From owner-svn-src-all@FreeBSD.ORG  Thu Sep  8 16:22:58 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D48141065673;
	Thu,  8 Sep 2011 16:22:58 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id C166E8FC1D;
	Thu,  8 Sep 2011 16:22:58 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p88GMwPS098101;
	Thu, 8 Sep 2011 16:22:58 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p88GMw2R098098;
	Thu, 8 Sep 2011 16:22:58 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <201109081622.p88GMw2R098098@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Thu, 8 Sep 2011 16:22:58 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r225449 - in stable: 7/crypto/openssl/ssl
	8/crypto/openssl/ssl
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2011 16:22:59 -0000

Author: delphij
Date: Thu Sep  8 16:22:58 2011
New Revision: 225449
URL: http://svn.freebsd.org/changeset/base/225449

Log:
  MFC r225446:
  
  Fix SSL memory handlig for (EC)DH cipher suites, in particular for
  multi-threaded use of ECDH.
  
  Security:	CVE-2011-3210
  Reviewed by:	stas
  Obtained from:	OpenSSL CVS

Modified:
  stable/8/crypto/openssl/ssl/s3_lib.c
  stable/8/crypto/openssl/ssl/s3_srvr.c
Directory Properties:
  stable/8/crypto/openssl/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/7/crypto/openssl/ssl/s3_lib.c
  stable/7/crypto/openssl/ssl/s3_srvr.c
Directory Properties:
  stable/7/crypto/openssl/   (props changed)

Modified: stable/8/crypto/openssl/ssl/s3_lib.c
==============================================================================
--- stable/8/crypto/openssl/ssl/s3_lib.c	Thu Sep  8 12:56:26 2011	(r225448)
+++ stable/8/crypto/openssl/ssl/s3_lib.c	Thu Sep  8 16:22:58 2011	(r225449)
@@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+		{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+		}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+		{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+		}
 #endif
 
 	rp = s->s3->rbuf.buf;

Modified: stable/8/crypto/openssl/ssl/s3_srvr.c
==============================================================================
--- stable/8/crypto/openssl/ssl/s3_srvr.c	Thu Sep  8 12:56:26 2011	(r225448)
+++ stable/8/crypto/openssl/ssl/s3_srvr.c	Thu Sep  8 16:22:58 2011	(r225449)
@@ -710,9 +710,7 @@ int ssl3_check_client_hello(SSL *s)
 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
 		{
 		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.)
-		 * I hope that tmp.dh is the only thing that may need to be cleared
-		 * when a handshake is not completed ... */
+		 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
@@ -720,6 +718,13 @@ int ssl3_check_client_hello(SSL *s)
 			s->s3->tmp.dh = NULL;
 			}
 #endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->s3->tmp.ecdh != NULL)
+			{
+			EC_KEY_free(s->s3->tmp.ecdh);
+			s->s3->tmp.ecdh = NULL;
+			}
+#endif
 		return 2;
 		}
 	return 1;
@@ -1329,7 +1334,6 @@ int ssl3_send_server_key_exchange(SSL *s
 
 			if (s->s3->tmp.dh != NULL)
 				{
-				DH_free(dh);
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1390,7 +1394,6 @@ int ssl3_send_server_key_exchange(SSL *s
 
 			if (s->s3->tmp.ecdh != NULL)
 				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1401,12 +1404,11 @@ int ssl3_send_server_key_exchange(SSL *s
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -2262,6 +2264,12 @@ int ssl3_get_client_key_exchange(SSL *s)
                         /* Get encoded point length */
                         i = *p; 
 			p += 1;
+			if (n != 1 + i)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_EC_LIB);
+				goto err;
+				}
                         if (EC_POINT_oct2point(group, 
 			    clnt_ecpoint, p, i, bn_ctx) == 0)
 				{