From fda0a038810529d6e45b17822ddcc61d82964e83 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 2 Oct 2006 01:44:27 +0000
Subject: [PATCH] 2089.   [security]      Raise the minimum safe OpenSSL
 versions to                         OpenSSL 0.9.7l and OpenSSL 0.9.8d. 
 Versions                         prior to these have known security flaws
 which                         are (potentially) exploitable in named. [RT
 #16391]

2088.   [security]      Change the default RSA exponent from 3 to 65537.
                        [RT #16391]
---
 CHANGES                   |   8 +++
 configure.in              |  56 +++++++++-----------
 lib/dns/opensslrsa_link.c | 105 ++++++++++----------------------------
 3 files changed, 60 insertions(+), 109 deletions(-)

diff --git a/CHANGES b/CHANGES
index e6a7fae963..856e091e40 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,11 @@
+2089.	[security]	Raise the minimum safe OpenSSL versions to
+			OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
+			prior to these have known security flaws which
+			are (potentially) exploitable in named. [RT #16391]
+
+2088.	[security]	Change the default RSA exponent from 3 to 65537.
+			[RT #16391]
+
 2087.	[port]		libisc failed to compile on OS's w/o a vsnprintf.
 			[RT #16382]
 
diff --git a/configure.in b/configure.in
index fd897933f6..07e98d7635 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.412 $)
+AC_REVISION($Revision: 1.413 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -483,51 +483,43 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
 		AC_CHECK_FUNC(DSA_generate_parameters,
 			      AC_DEFINE(HAVE_DSA_GENERATE_PARAMETERS, 1,
 					[Define if libcrypto has DSA_generate_parameters]))
-#
-#	OpenSSLDie is new with CERT CS-2002-23.  If we see it we have may
-#	have a patched library otherwise check that we are greater than
-#	the fixed versions
-#
-		AC_CHECK_FUNC(OpenSSLDie,
+
+AC_ARG_ENABLE(openssl-version-check,
+[AC_HELP_STRING([--enable-openssl-version-check],
+        [Check OpenSSL Version @<:@default=yes@:>@])])
+case "$enable_openssl_version_check" in
+yes|'')
 		AC_MSG_CHECKING(OpenSSL library version)
 		AC_TRY_RUN([
 #include <stdio.h>
 #include <openssl/opensslv.h>
 int main() {
-        if (OPENSSL_VERSION_NUMBER >= 0x0090581fL)
+        if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
+	     OPENSSL_VERSION_NUMBER < 0x009080000L) ||
+	     OPENSSL_VERSION_NUMBER >= 0x0090804fL)
                 return (0);
 	printf("\n\nFound   OPENSSL_VERSION_NUMBER %#010x\n",
 		OPENSSL_VERSION_NUMBER);
-	printf("Require OPENSSL_VERSION_NUMBER 0x0090581f or greater\n\n");
+	printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
+	       "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n");
         return (1);
 }
 ],
 	        [AC_MSG_RESULT(ok)],
 		[AC_MSG_RESULT(not compatible)
-		 AC_MSG_ERROR(you need OpenSSL 0.9.5a or newer)],
+		 AC_MSG_ERROR(
+[you need OpenSSL 0.9.7k/0.9.8c (or newer) for:
+CAN-2002-0659 and CAN-2006-4339
+to skip this test specify: --disable-openssl-version-check]
+)
+],
 		[AC_MSG_RESULT(assuming target platform has compatible version)])
-		,
-	        AC_MSG_RESULT(did not find fixes for CERT CA-2002-23)
-		AC_MSG_CHECKING(OpenSSL library version)
-		AC_TRY_RUN([
-#include <stdio.h>
-#include <openssl/opensslv.h>
-int main() {
-        if ((OPENSSL_VERSION_NUMBER >= 0x0090605fL &&
-	     OPENSSL_VERSION_NUMBER < 0x009070000L) ||
-	     OPENSSL_VERSION_NUMBER >= 0x00907003L)
-                return (0);
-	printf("\n\nFound   OPENSSL_VERSION_NUMBER %#010x\n",
-		OPENSSL_VERSION_NUMBER);
-	printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater (0.9.6e)\n"
-	       "Require OPENSSL_VERSION_NUMBER 0x00907003 or greater (0.9.7-beta2)\n\n");
-        return (1);
-}
-],
-	        [AC_MSG_RESULT(ok)],
-		[AC_MSG_RESULT(not compatible)
-		 AC_MSG_ERROR(you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23)],
-		[AC_MSG_RESULT(assuming target platform has compatible version)]))
+;;
+no)
+	AC_MSG_RESULT(Skipped OpenSSL version check)
+;;
+esac
+
 		AC_MSG_CHECKING(for OpenSSL DSA support)
 		if test -f $use_openssl/include/openssl/dsa.h
 		then
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 87845993af..b0356cf405 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.7 2006/03/02 00:37:23 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.8 2006/10/02 01:44:27 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -39,6 +39,9 @@
 #include <openssl/err.h>
 #include <openssl/objects.h>
 #include <openssl/rsa.h>
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+#include <openssl/bn.h>
+#endif
 
 	/*
 	 * XXXMPA  Temporarially disable RSA_BLINDING as it requires
@@ -268,110 +271,58 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	return (ISC_TRUE);
 }
 
-#ifndef HAVE_RSA_GENERATE_KEY
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-static RSA *
-RSA_generate_key(int bits, unsigned long e_value,
-		 void (*callback)(int,int,void *), void *cb_arg)
-{
+static isc_result_t
+opensslrsa_generate(dst_key_t *key, int exp) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
         BN_GENCB cb;
-        size_t i;
         RSA *rsa = RSA_new();
         BIGNUM *e = BN_new();
 
         if (rsa == NULL || e == NULL)
 		goto err;
 
-        /* The problem is when building with 8, 16, or 32 BN_ULONG,
-         * unsigned long can be larger */
-        for (i = 0; i < sizeof(unsigned long) * 8; i++) {
-                if ((e_value & (1UL<<i)) != 0)
-                        BN_set_bit(e, i);
+	if (exp == 0) {
+		/* RSA_F4 0x10001 */
+		BN_set_bit(e, 0);
+		BN_set_bit(e, 16);
+	} else {
+		/* 0x40000003 */
+		BN_set_bit(e, 0);
+		BN_set_bit(e, 1);
+		BN_set_bit(e, 30);
 	}
 
-        BN_GENCB_set_old(&cb, callback, cb_arg);
+        BN_GENCB_set_old(&cb, NULL, NULL);
 
-        if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
+        if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
                 BN_free(e);
-                return (rsa);
+		SET_FLAGS(rsa);
+		key->opaque = rsa;
+		return (ISC_R_SUCCESS);
         }
+
 err:
         if (e != NULL)
 		BN_free(e);
         if (rsa != NULL)
 		RSA_free(rsa);
-        return (NULL);
-}
-#endif
-
-static isc_result_t
-opensslrsa_generate(dst_key_t *key, int exp) {
+        return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+#else
 	RSA *rsa;
 	unsigned long e;
 
 	if (exp == 0)
-		e = RSA_3;
+	       e = RSA_F4;
 	else
-		e = RSA_F4;
+	       e = 0x40000003;
 	rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
 	if (rsa == NULL)
-		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+	       return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 	SET_FLAGS(rsa);
 	key->opaque = rsa;
 
 	return (ISC_R_SUCCESS);
+#endif
 }
 
 static isc_boolean_t