summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2014-06-09 15:11:46 +0200
committerTudor Florea <tudor.florea@enea.com>2015-07-06 20:17:19 +0200
commit465c7cf5fbdedb00e98c7172442404f02b69add8 (patch)
tree259ce9e66f252ed61143855b4a6c1432af6a3215
parentf4cf9fe05bb3f32fabea4e54dd92d368967a80da (diff)
downloadpoky-465c7cf5fbdedb00e98c7172442404f02b69add8.tar.gz
Fix for OpenSSL security vulnerabilities
1) DTLS invalid fragment vulnerability (CVE-2014-0195) 2) DTLS recursion flaw (CVE-2014-0221) 3) SSL/TLS MITM vulnerability (CVE-2014-0224) 4) Anonymous ECDH denial of service (CVE-2014-3470) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch43
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch35
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch48
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch109
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch32
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch30
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1g.bb6
7 files changed, 303 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch
new file mode 100644
index 0000000000..c4195be7be
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch
@@ -0,0 +1,43 @@
1From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Fri, 16 May 2014 13:00:45 +0100
4Subject: [PATCH 1/2] Fix CVE-2014-0221
5
6Upstream-Status: Backport
7
8Unnecessary recursion when receiving a DTLS hello request can be used to
9crash a DTLS client. Fixed by handling DTLS hello request without recursion.
10
11Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
12(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
13
14Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
15---
16 ssl/d1_both.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/ssl/d1_both.c b/ssl/d1_both.c
20index 2c06fc2..820c8f0 100644
21--- a/ssl/d1_both.c
22+++ b/ssl/d1_both.c
23@@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
24 int i,al;
25 struct hm_header_st msg_hdr;
26
27+ redo:
28 /* see if we have the required fragment already */
29 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
30 {
31@@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
32 s->msg_callback_arg);
33
34 s->init_num = 0;
35- return dtls1_get_message_fragment(s, st1, stn,
36- max, ok);
37+ goto redo;
38 }
39 else /* Incorrectly formated Hello request */
40 {
41--
421.7.10.4
43
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch
new file mode 100644
index 0000000000..7764658292
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch
@@ -0,0 +1,35 @@
1From 8011cd56e39a433b1837465259a9bd24a38727fb Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Thu, 29 May 2014 15:00:05 +0100
4Subject: [PATCH] Fix CVE-2014-3470
5
6Upstream-Status: Backport
7
8Check session_cert is not NULL before dereferencing it.
9
10Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
11---
12 ssl/s3_clnt.c | 7 +++++++
13 1 file changed, 7 insertions(+)
14
15diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
16index c99a4c4..0457af8 100644
17--- a/ssl/s3_clnt.c
18+++ b/ssl/s3_clnt.c
19@@ -2512,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s)
20 int ecdh_clnt_cert = 0;
21 int field_size = 0;
22
23+ if (s->session->sess_cert == NULL)
24+ {
25+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
26+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
27+ goto err;
28+ }
29+
30 /* Did we send out the client's
31 * ECDH share for use in premaster
32 * computation as part of client certificate?
33--
341.7.10.4
35
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch
new file mode 100644
index 0000000000..2fae0e88ac
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch
@@ -0,0 +1,48 @@
1From 1632ef744872edc2aa2a53d487d3e79c965a4ad3 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Tue, 13 May 2014 18:48:31 +0100
4Subject: [PATCH] Fix for CVE-2014-0195
5
6Upstream-Status: Backport
7
8MIME-Version: 1.0
9Content-Type: text/plain; charset=UTF-8
10Content-Transfer-Encoding: 8bit
11
12A buffer overrun attack can be triggered by sending invalid DTLS fragments
13to an OpenSSL DTLS client or server. This is potentially exploitable to
14run arbitrary code on a vulnerable client or server.
15
16Fixed by adding consistency check for DTLS fragments.
17
18Thanks to Jüri Aedla for reporting this issue.
19
20Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
21---
22 ssl/d1_both.c | 9 +++++++++
23 1 file changed, 9 insertions(+)
24
25diff --git a/ssl/d1_both.c b/ssl/d1_both.c
26index 1bb2e4d..7de9ae4 100644
27--- a/ssl/d1_both.c
28+++ b/ssl/d1_both.c
29@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
30 frag->msg_header.frag_off = 0;
31 }
32 else
33+ {
34 frag = (hm_fragment*) item->data;
35+ if (frag->msg_header.msg_len != msg_hdr->msg_len)
36+ {
37+ item = NULL;
38+ frag = NULL;
39+ goto err;
40+ }
41+ }
42+
43
44 /* If message is already reassembled, this must be a
45 * retransmit and can be dropped.
46--
471.7.10.4
48
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch
new file mode 100644
index 0000000000..9e55a30843
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch
@@ -0,0 +1,109 @@
1From a91be10833e61bcdc9002de28489405101c52650 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Fri, 16 May 2014 12:49:48 +0100
4Subject: [PATCH] Fix for CVE-2014-0224
5
6Upstream-Status: Backport
7
8Only accept change cipher spec when it is expected instead of at any
9time. This prevents premature setting of session keys before the master
10secret is determined which an attacker could use as a MITM attack.
11
12Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
13and providing the initial fix this patch is based on.
14(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
15
16Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
17---
18 ssl/s3_clnt.c | 2 ++
19 ssl/s3_pkt.c | 9 +++++++++
20 ssl/s3_srvr.c | 5 +++++
21 ssl/ssl3.h | 1 +
22 4 files changed, 17 insertions(+)
23
24diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
25index 5fc9069..34efff8 100644
26--- a/ssl/s3_clnt.c
27+++ b/ssl/s3_clnt.c
28@@ -599,6 +599,7 @@ int ssl3_connect(SSL *s)
29 case SSL3_ST_CR_FINISHED_A:
30 case SSL3_ST_CR_FINISHED_B:
31
32+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
33 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
34 SSL3_ST_CR_FINISHED_B);
35 if (ret <= 0) goto end;
36@@ -1051,6 +1052,7 @@ int ssl3_get_server_hello(SSL *s)
37 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
38 goto f_err;
39 }
40+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
41 s->hit=1;
42 }
43 else /* a miss or crap from the other end */
44diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
45index 34eb2b4..fb9720f 100644
46--- a/ssl/s3_pkt.c
47+++ b/ssl/s3_pkt.c
48@@ -1593,6 +1593,15 @@ start:
49 goto f_err;
50 }
51
52+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
53+ {
54+ al=SSL_AD_UNEXPECTED_MESSAGE;
55+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
56+ goto f_err;
57+ }
58+
59+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
60+
61 rr->length=0;
62
63 if (s->msg_callback)
64diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
65index 72fd3e4..31bfe47 100644
66--- a/ssl/s3_srvr.c
67+++ b/ssl/s3_srvr.c
68@@ -708,6 +708,7 @@ int ssl3_accept(SSL *s)
69 case SSL3_ST_SR_CERT_VRFY_A:
70 case SSL3_ST_SR_CERT_VRFY_B:
71
72+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
73 /* we should decide if we expected this one */
74 ret=ssl3_get_cert_verify(s);
75 if (ret <= 0) goto end;
76@@ -735,6 +736,7 @@ int ssl3_accept(SSL *s)
77
78 case SSL3_ST_SR_FINISHED_A:
79 case SSL3_ST_SR_FINISHED_B:
80+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
81 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
82 SSL3_ST_SR_FINISHED_B);
83 if (ret <= 0) goto end;
84@@ -805,7 +807,10 @@ int ssl3_accept(SSL *s)
85 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
86 #else
87 if (s->s3->next_proto_neg_seen)
88+ {
89+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
90 s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
91+ }
92 else
93 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
94 #endif
95diff --git a/ssl/ssl3.h b/ssl/ssl3.h
96index 8bd201e..82dd76c 100644
97--- a/ssl/ssl3.h
98+++ b/ssl/ssl3.h
99@@ -428,6 +428,7 @@ typedef struct ssl3_buffer_st
100 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
101 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
102 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
103+#define SSL3_FLAGS_CCS_OK 0x0080
104
105 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
106 * restart a handshake because of MS SGC and so prevents us
107--
1081.7.10.4
109
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch
new file mode 100644
index 0000000000..eec6a15b27
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch
@@ -0,0 +1,32 @@
1From a7c682fb6f692c9a3868777a7ff305784714c131 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Fri, 16 May 2014 12:55:16 +0100
4Subject: [PATCH 2/2] Additional CVE-2014-0224 protection.
5
6Upstream-Status: Backport
7
8Return a fatal error if an attempt is made to use a zero length
9master secret.
10(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
11
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13---
14 ssl/s3_pkt.c | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
18index 5efc03e..34eb2b4 100644
19--- a/ssl/s3_pkt.c
20+++ b/ssl/s3_pkt.c
21@@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
22
23 if (s->s3->tmp.key_block == NULL)
24 {
25- if (s->session == NULL)
26+ if (s->session == NULL || s->session->master_key_length == 0)
27 {
28 /* might happen if dtls1_read_bytes() calls this */
29 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
30--
311.7.10.4
32
diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch
new file mode 100644
index 0000000000..5d399315de
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch
@@ -0,0 +1,30 @@
1From fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Sat, 7 Jun 2014 15:21:13 +0100
4Subject: [PATCH 3/3] Make tls_session_secret_cb work with CVE-2014-0224 fix.
5
6Upstream-Status: Backport
7
8If application uses tls_session_secret_cb for session resumption
9set the CCS_OK flag.
10
11Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
12---
13 ssl/s3_clnt.c | 1 +
14 1 file changed, 1 insertion(+)
15
16diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
17index 34efff8..cd43873 100644
18--- a/ssl/s3_clnt.c
19+++ b/ssl/s3_clnt.c
20@@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s)
21 {
22 s->session->cipher = pref_cipher ?
23 pref_cipher : ssl_get_cipher_by_char(s, p+j);
24+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
25 }
26 }
27 #endif /* OPENSSL_NO_TLSEXT */
28--
291.7.10.4
30
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index dad89f0a22..d7d2b7f00e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -36,6 +36,12 @@ SRC_URI += "file://configure-targets.patch \
36 file://find.pl \ 36 file://find.pl \
37 file://openssl-fix-des.pod-error.patch \ 37 file://openssl-fix-des.pod-error.patch \
38 file://openssl-CVE-2014-0198-fix.patch \ 38 file://openssl-CVE-2014-0198-fix.patch \
39 file://0001-Fix-for-CVE-2014-0195.patch \
40 file://0001-Fix-CVE-2014-0221.patch \
41 file://0001-Fix-for-CVE-2014-0224.patch \
42 file://0002-Additional-CVE-2014-0224-protection.patch \
43 file://0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch \
44 file://0001-Fix-CVE-2014-3470.patch \
39 file://run-ptest \ 45 file://run-ptest \
40 " 46 "
41 47