openssl: CVE: CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Backported from: https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051 * CVE: CVE-2017-3731 Upstream-status: Backport (From OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70) Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexandru Moise <alexandru.moise@windriver.com> 2017-02-07 13:48:47 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-02-08 12:00:21 +0000
commit: 8ba5b9eae34bbab537954ccee1726c7ee7a82750 (patch)
tree: 23e66063281ba3e18b5e4c583ac9a694fe4c856d /meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
parent: a2f06ef25486bbdc10b1dd5812648c7e909a3643 (diff)
download: poky-8ba5b9eae34bbab537954ccee1726c7ee7a82750.tar.gz
1 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
new file mode 100644
index 0000000000..b56b2d5bd3
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
+From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:16:13 +0200
+Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory. Since hash
+operation is read-only it is not considered to be exploitable
+beyond a DoS condition. Other ciphers were hardened.
+Thanks to Robert Święcki for report.
+CVE-2017-3731
+Backported from upstream commit:
+2198b3a55de681e1f3c23edb0586afe13f438051
+Upstream-Status: Backport
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_aes.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 1734a82..16dcd10 100644
+--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
+@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+         {
+             unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+             /* Correct length for explicit IV */
+           if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+               return 0;
+             len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+             /* If decrypting correct for tag too */
+-            if (!c->encrypt)
+            if (!c->encrypt) {
+               if (len < EVP_GCM_TLS_TAG_LEN)
+                   return 0;
+                 len -= EVP_GCM_TLS_TAG_LEN;
+           }
+             c->buf[arg - 2] = len >> 8;
+             c->buf[arg - 1] = len & 0xff;
+         }
+-- 
+2.10.2
author	Alexandru Moise <alexandru.moise@windriver.com>	2017-02-07 13:48:47 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-02-08 12:00:21 +0000
commit	8ba5b9eae34bbab537954ccee1726c7ee7a82750 (patch)
tree	23e66063281ba3e18b5e4c583ac9a694fe4c856d /meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
parent	a2f06ef25486bbdc10b1dd5812648c7e909a3643 (diff)
download	poky-8ba5b9eae34bbab537954ccee1726c7ee7a82750.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch new file mode 100644 index 0000000000..b56b2d5bd3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
	1	From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
	2	From: Alexandru Moise <alexandru.moise@windriver.com>
	3	Date: Tue, 7 Feb 2017 11:16:13 +0200
	4	Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	Originally a crash in 32-bit build was reported CHACHA20-POLY1305
	10	cipher. The crash is triggered by truncated packet and is result
	11	of excessive hashing to the edge of accessible memory. Since hash
	12	operation is read-only it is not considered to be exploitable
	13	beyond a DoS condition. Other ciphers were hardened.
	14
	15	Thanks to Robert Święcki for report.
	16
	17	CVE-2017-3731
	18
	19	Backported from upstream commit:
	20	2198b3a55de681e1f3c23edb0586afe13f438051
	21
	22	Upstream-Status: Backport
	23
	24	Reviewed-by: Rich Salz <rsalz@openssl.org>
	25	Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
	26	---
	27	crypto/evp/e_aes.c \| 7 ++++++-
	28	1 file changed, 6 insertions(+), 1 deletion(-)
	29
	30	diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
	31	index 1734a82..16dcd10 100644
	32	--- a/crypto/evp/e_aes.c
	33	+++ b/crypto/evp/e_aes.c
	34	@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX c, int type, int arg, void ptr)
	35	{
	36	unsigned int len = c->buf[arg - 2] << 8 \| c->buf[arg - 1];
	37	/* Correct length for explicit IV */
	38	+ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
	39	+ return 0;
	40	len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
	41	/* If decrypting correct for tag too */
	42	- if (!c->encrypt)
	43	+ if (!c->encrypt) {
	44	+ if (len < EVP_GCM_TLS_TAG_LEN)
	45	+ return 0;
	46	len -= EVP_GCM_TLS_TAG_LEN;
	47	+ }
	48	c->buf[arg - 2] = len >> 8;
	49	c->buf[arg - 1] = len & 0xff;
	50	}
	51	--
	52	2.10.2
	53