diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2006-09-29 13:46:41 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2006-09-29 13:46:41 +0000 |
commit | eae9de64eb36b90772270b9c05d68d06bdb2efbe (patch) | |
tree | b758cc7fb0642cb847299968dad49810f6339b42 | |
parent | 3ad23639492e3bd95d01e73c18a63a6b49153d08 (diff) | |
download | src-test2-eae9de64eb36b90772270b9c05d68d06bdb2efbe.tar.gz src-test2-eae9de64eb36b90772270b9c05d68d06bdb2efbe.zip |
Correct problem in the 2006-09-28 patch concerning the handling of
excessively large DH moduli.
Reported by: Steve Kiernan (Juniper SIRT)
Security: FreeBSD-SA-06:23.openssl
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/5.3/; revision=162788
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/dh/dh_key.c | 2 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 |
3 files changed, 6 insertions, 2 deletions
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20060929: p36 FreeBSD-SA-06:23.openssl + Correct problem in the 2006-09-28 patch concerning the handling of + excessively large DH moduli. + 20060928: p35 FreeBSD-SA-06:23.openssl Correct multiple vulnerabilities in crypto(3). Limit the size of public keys used in order to protect applications diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index 649aa5cffde4..3faf94a7f704 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -165,7 +165,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); - goto err; + return -1; } ctx = BN_CTX_new(); diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index e6dff66adfda..01c8caed7f29 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p35" +BRANCH="RELEASE-p36" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" |