openssl: CVE: CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Backported from: https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051 * CVE: CVE-2017-3731 Upstream-status: Backport (From OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70) Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexandru Moise <alexandru.moise@windriver.com> 2017-02-07 13:48:47 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-02-08 12:00:21 +0000
commit: 8ba5b9eae34bbab537954ccee1726c7ee7a82750 (patch)
tree: 23e66063281ba3e18b5e4c583ac9a694fe4c856d
parent: a2f06ef25486bbdc10b1dd5812648c7e909a3643 (diff)
download: poky-8ba5b9eae34bbab537954ccee1726c7ee7a82750.tar.gz
3 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
new file mode 100644
index 0000000000..04ef526826
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
@@ -0,0 +1,46 @@
+From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:13:19 +0200
+Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory (or bogus
+MAC value is produced if x86 MD5 assembly module is involved). Since
+hash operation is read-only it is not considered to be exploitable
+beyond a DoS condition.
+Thanks to Robert Święcki for report.
+CVE-2017-3731
+Backported from upstream commit:
+8e20499629b6bcf868d0072c7011e590b5c2294d
+Upstream-Status: Backport
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_rc4_hmac_md5.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
+index 5e92855..3293419 100644
+--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
+@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+             len = p[arg - 2] << 8 | p[arg - 1];
+ 
+             if (!ctx->encrypt) {
+               if (len < MD5_DIGEST_LENGTH)
+                    return -1;
+                 len -= MD5_DIGEST_LENGTH;
+                 p[arg - 2] = len >> 8;
+                 p[arg - 1] = len;
+-- 
+2.10.2
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
new file mode 100644
index 0000000000..b56b2d5bd3
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
+From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:16:13 +0200
+Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory. Since hash
+operation is read-only it is not considered to be exploitable
+beyond a DoS condition. Other ciphers were hardened.
+Thanks to Robert Święcki for report.
+CVE-2017-3731
+Backported from upstream commit:
+2198b3a55de681e1f3c23edb0586afe13f438051
+Upstream-Status: Backport
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_aes.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 1734a82..16dcd10 100644
+--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
+@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+         {
+             unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+             /* Correct length for explicit IV */
+           if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+               return 0;
+             len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+             /* If decrypting correct for tag too */
+-            if (!c->encrypt)
+            if (!c->encrypt) {
+               if (len < EVP_GCM_TLS_TAG_LEN)
+                   return 0;
+                 len -= EVP_GCM_TLS_TAG_LEN;
+           }
+             c->buf[arg - 2] = len >> 8;
+             c->buf[arg - 1] = len & 0xff;
+         }
+-- 
+2.10.2
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
index f2aca36eca..9a7cdedd05 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
@@ -41,6 +41,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
            file://parallel.patch \
            file://openssl-util-perlpath.pl-cwd.patch \
            file://CVE-2016-7055.patch \
+            file://0001-CVE-2017-3731.patch \
+            file://0002-CVE-2017-3731.patch \
           "
 SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
 SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
author	Alexandru Moise <alexandru.moise@windriver.com>	2017-02-07 13:48:47 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-02-08 12:00:21 +0000
commit	8ba5b9eae34bbab537954ccee1726c7ee7a82750 (patch)
tree	23e66063281ba3e18b5e4c583ac9a694fe4c856d
parent	a2f06ef25486bbdc10b1dd5812648c7e909a3643 (diff)
download	poky-8ba5b9eae34bbab537954ccee1726c7ee7a82750.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch new file mode 100644 index 0000000000..04ef526826 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
@@ -0,0 +1,46 @@
		1	From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
		2	From: Alexandru Moise <alexandru.moise@windriver.com>
		3	Date: Tue, 7 Feb 2017 11:13:19 +0200
		4	Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	Originally a crash in 32-bit build was reported CHACHA20-POLY1305
		10	cipher. The crash is triggered by truncated packet and is result
		11	of excessive hashing to the edge of accessible memory (or bogus
		12	MAC value is produced if x86 MD5 assembly module is involved). Since
		13	hash operation is read-only it is not considered to be exploitable
		14	beyond a DoS condition.
		15
		16	Thanks to Robert Święcki for report.
		17
		18	CVE-2017-3731
		19
		20	Backported from upstream commit:
		21	8e20499629b6bcf868d0072c7011e590b5c2294d
		22
		23	Upstream-Status: Backport
		24
		25	Reviewed-by: Rich Salz <rsalz@openssl.org>
		26	Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
		27	---
		28	crypto/evp/e_rc4_hmac_md5.c \| 2 ++
		29	1 file changed, 2 insertions(+)
		30
		31	diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
		32	index 5e92855..3293419 100644
		33	--- a/crypto/evp/e_rc4_hmac_md5.c
		34	+++ b/crypto/evp/e_rc4_hmac_md5.c
		35	@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
		36	len = p[arg - 2] << 8 \| p[arg - 1];
		37
		38	if (!ctx->encrypt) {
		39	+ if (len < MD5_DIGEST_LENGTH)
		40	+ return -1;
		41	len -= MD5_DIGEST_LENGTH;
		42	p[arg - 2] = len >> 8;
		43	p[arg - 1] = len;
		44	--
		45	2.10.2
		46


diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch new file mode 100644 index 0000000000..b56b2d5bd3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
		1	From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
		2	From: Alexandru Moise <alexandru.moise@windriver.com>
		3	Date: Tue, 7 Feb 2017 11:16:13 +0200
		4	Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=UTF-8
		7	Content-Transfer-Encoding: 8bit
		8
		9	Originally a crash in 32-bit build was reported CHACHA20-POLY1305
		10	cipher. The crash is triggered by truncated packet and is result
		11	of excessive hashing to the edge of accessible memory. Since hash
		12	operation is read-only it is not considered to be exploitable
		13	beyond a DoS condition. Other ciphers were hardened.
		14
		15	Thanks to Robert Święcki for report.
		16
		17	CVE-2017-3731
		18
		19	Backported from upstream commit:
		20	2198b3a55de681e1f3c23edb0586afe13f438051
		21
		22	Upstream-Status: Backport
		23
		24	Reviewed-by: Rich Salz <rsalz@openssl.org>
		25	Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
		26	---
		27	crypto/evp/e_aes.c \| 7 ++++++-
		28	1 file changed, 6 insertions(+), 1 deletion(-)
		29
		30	diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
		31	index 1734a82..16dcd10 100644
		32	--- a/crypto/evp/e_aes.c
		33	+++ b/crypto/evp/e_aes.c
		34	@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX c, int type, int arg, void ptr)
		35	{
		36	unsigned int len = c->buf[arg - 2] << 8 \| c->buf[arg - 1];
		37	/* Correct length for explicit IV */
		38	+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
		39	+ return 0;
		40	len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
		41	/* If decrypting correct for tag too */
		42	- if (!c->encrypt)
		43	+ if (!c->encrypt) {
		44	+ if (len < EVP_GCM_TLS_TAG_LEN)
		45	+ return 0;
		46	len -= EVP_GCM_TLS_TAG_LEN;
		47	+ }
		48	c->buf[arg - 2] = len >> 8;
		49	c->buf[arg - 1] = len & 0xff;
		50	}
		51	--
		52	2.10.2
		53


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb index f2aca36eca..9a7cdedd05 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
@@ -41,6 +41,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
41	file://parallel.patch \	41	file://parallel.patch \
42	file://openssl-util-perlpath.pl-cwd.patch \	42	file://openssl-util-perlpath.pl-cwd.patch \
43	file://CVE-2016-7055.patch \	43	file://CVE-2016-7055.patch \
		44	file://0001-CVE-2017-3731.patch \
		45	file://0002-CVE-2017-3731.patch \
44	"	46	"
45	SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"	47	SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
46	SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"	48	SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"