diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2014-06-09 15:11:46 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2015-07-06 20:17:19 +0200 |
commit | 465c7cf5fbdedb00e98c7172442404f02b69add8 (patch) | |
tree | 259ce9e66f252ed61143855b4a6c1432af6a3215 | |
parent | f4cf9fe05bb3f32fabea4e54dd92d368967a80da (diff) | |
download | poky-465c7cf5fbdedb00e98c7172442404f02b69add8.tar.gz |
Fix for OpenSSL security vulnerabilities
1) DTLS invalid fragment vulnerability (CVE-2014-0195)
2) DTLS recursion flaw (CVE-2014-0221)
3) SSL/TLS MITM vulnerability (CVE-2014-0224)
4) Anonymous ECDH denial of service (CVE-2014-3470)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
7 files changed, 303 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch new file mode 100644 index 0000000000..c4195be7be --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Fri, 16 May 2014 13:00:45 +0100 | ||
4 | Subject: [PATCH 1/2] Fix CVE-2014-0221 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Unnecessary recursion when receiving a DTLS hello request can be used to | ||
9 | crash a DTLS client. Fixed by handling DTLS hello request without recursion. | ||
10 | |||
11 | Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. | ||
12 | (cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846) | ||
13 | |||
14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
15 | --- | ||
16 | ssl/d1_both.c | 4 ++-- | ||
17 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
18 | |||
19 | diff --git a/ssl/d1_both.c b/ssl/d1_both.c | ||
20 | index 2c06fc2..820c8f0 100644 | ||
21 | --- a/ssl/d1_both.c | ||
22 | +++ b/ssl/d1_both.c | ||
23 | @@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
24 | int i,al; | ||
25 | struct hm_header_st msg_hdr; | ||
26 | |||
27 | + redo: | ||
28 | /* see if we have the required fragment already */ | ||
29 | if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) | ||
30 | { | ||
31 | @@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
32 | s->msg_callback_arg); | ||
33 | |||
34 | s->init_num = 0; | ||
35 | - return dtls1_get_message_fragment(s, st1, stn, | ||
36 | - max, ok); | ||
37 | + goto redo; | ||
38 | } | ||
39 | else /* Incorrectly formated Hello request */ | ||
40 | { | ||
41 | -- | ||
42 | 1.7.10.4 | ||
43 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch new file mode 100644 index 0000000000..7764658292 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | From 8011cd56e39a433b1837465259a9bd24a38727fb Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Thu, 29 May 2014 15:00:05 +0100 | ||
4 | Subject: [PATCH] Fix CVE-2014-3470 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Check session_cert is not NULL before dereferencing it. | ||
9 | |||
10 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
11 | --- | ||
12 | ssl/s3_clnt.c | 7 +++++++ | ||
13 | 1 file changed, 7 insertions(+) | ||
14 | |||
15 | diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c | ||
16 | index c99a4c4..0457af8 100644 | ||
17 | --- a/ssl/s3_clnt.c | ||
18 | +++ b/ssl/s3_clnt.c | ||
19 | @@ -2512,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s) | ||
20 | int ecdh_clnt_cert = 0; | ||
21 | int field_size = 0; | ||
22 | |||
23 | + if (s->session->sess_cert == NULL) | ||
24 | + { | ||
25 | + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); | ||
26 | + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); | ||
27 | + goto err; | ||
28 | + } | ||
29 | + | ||
30 | /* Did we send out the client's | ||
31 | * ECDH share for use in premaster | ||
32 | * computation as part of client certificate? | ||
33 | -- | ||
34 | 1.7.10.4 | ||
35 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch new file mode 100644 index 0000000000..2fae0e88ac --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 1632ef744872edc2aa2a53d487d3e79c965a4ad3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Tue, 13 May 2014 18:48:31 +0100 | ||
4 | Subject: [PATCH] Fix for CVE-2014-0195 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | MIME-Version: 1.0 | ||
9 | Content-Type: text/plain; charset=UTF-8 | ||
10 | Content-Transfer-Encoding: 8bit | ||
11 | |||
12 | A buffer overrun attack can be triggered by sending invalid DTLS fragments | ||
13 | to an OpenSSL DTLS client or server. This is potentially exploitable to | ||
14 | run arbitrary code on a vulnerable client or server. | ||
15 | |||
16 | Fixed by adding consistency check for DTLS fragments. | ||
17 | |||
18 | Thanks to Jüri Aedla for reporting this issue. | ||
19 | |||
20 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
21 | --- | ||
22 | ssl/d1_both.c | 9 +++++++++ | ||
23 | 1 file changed, 9 insertions(+) | ||
24 | |||
25 | diff --git a/ssl/d1_both.c b/ssl/d1_both.c | ||
26 | index 1bb2e4d..7de9ae4 100644 | ||
27 | --- a/ssl/d1_both.c | ||
28 | +++ b/ssl/d1_both.c | ||
29 | @@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) | ||
30 | frag->msg_header.frag_off = 0; | ||
31 | } | ||
32 | else | ||
33 | + { | ||
34 | frag = (hm_fragment*) item->data; | ||
35 | + if (frag->msg_header.msg_len != msg_hdr->msg_len) | ||
36 | + { | ||
37 | + item = NULL; | ||
38 | + frag = NULL; | ||
39 | + goto err; | ||
40 | + } | ||
41 | + } | ||
42 | + | ||
43 | |||
44 | /* If message is already reassembled, this must be a | ||
45 | * retransmit and can be dropped. | ||
46 | -- | ||
47 | 1.7.10.4 | ||
48 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch new file mode 100644 index 0000000000..9e55a30843 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch | |||
@@ -0,0 +1,109 @@ | |||
1 | From a91be10833e61bcdc9002de28489405101c52650 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Fri, 16 May 2014 12:49:48 +0100 | ||
4 | Subject: [PATCH] Fix for CVE-2014-0224 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Only accept change cipher spec when it is expected instead of at any | ||
9 | time. This prevents premature setting of session keys before the master | ||
10 | secret is determined which an attacker could use as a MITM attack. | ||
11 | |||
12 | Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue | ||
13 | and providing the initial fix this patch is based on. | ||
14 | (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441) | ||
15 | |||
16 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
17 | --- | ||
18 | ssl/s3_clnt.c | 2 ++ | ||
19 | ssl/s3_pkt.c | 9 +++++++++ | ||
20 | ssl/s3_srvr.c | 5 +++++ | ||
21 | ssl/ssl3.h | 1 + | ||
22 | 4 files changed, 17 insertions(+) | ||
23 | |||
24 | diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c | ||
25 | index 5fc9069..34efff8 100644 | ||
26 | --- a/ssl/s3_clnt.c | ||
27 | +++ b/ssl/s3_clnt.c | ||
28 | @@ -599,6 +599,7 @@ int ssl3_connect(SSL *s) | ||
29 | case SSL3_ST_CR_FINISHED_A: | ||
30 | case SSL3_ST_CR_FINISHED_B: | ||
31 | |||
32 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
33 | ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, | ||
34 | SSL3_ST_CR_FINISHED_B); | ||
35 | if (ret <= 0) goto end; | ||
36 | @@ -1051,6 +1052,7 @@ int ssl3_get_server_hello(SSL *s) | ||
37 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
38 | goto f_err; | ||
39 | } | ||
40 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
41 | s->hit=1; | ||
42 | } | ||
43 | else /* a miss or crap from the other end */ | ||
44 | diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c | ||
45 | index 34eb2b4..fb9720f 100644 | ||
46 | --- a/ssl/s3_pkt.c | ||
47 | +++ b/ssl/s3_pkt.c | ||
48 | @@ -1593,6 +1593,15 @@ start: | ||
49 | goto f_err; | ||
50 | } | ||
51 | |||
52 | + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) | ||
53 | + { | ||
54 | + al=SSL_AD_UNEXPECTED_MESSAGE; | ||
55 | + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); | ||
56 | + goto f_err; | ||
57 | + } | ||
58 | + | ||
59 | + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | ||
60 | + | ||
61 | rr->length=0; | ||
62 | |||
63 | if (s->msg_callback) | ||
64 | diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c | ||
65 | index 72fd3e4..31bfe47 100644 | ||
66 | --- a/ssl/s3_srvr.c | ||
67 | +++ b/ssl/s3_srvr.c | ||
68 | @@ -708,6 +708,7 @@ int ssl3_accept(SSL *s) | ||
69 | case SSL3_ST_SR_CERT_VRFY_A: | ||
70 | case SSL3_ST_SR_CERT_VRFY_B: | ||
71 | |||
72 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
73 | /* we should decide if we expected this one */ | ||
74 | ret=ssl3_get_cert_verify(s); | ||
75 | if (ret <= 0) goto end; | ||
76 | @@ -735,6 +736,7 @@ int ssl3_accept(SSL *s) | ||
77 | |||
78 | case SSL3_ST_SR_FINISHED_A: | ||
79 | case SSL3_ST_SR_FINISHED_B: | ||
80 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
81 | ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | ||
82 | SSL3_ST_SR_FINISHED_B); | ||
83 | if (ret <= 0) goto end; | ||
84 | @@ -805,7 +807,10 @@ int ssl3_accept(SSL *s) | ||
85 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
86 | #else | ||
87 | if (s->s3->next_proto_neg_seen) | ||
88 | + { | ||
89 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
90 | s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; | ||
91 | + } | ||
92 | else | ||
93 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
94 | #endif | ||
95 | diff --git a/ssl/ssl3.h b/ssl/ssl3.h | ||
96 | index 8bd201e..82dd76c 100644 | ||
97 | --- a/ssl/ssl3.h | ||
98 | +++ b/ssl/ssl3.h | ||
99 | @@ -428,6 +428,7 @@ typedef struct ssl3_buffer_st | ||
100 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | ||
101 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | ||
102 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | ||
103 | +#define SSL3_FLAGS_CCS_OK 0x0080 | ||
104 | |||
105 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
106 | * restart a handshake because of MS SGC and so prevents us | ||
107 | -- | ||
108 | 1.7.10.4 | ||
109 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch new file mode 100644 index 0000000000..eec6a15b27 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From a7c682fb6f692c9a3868777a7ff305784714c131 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Fri, 16 May 2014 12:55:16 +0100 | ||
4 | Subject: [PATCH 2/2] Additional CVE-2014-0224 protection. | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Return a fatal error if an attempt is made to use a zero length | ||
9 | master secret. | ||
10 | (cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317) | ||
11 | |||
12 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
13 | --- | ||
14 | ssl/s3_pkt.c | 2 +- | ||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c | ||
18 | index 5efc03e..34eb2b4 100644 | ||
19 | --- a/ssl/s3_pkt.c | ||
20 | +++ b/ssl/s3_pkt.c | ||
21 | @@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s) | ||
22 | |||
23 | if (s->s3->tmp.key_block == NULL) | ||
24 | { | ||
25 | - if (s->session == NULL) | ||
26 | + if (s->session == NULL || s->session->master_key_length == 0) | ||
27 | { | ||
28 | /* might happen if dtls1_read_bytes() calls this */ | ||
29 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); | ||
30 | -- | ||
31 | 1.7.10.4 | ||
32 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch new file mode 100644 index 0000000000..5d399315de --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | From fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Sat, 7 Jun 2014 15:21:13 +0100 | ||
4 | Subject: [PATCH 3/3] Make tls_session_secret_cb work with CVE-2014-0224 fix. | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | If application uses tls_session_secret_cb for session resumption | ||
9 | set the CCS_OK flag. | ||
10 | |||
11 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
12 | --- | ||
13 | ssl/s3_clnt.c | 1 + | ||
14 | 1 file changed, 1 insertion(+) | ||
15 | |||
16 | diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c | ||
17 | index 34efff8..cd43873 100644 | ||
18 | --- a/ssl/s3_clnt.c | ||
19 | +++ b/ssl/s3_clnt.c | ||
20 | @@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s) | ||
21 | { | ||
22 | s->session->cipher = pref_cipher ? | ||
23 | pref_cipher : ssl_get_cipher_by_char(s, p+j); | ||
24 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
25 | } | ||
26 | } | ||
27 | #endif /* OPENSSL_NO_TLSEXT */ | ||
28 | -- | ||
29 | 1.7.10.4 | ||
30 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb index dad89f0a22..d7d2b7f00e 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb | |||
@@ -36,6 +36,12 @@ SRC_URI += "file://configure-targets.patch \ | |||
36 | file://find.pl \ | 36 | file://find.pl \ |
37 | file://openssl-fix-des.pod-error.patch \ | 37 | file://openssl-fix-des.pod-error.patch \ |
38 | file://openssl-CVE-2014-0198-fix.patch \ | 38 | file://openssl-CVE-2014-0198-fix.patch \ |
39 | file://0001-Fix-for-CVE-2014-0195.patch \ | ||
40 | file://0001-Fix-CVE-2014-0221.patch \ | ||
41 | file://0001-Fix-for-CVE-2014-0224.patch \ | ||
42 | file://0002-Additional-CVE-2014-0224-protection.patch \ | ||
43 | file://0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch \ | ||
44 | file://0001-Fix-CVE-2014-3470.patch \ | ||
39 | file://run-ptest \ | 45 | file://run-ptest \ |
40 | " | 46 | " |
41 | 47 | ||