Apply by doing: cd /usr/src patch -p0 < 016_openssl.patch And then rebuild and install OpenSSL: cd lib/libssl make obj make depend make make install Index: lib/libssl/src/crypto/rsa/rsa_sign.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_sign.c,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -p -r1.7 -r1.7.2.1 --- lib/libssl/src/crypto/rsa/rsa_sign.c 29 Apr 2005 05:39:26 -0000 1.7 +++ lib/libssl/src/crypto/rsa/rsa_sign.c 9 Sep 2006 01:18:36 -0000 1.7.2.1 @@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned sig=d2i_X509_SIG(NULL,&p,(long)i); if (sig == NULL) goto err; + + /* Excess data can be used to create forgeries */ + if(p != s+i) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Parameters to the signature algorithm can also be used to + create forgeries */ + if(sig->algor->parameter + && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) + { + RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + goto err; + } + sigtype=OBJ_obj2nid(sig->algor->algorithm); Index: lib/libssl/src/ssl/s23_srvr.c =================================================================== RCS file: /cvs/src/lib/libssl/src/ssl/s23_srvr.c,v retrieving revision 1.8 retrieving revision 1.8.2.1 diff -u -p -r1.8 -r1.8.2.1 --- lib/libssl/src/ssl/s23_srvr.c 29 Apr 2005 05:39:31 -0000 1.8 +++ lib/libssl/src/ssl/s23_srvr.c 1 Nov 2005 01:01:12 -0000 1.8.2.1 @@ -528,9 +528,7 @@ int ssl23_get_client_hello(SSL *s) } s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) + if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3) s->s2->ssl2_rollback=0; else /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0