diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch new file mode 100644 index 0000000000..9e55a30843 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch | |||
@@ -0,0 +1,109 @@ | |||
1 | From a91be10833e61bcdc9002de28489405101c52650 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Fri, 16 May 2014 12:49:48 +0100 | ||
4 | Subject: [PATCH] Fix for CVE-2014-0224 | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Only accept change cipher spec when it is expected instead of at any | ||
9 | time. This prevents premature setting of session keys before the master | ||
10 | secret is determined which an attacker could use as a MITM attack. | ||
11 | |||
12 | Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue | ||
13 | and providing the initial fix this patch is based on. | ||
14 | (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441) | ||
15 | |||
16 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
17 | --- | ||
18 | ssl/s3_clnt.c | 2 ++ | ||
19 | ssl/s3_pkt.c | 9 +++++++++ | ||
20 | ssl/s3_srvr.c | 5 +++++ | ||
21 | ssl/ssl3.h | 1 + | ||
22 | 4 files changed, 17 insertions(+) | ||
23 | |||
24 | diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c | ||
25 | index 5fc9069..34efff8 100644 | ||
26 | --- a/ssl/s3_clnt.c | ||
27 | +++ b/ssl/s3_clnt.c | ||
28 | @@ -599,6 +599,7 @@ int ssl3_connect(SSL *s) | ||
29 | case SSL3_ST_CR_FINISHED_A: | ||
30 | case SSL3_ST_CR_FINISHED_B: | ||
31 | |||
32 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
33 | ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, | ||
34 | SSL3_ST_CR_FINISHED_B); | ||
35 | if (ret <= 0) goto end; | ||
36 | @@ -1051,6 +1052,7 @@ int ssl3_get_server_hello(SSL *s) | ||
37 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
38 | goto f_err; | ||
39 | } | ||
40 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
41 | s->hit=1; | ||
42 | } | ||
43 | else /* a miss or crap from the other end */ | ||
44 | diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c | ||
45 | index 34eb2b4..fb9720f 100644 | ||
46 | --- a/ssl/s3_pkt.c | ||
47 | +++ b/ssl/s3_pkt.c | ||
48 | @@ -1593,6 +1593,15 @@ start: | ||
49 | goto f_err; | ||
50 | } | ||
51 | |||
52 | + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) | ||
53 | + { | ||
54 | + al=SSL_AD_UNEXPECTED_MESSAGE; | ||
55 | + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); | ||
56 | + goto f_err; | ||
57 | + } | ||
58 | + | ||
59 | + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | ||
60 | + | ||
61 | rr->length=0; | ||
62 | |||
63 | if (s->msg_callback) | ||
64 | diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c | ||
65 | index 72fd3e4..31bfe47 100644 | ||
66 | --- a/ssl/s3_srvr.c | ||
67 | +++ b/ssl/s3_srvr.c | ||
68 | @@ -708,6 +708,7 @@ int ssl3_accept(SSL *s) | ||
69 | case SSL3_ST_SR_CERT_VRFY_A: | ||
70 | case SSL3_ST_SR_CERT_VRFY_B: | ||
71 | |||
72 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
73 | /* we should decide if we expected this one */ | ||
74 | ret=ssl3_get_cert_verify(s); | ||
75 | if (ret <= 0) goto end; | ||
76 | @@ -735,6 +736,7 @@ int ssl3_accept(SSL *s) | ||
77 | |||
78 | case SSL3_ST_SR_FINISHED_A: | ||
79 | case SSL3_ST_SR_FINISHED_B: | ||
80 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
81 | ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | ||
82 | SSL3_ST_SR_FINISHED_B); | ||
83 | if (ret <= 0) goto end; | ||
84 | @@ -805,7 +807,10 @@ int ssl3_accept(SSL *s) | ||
85 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
86 | #else | ||
87 | if (s->s3->next_proto_neg_seen) | ||
88 | + { | ||
89 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
90 | s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; | ||
91 | + } | ||
92 | else | ||
93 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
94 | #endif | ||
95 | diff --git a/ssl/ssl3.h b/ssl/ssl3.h | ||
96 | index 8bd201e..82dd76c 100644 | ||
97 | --- a/ssl/ssl3.h | ||
98 | +++ b/ssl/ssl3.h | ||
99 | @@ -428,6 +428,7 @@ typedef struct ssl3_buffer_st | ||
100 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | ||
101 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | ||
102 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | ||
103 | +#define SSL3_FLAGS_CCS_OK 0x0080 | ||
104 | |||
105 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
106 | * restart a handshake because of MS SGC and so prevents us | ||
107 | -- | ||
108 | 1.7.10.4 | ||
109 | |||