diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch | 103 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 |
2 files changed, 104 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch new file mode 100644 index 0000000000..0ed1d12551 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch | |||
@@ -0,0 +1,103 @@ | |||
1 | Fix for CVE-2014-0224 | ||
2 | |||
3 | Only accept change cipher spec when it is expected instead of at any | ||
4 | time. This prevents premature setting of session keys before the master | ||
5 | secret is determined which an attacker could use as a MITM attack. | ||
6 | |||
7 | Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue | ||
8 | and providing the initial fix this patch is based on. | ||
9 | |||
10 | |||
11 | Patch borrowed from Fedora | ||
12 | Upstream-Status: Backport | ||
13 | Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
14 | |||
15 | |||
16 | diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h | ||
17 | --- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200 | ||
18 | +++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200 | ||
19 | @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st | ||
20 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | ||
21 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | ||
22 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | ||
23 | +#define SSL3_FLAGS_CCS_OK 0x0080 | ||
24 | |||
25 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
26 | * restart a handshake because of MS SGC and so prevents us | ||
27 | diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c | ||
28 | --- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100 | ||
29 | +++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200 | ||
30 | @@ -559,6 +559,7 @@ int ssl3_connect(SSL *s) | ||
31 | case SSL3_ST_CR_FINISHED_A: | ||
32 | case SSL3_ST_CR_FINISHED_B: | ||
33 | |||
34 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
35 | ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, | ||
36 | SSL3_ST_CR_FINISHED_B); | ||
37 | if (ret <= 0) goto end; | ||
38 | @@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s) | ||
39 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
40 | goto f_err; | ||
41 | } | ||
42 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
43 | s->hit=1; | ||
44 | } | ||
45 | else /* a miss or crap from the other end */ | ||
46 | diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c | ||
47 | --- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200 | ||
48 | +++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200 | ||
49 | @@ -1298,6 +1298,15 @@ start: | ||
50 | goto f_err; | ||
51 | } | ||
52 | |||
53 | + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) | ||
54 | + { | ||
55 | + al=SSL_AD_UNEXPECTED_MESSAGE; | ||
56 | + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); | ||
57 | + goto f_err; | ||
58 | + } | ||
59 | + | ||
60 | + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | ||
61 | + | ||
62 | rr->length=0; | ||
63 | |||
64 | if (s->msg_callback) | ||
65 | @@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s) | ||
66 | |||
67 | if (s->s3->tmp.key_block == NULL) | ||
68 | { | ||
69 | - if (s->session == NULL) | ||
70 | + if (s->session == NULL || s->session->master_key_length == 0) | ||
71 | { | ||
72 | /* might happen if dtls1_read_bytes() calls this */ | ||
73 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); | ||
74 | diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c | ||
75 | --- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200 | ||
76 | +++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200 | ||
77 | @@ -673,6 +673,7 @@ int ssl3_accept(SSL *s) | ||
78 | case SSL3_ST_SR_CERT_VRFY_A: | ||
79 | case SSL3_ST_SR_CERT_VRFY_B: | ||
80 | |||
81 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
82 | /* we should decide if we expected this one */ | ||
83 | ret=ssl3_get_cert_verify(s); | ||
84 | if (ret <= 0) goto end; | ||
85 | @@ -700,6 +701,7 @@ int ssl3_accept(SSL *s) | ||
86 | |||
87 | case SSL3_ST_SR_FINISHED_A: | ||
88 | case SSL3_ST_SR_FINISHED_B: | ||
89 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
90 | ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | ||
91 | SSL3_ST_SR_FINISHED_B); | ||
92 | if (ret <= 0) goto end; | ||
93 | @@ -770,7 +772,10 @@ int ssl3_accept(SSL *s) | ||
94 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
95 | #else | ||
96 | if (s->s3->next_proto_neg_seen) | ||
97 | + { | ||
98 | + s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
99 | s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; | ||
100 | + } | ||
101 | else | ||
102 | s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | ||
103 | #endif | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb index d4084dea1b..64e8f827b8 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb | |||
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \ | |||
37 | file://openssl-1.0.1e-cve-2014-0195.patch \ | 37 | file://openssl-1.0.1e-cve-2014-0195.patch \ |
38 | file://openssl-1.0.1e-cve-2014-0198.patch \ | 38 | file://openssl-1.0.1e-cve-2014-0198.patch \ |
39 | file://openssl-1.0.1e-cve-2014-0221.patch \ | 39 | file://openssl-1.0.1e-cve-2014-0221.patch \ |
40 | file://openssl-1.0.1e-cve-2014-0224.patch \ | ||
40 | file://openssl-CVE-2010-5298.patch \ | 41 | file://openssl-CVE-2010-5298.patch \ |
41 | " | 42 | " |
42 | 43 | ||