summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggleton <paul.eggleton@linux.intel.com>2014-06-09 11:27:20 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-06-10 17:36:44 +0100
commite5ac7abc95e2dae623a1995db22a214ebf724f03 (patch)
treef911180f3591a34b23d291b0a3fafec01d500573
parentd3bc30f75be8dc4d0e503701de106e25fc15da13 (diff)
downloadpoky-e5ac7abc95e2dae623a1995db22a214ebf724f03.tar.gz
openssl: fix CVE-2014-0224
From the OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt SSL/TLS MITM vulnerability (CVE-2014-0224) An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. (Patch borrowed from Fedora.) (From OE-Core rev: 50050c9c2449d14a0d3da91eed5d16cddce9cf76) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch103
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.1e.bb1
2 files changed, 104 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
new file mode 100644
index 0000000000..0ed1d12551
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch
@@ -0,0 +1,103 @@
1Fix for CVE-2014-0224
2
3Only accept change cipher spec when it is expected instead of at any
4time. This prevents premature setting of session keys before the master
5secret is determined which an attacker could use as a MITM attack.
6
7Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
8and providing the initial fix this patch is based on.
9
10
11Patch borrowed from Fedora
12Upstream-Status: Backport
13Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
14
15
16diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
17--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
18+++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
19@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
20 #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
21 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
22 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
23+#define SSL3_FLAGS_CCS_OK 0x0080
24
25 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
26 * restart a handshake because of MS SGC and so prevents us
27diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
28--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
29+++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
30@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
31 case SSL3_ST_CR_FINISHED_A:
32 case SSL3_ST_CR_FINISHED_B:
33
34+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
35 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
36 SSL3_ST_CR_FINISHED_B);
37 if (ret <= 0) goto end;
38@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
39 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
40 goto f_err;
41 }
42+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
43 s->hit=1;
44 }
45 else /* a miss or crap from the other end */
46diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
47--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
48+++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
49@@ -1298,6 +1298,15 @@ start:
50 goto f_err;
51 }
52
53+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
54+ {
55+ al=SSL_AD_UNEXPECTED_MESSAGE;
56+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
57+ goto f_err;
58+ }
59+
60+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
61+
62 rr->length=0;
63
64 if (s->msg_callback)
65@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
66
67 if (s->s3->tmp.key_block == NULL)
68 {
69- if (s->session == NULL)
70+ if (s->session == NULL || s->session->master_key_length == 0)
71 {
72 /* might happen if dtls1_read_bytes() calls this */
73 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
74diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
75--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
76+++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
77@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
78 case SSL3_ST_SR_CERT_VRFY_A:
79 case SSL3_ST_SR_CERT_VRFY_B:
80
81+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
82 /* we should decide if we expected this one */
83 ret=ssl3_get_cert_verify(s);
84 if (ret <= 0) goto end;
85@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
86
87 case SSL3_ST_SR_FINISHED_A:
88 case SSL3_ST_SR_FINISHED_B:
89+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
90 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
91 SSL3_ST_SR_FINISHED_B);
92 if (ret <= 0) goto end;
93@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
94 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
95 #else
96 if (s->s3->next_proto_neg_seen)
97+ {
98+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
99 s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
100+ }
101 else
102 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
103 #endif
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 738f085059..1de9d3cc56 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -39,6 +39,7 @@ SRC_URI += "file://configure-targets.patch \
39 file://openssl-1.0.1e-cve-2014-0195.patch \ 39 file://openssl-1.0.1e-cve-2014-0195.patch \
40 file://openssl-1.0.1e-cve-2014-0198.patch \ 40 file://openssl-1.0.1e-cve-2014-0198.patch \
41 file://openssl-1.0.1e-cve-2014-0221.patch \ 41 file://openssl-1.0.1e-cve-2014-0221.patch \
42 file://openssl-1.0.1e-cve-2014-0224.patch \
42 " 43 "
43 44
44SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" 45SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"