From 465c7cf5fbdedb00e98c7172442404f02b69add8 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Mon, 9 Jun 2014 15:11:46 +0200 Subject: Fix for OpenSSL security vulnerabilities 1) DTLS invalid fragment vulnerability (CVE-2014-0195) 2) DTLS recursion flaw (CVE-2014-0221) 3) SSL/TLS MITM vulnerability (CVE-2014-0224) 4) Anonymous ECDH denial of service (CVE-2014-3470) Signed-off-by: Sona Sarmadi Signed-off-by: Maxin B. John --- .../openssl/openssl/0001-Fix-CVE-2014-0221.patch | 43 ++++++++ .../openssl/openssl/0001-Fix-CVE-2014-3470.patch | 35 +++++++ .../openssl/0001-Fix-for-CVE-2014-0195.patch | 48 +++++++++ .../openssl/0001-Fix-for-CVE-2014-0224.patch | 109 +++++++++++++++++++++ .../0002-Additional-CVE-2014-0224-protection.patch | 32 ++++++ ...ssion_secret_cb-work-with-CVE-2014-0224-f.patch | 30 ++++++ .../recipes-connectivity/openssl/openssl_1.0.1g.bb | 6 ++ 7 files changed, 303 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch (limited to 'meta/recipes-connectivity/openssl') diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch new file mode 100644 index 0000000000..c4195be7be --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-0221.patch @@ -0,0 +1,43 @@ +From b4322e1de8be66ff230e26999b766ca1a42f9476 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Fri, 16 May 2014 13:00:45 +0100 +Subject: [PATCH 1/2] Fix CVE-2014-0221 + +Upstream-Status: Backport + +Unnecessary recursion when receiving a DTLS hello request can be used to +crash a DTLS client. Fixed by handling DTLS hello request without recursion. + +Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. +(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846) + +Signed-off-by: Sona Sarmadi +--- + ssl/d1_both.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 2c06fc2..820c8f0 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -789,6 +789,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + int i,al; + struct hm_header_st msg_hdr; + ++ redo: + /* see if we have the required fragment already */ + if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) + { +@@ -847,8 +848,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + s->msg_callback_arg); + + s->init_num = 0; +- return dtls1_get_message_fragment(s, st1, stn, +- max, ok); ++ goto redo; + } + else /* Incorrectly formated Hello request */ + { +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch new file mode 100644 index 0000000000..7764658292 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-CVE-2014-3470.patch @@ -0,0 +1,35 @@ +From 8011cd56e39a433b1837465259a9bd24a38727fb Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Thu, 29 May 2014 15:00:05 +0100 +Subject: [PATCH] Fix CVE-2014-3470 + +Upstream-Status: Backport + +Check session_cert is not NULL before dereferencing it. + +Signed-off-by: Sona Sarmadi +--- + ssl/s3_clnt.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index c99a4c4..0457af8 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -2512,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s) + int ecdh_clnt_cert = 0; + int field_size = 0; + ++ if (s->session->sess_cert == NULL) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); ++ goto err; ++ } ++ + /* Did we send out the client's + * ECDH share for use in premaster + * computation as part of client certificate? +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch new file mode 100644 index 0000000000..2fae0e88ac --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0195.patch @@ -0,0 +1,48 @@ +From 1632ef744872edc2aa2a53d487d3e79c965a4ad3 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Tue, 13 May 2014 18:48:31 +0100 +Subject: [PATCH] Fix for CVE-2014-0195 + +Upstream-Status: Backport + +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A buffer overrun attack can be triggered by sending invalid DTLS fragments +to an OpenSSL DTLS client or server. This is potentially exploitable to +run arbitrary code on a vulnerable client or server. + +Fixed by adding consistency check for DTLS fragments. + +Thanks to Jüri Aedla for reporting this issue. + +Signed-off-by: Sona Sarmadi +--- + ssl/d1_both.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 1bb2e4d..7de9ae4 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) + frag->msg_header.frag_off = 0; + } + else ++ { + frag = (hm_fragment*) item->data; ++ if (frag->msg_header.msg_len != msg_hdr->msg_len) ++ { ++ item = NULL; ++ frag = NULL; ++ goto err; ++ } ++ } ++ + + /* If message is already reassembled, this must be a + * retransmit and can be dropped. +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch new file mode 100644 index 0000000000..9e55a30843 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0001-Fix-for-CVE-2014-0224.patch @@ -0,0 +1,109 @@ +From a91be10833e61bcdc9002de28489405101c52650 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Fri, 16 May 2014 12:49:48 +0100 +Subject: [PATCH] Fix for CVE-2014-0224 + +Upstream-Status: Backport + +Only accept change cipher spec when it is expected instead of at any +time. This prevents premature setting of session keys before the master +secret is determined which an attacker could use as a MITM attack. + +Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue +and providing the initial fix this patch is based on. +(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441) + +Signed-off-by: Sona Sarmadi +--- + ssl/s3_clnt.c | 2 ++ + ssl/s3_pkt.c | 9 +++++++++ + ssl/s3_srvr.c | 5 +++++ + ssl/ssl3.h | 1 + + 4 files changed, 17 insertions(+) + +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index 5fc9069..34efff8 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -599,6 +599,7 @@ int ssl3_connect(SSL *s) + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, + SSL3_ST_CR_FINISHED_B); + if (ret <= 0) goto end; +@@ -1051,6 +1052,7 @@ int ssl3_get_server_hello(SSL *s) + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit=1; + } + else /* a miss or crap from the other end */ +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 34eb2b4..fb9720f 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -1593,6 +1593,15 @@ start: + goto f_err; + } + ++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) ++ { ++ al=SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); ++ goto f_err; ++ } ++ ++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK; ++ + rr->length=0; + + if (s->msg_callback) +diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c +index 72fd3e4..31bfe47 100644 +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -708,6 +708,7 @@ int ssl3_accept(SSL *s) + case SSL3_ST_SR_CERT_VRFY_A: + case SSL3_ST_SR_CERT_VRFY_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + /* we should decide if we expected this one */ + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; +@@ -735,6 +736,7 @@ int ssl3_accept(SSL *s) + + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_SR_FINISHED_B: ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, + SSL3_ST_SR_FINISHED_B); + if (ret <= 0) goto end; +@@ -805,7 +807,10 @@ int ssl3_accept(SSL *s) + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #else + if (s->s3->next_proto_neg_seen) ++ { ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; ++ } + else + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #endif +diff --git a/ssl/ssl3.h b/ssl/ssl3.h +index 8bd201e..82dd76c 100644 +--- a/ssl/ssl3.h ++++ b/ssl/ssl3.h +@@ -428,6 +428,7 @@ typedef struct ssl3_buffer_st + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch new file mode 100644 index 0000000000..eec6a15b27 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0002-Additional-CVE-2014-0224-protection.patch @@ -0,0 +1,32 @@ +From a7c682fb6f692c9a3868777a7ff305784714c131 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Fri, 16 May 2014 12:55:16 +0100 +Subject: [PATCH 2/2] Additional CVE-2014-0224 protection. + +Upstream-Status: Backport + +Return a fatal error if an attempt is made to use a zero length +master secret. +(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317) + +Signed-off-by: Sona Sarmadi +--- + ssl/s3_pkt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 5efc03e..34eb2b4 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -1727,7 +1727,7 @@ int ssl3_do_change_cipher_spec(SSL *s) + + if (s->s3->tmp.key_block == NULL) + { +- if (s->session == NULL) ++ if (s->session == NULL || s->session->master_key_length == 0) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch new file mode 100644 index 0000000000..5d399315de --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch @@ -0,0 +1,30 @@ +From fb8d9ddb9dc19d84dffa84932f75e607c8a3ffe6 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Sat, 7 Jun 2014 15:21:13 +0100 +Subject: [PATCH 3/3] Make tls_session_secret_cb work with CVE-2014-0224 fix. + +Upstream-Status: Backport + +If application uses tls_session_secret_cb for session resumption +set the CCS_OK flag. + +Signed-off-by: Sona Sarmadi +--- + ssl/s3_clnt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index 34efff8..cd43873 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s) + { + s->session->cipher = pref_cipher ? + pref_cipher : ssl_get_cipher_by_char(s, p+j); ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + } + } + #endif /* OPENSSL_NO_TLSEXT */ +-- +1.7.10.4 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb index dad89f0a22..d7d2b7f00e 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb @@ -36,6 +36,12 @@ SRC_URI += "file://configure-targets.patch \ file://find.pl \ file://openssl-fix-des.pod-error.patch \ file://openssl-CVE-2014-0198-fix.patch \ + file://0001-Fix-for-CVE-2014-0195.patch \ + file://0001-Fix-CVE-2014-0221.patch \ + file://0001-Fix-for-CVE-2014-0224.patch \ + file://0002-Additional-CVE-2014-0224-protection.patch \ + file://0003-Make-tls_session_secret_cb-work-with-CVE-2014-0224-f.patch \ + file://0001-Fix-CVE-2014-3470.patch \ file://run-ptest \ " -- cgit v1.2.3-54-g00ecf