV5La7
+1RJR2aS7Q4kj8ERY/T+0z519ud5SEnV4m80K9xr4O0Y2nRuiIp06z4NxEzhDKOAW
+hz9hMkj+pNrSBxvbZxUn
+=htPX
+-----END PGP SIGNATURE-----

share/security/patches/SA-15:06/openssl-1.0.1-errata.patch

@@ -0,0 +1,74 @@
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+--- crypto/openssl/crypto/asn1/tasn_dec.c	(revision 280272)
++++ crypto/openssl/crypto/asn1/tasn_dec.c	(working copy)
+@@ -127,22 +127,16 @@ unsigned long ASN1_tag2bit(int tag)
+ 
+ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ 		const unsigned char **in, long len, const ASN1_ITEM *it)
+-{
++	{
+ 	ASN1_TLC c;
+ 	ASN1_VALUE *ptmpval = NULL;
++	if (!pval)
++		pval = &ptmpval;
+ 	asn1_tlc_clear_nc(&c);
+-	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
+-		ptmpval = *pval;
+-	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
+-		if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
+-			if (*pval)
+-				ASN1_item_free(*pval, it);
+-			*pval = ptmpval;
+-		}
+-		return ptmpval;
++	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
++		return *pval;
++	return NULL;
+ 	}
+-	return NULL;
+-}
+ 
+ int ASN1_template_d2i(ASN1_VALUE **pval,
+ 		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+Index: crypto/openssl/crypto/ec/ec_asn1.c
+===================================================================
+--- crypto/openssl/crypto/ec/ec_asn1.c	(revision 280272)
++++ crypto/openssl/crypto/ec/ec_asn1.c	(working copy)
+@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
+                                  ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne
+ 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+ 		}
+ 
++	if (a)
++		*a = ret;
+ 	ok = 1;
+ err:
+ 	if (!ok)
+ 		{
+-		if (ret)
++		if (ret && (a == NULL || *a != ret))
+ 			EC_KEY_free(ret);
+ 		ret = NULL;
+ 		}
+Index: crypto/openssl/crypto/x509/x509_req.c
+===================================================================
+--- crypto/openssl/crypto/x509/x509_req.c	(revision 280272)
++++ crypto/openssl/crypto/x509/x509_req.c	(working copy)
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey
+ 		goto err;
+ 
+ 	pktmp = X509_get_pubkey(x);
++	if (pktmp == NULL)
++		goto err;
+ 	i=X509_REQ_set_pubkey(ret,pktmp);
+ 	EVP_PKEY_free(pktmp);
+ 	if (!i) goto err;

share/security/patches/SA-15:06/openssl-1.0.1-errata.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.2 (FreeBSD)
+
+iQIcBAABCgAGBQJVC8nLAAoJEO1n7NZdz2rnRHQQANP4jK13uDS4M22jPpjeNTtj
+GOk/zpZHCrRHDrWo2xTU/bHJB6vrAwehy7klVw0wGc5WmpDYaJtEkPkaf31QgjvT
+fDso7bIy2nugcuaMQtmMaZfLwbD5f/k9xDYKxzGN/Zh6dkvTs8FxJQzdCjwb6P4w
+i5iRFRmkJp2Wl5FBG+jt+7c8Oup4QSWD1Q/IpFVPtz3PKuNma1u+xMcW5W1l5QnI
+On/f3p+mfQJkaQSz9SVMEI94tLIP9iCsqDzm5EmWhHIegVpDpzy4Pk2ipFD4Ec6I
+eTRfctSmMSlJYHIYIt8idRvqaaUnely7nm5DIDAH0RLGOgVGtrNGKapFyyAlIn2c
+sS9G51qZrSXoG+Fohsw6rycLYjMLJjoijZXbquns+q/IxCw9XZvj+3TX8s5tDjvk
+V4D1SG4e8lBYq+WZpNE6ygV3nT0K8ilSYkqzX/iXDddsFk/0Q0tAzIwAk66rVadD
+WHj+BBoTTXHkIsHKm8b+4lyMabSaI92H2c1Bbl0yWHVFiXyKBjBSGMCMCQW5GVPx
+ys07B1BhT4Gp+ullR4mIyLMyevvOfun/J5BsPcdoJMzOMYgeM1ORO9JnK9jnI0I5
+3hU2ZFdnr8xVzHmVMY/uShC7YpU5BxDQVF48JDl7+oK12sPDDIqVL7D7Vq414Nuh
+oDB6p7qRukpo2MBOMHe7
+=dKQ8
+-----END PGP SIGNATURE-----