diff options
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch new file mode 100644 index 0000000000..6a6b829505 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch | |||
@@ -0,0 +1,172 @@ | |||
1 | From a8565530e27718760220df469f0a071c85b9e731 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Dr. Stephen Henson" <steve@openssl.org> | ||
3 | Date: Sat, 20 Dec 2014 15:09:50 +0000 | ||
4 | Subject: [PATCH] Fix various certificate fingerprint issues. | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | By using non-DER or invalid encodings outside the signed portion of a | ||
10 | certificate the fingerprint can be changed without breaking the signature. | ||
11 | Although no details of the signed portion of the certificate can be changed | ||
12 | this can cause problems with some applications: e.g. those using the | ||
13 | certificate fingerprint for blacklists. | ||
14 | |||
15 | 1. Reject signatures with non zero unused bits. | ||
16 | |||
17 | If the BIT STRING containing the signature has non zero unused bits reject | ||
18 | the signature. All current signature algorithms require zero unused bits. | ||
19 | |||
20 | 2. Check certificate algorithm consistency. | ||
21 | |||
22 | Check the AlgorithmIdentifier inside TBS matches the one in the | ||
23 | certificate signature. NB: this will result in signature failure | ||
24 | errors for some broken certificates. | ||
25 | |||
26 | 3. Check DSA/ECDSA signatures use DER. | ||
27 | |||
28 | Reencode DSA/ECDSA signatures and compare with the original received | ||
29 | signature. Return an error if there is a mismatch. | ||
30 | |||
31 | This will reject various cases including garbage after signature | ||
32 | (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS | ||
33 | program for discovering this case) and use of BER or invalid ASN.1 INTEGERs | ||
34 | (negative or with leading zeroes). | ||
35 | |||
36 | CVE-2014-8275 | ||
37 | |||
38 | Upstream-Status: Backport | ||
39 | |||
40 | Reviewed-by: Emilia Käsper <emilia@openssl.org> | ||
41 | |||
42 | (cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e) | ||
43 | |||
44 | Conflicts: | ||
45 | Changes in the "CHANGES" file have been removed from this pacth since | ||
46 | it fails to apply. These cahnges have been added manually in another patch. | ||
47 | |||
48 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
49 | --- | ||
50 | CHANGES | 37 +++++++++++++++++++++++++++++++++++++ | ||
51 | crypto/asn1/a_verify.c | 12 ++++++++++++ | ||
52 | crypto/dsa/dsa_asn1.c | 14 +++++++++++++- | ||
53 | crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- | ||
54 | crypto/x509/x_all.c | 2 ++ | ||
55 | 5 files changed, 78 insertions(+), 2 deletions(-) | ||
56 | |||
57 | diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c | ||
58 | index fc84cd3..a571009 100644 | ||
59 | --- a/crypto/asn1/a_verify.c | ||
60 | +++ b/crypto/asn1/a_verify.c | ||
61 | @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, | ||
62 | ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | ||
63 | goto err; | ||
64 | } | ||
65 | + | ||
66 | + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) | ||
67 | + { | ||
68 | + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | ||
69 | + goto err; | ||
70 | + } | ||
71 | |||
72 | inl=i2d(data,NULL); | ||
73 | buf_in=OPENSSL_malloc((unsigned int)inl); | ||
74 | @@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, | ||
75 | return -1; | ||
76 | } | ||
77 | |||
78 | + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) | ||
79 | + { | ||
80 | + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | ||
81 | + return -1; | ||
82 | + } | ||
83 | + | ||
84 | EVP_MD_CTX_init(&ctx); | ||
85 | |||
86 | /* Convert signature OID into digest and public key OIDs */ | ||
87 | diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c | ||
88 | index 6058534..473af87 100644 | ||
89 | --- a/crypto/dsa/dsa_asn1.c | ||
90 | +++ b/crypto/dsa/dsa_asn1.c | ||
91 | @@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, | ||
92 | const unsigned char *sigbuf, int siglen, DSA *dsa) | ||
93 | { | ||
94 | DSA_SIG *s; | ||
95 | + const unsigned char *p = sigbuf; | ||
96 | + unsigned char *der = NULL; | ||
97 | + int derlen = -1; | ||
98 | int ret=-1; | ||
99 | |||
100 | s = DSA_SIG_new(); | ||
101 | if (s == NULL) return(ret); | ||
102 | - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; | ||
103 | + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; | ||
104 | + /* Ensure signature uses DER and doesn't have trailing garbage */ | ||
105 | + derlen = i2d_DSA_SIG(s, &der); | ||
106 | + if (derlen != siglen || memcmp(sigbuf, der, derlen)) | ||
107 | + goto err; | ||
108 | ret=DSA_do_verify(dgst,dgst_len,s,dsa); | ||
109 | err: | ||
110 | + if (derlen > 0) | ||
111 | + { | ||
112 | + OPENSSL_cleanse(der, derlen); | ||
113 | + OPENSSL_free(der); | ||
114 | + } | ||
115 | DSA_SIG_free(s); | ||
116 | return(ret); | ||
117 | } | ||
118 | diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c | ||
119 | index ef9acf7..2836efe 100644 | ||
120 | --- a/crypto/ecdsa/ecs_vrf.c | ||
121 | +++ b/crypto/ecdsa/ecs_vrf.c | ||
122 | @@ -57,6 +57,7 @@ | ||
123 | */ | ||
124 | |||
125 | #include "ecs_locl.h" | ||
126 | +#include "cryptlib.h" | ||
127 | #ifndef OPENSSL_NO_ENGINE | ||
128 | #include <openssl/engine.h> | ||
129 | #endif | ||
130 | @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, | ||
131 | const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) | ||
132 | { | ||
133 | ECDSA_SIG *s; | ||
134 | + const unsigned char *p = sigbuf; | ||
135 | + unsigned char *der = NULL; | ||
136 | + int derlen = -1; | ||
137 | int ret=-1; | ||
138 | |||
139 | s = ECDSA_SIG_new(); | ||
140 | if (s == NULL) return(ret); | ||
141 | - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; | ||
142 | + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; | ||
143 | + /* Ensure signature uses DER and doesn't have trailing garbage */ | ||
144 | + derlen = i2d_ECDSA_SIG(s, &der); | ||
145 | + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) | ||
146 | + goto err; | ||
147 | ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); | ||
148 | err: | ||
149 | + if (derlen > 0) | ||
150 | + { | ||
151 | + OPENSSL_cleanse(der, derlen); | ||
152 | + OPENSSL_free(der); | ||
153 | + } | ||
154 | ECDSA_SIG_free(s); | ||
155 | return(ret); | ||
156 | } | ||
157 | diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c | ||
158 | index e06602d..fef55f8 100644 | ||
159 | --- a/crypto/x509/x_all.c | ||
160 | +++ b/crypto/x509/x_all.c | ||
161 | @@ -72,6 +72,8 @@ | ||
162 | |||
163 | int X509_verify(X509 *a, EVP_PKEY *r) | ||
164 | { | ||
165 | + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) | ||
166 | + return 0; | ||
167 | return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, | ||
168 | a->signature,a->cert_info,r)); | ||
169 | } | ||
170 | -- | ||
171 | 1.9.1 | ||
172 | |||