openssl: backport fix for CVE-2014-0160

Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More information here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Patch borrowed from Debian; this is just a tweaked version of the upstream commit (without patching the CHANGES file which otherwise would fail to apply on top of this version). (From OE-Core rev: c3acfdfe0c0c3579c5f469f10b87a2926214ba5d) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Paul Eggleton <paul.eggleton@linux.intel.com> 2014-04-08 19:15:08 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-04-09 09:00:40 +0100
commit: 609ae3928477294e769b9aee54b818c625723b14 (patch)
tree: 82ed9293a396d5c79cf17fb6488898a3b71926de
parent: 7f9dd3ff42f4016ffc93690e29d633ee41c661af (diff)
download: poky-609ae3928477294e769b9aee54b818c625723b14.tar.gz
2 files changed, 119 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
new file mode 100644
index 0000000000..c06cd64fc6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
@@ -0,0 +1,118 @@
+From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sun, 6 Apr 2014 00:51:06 +0100
+Subject: [PATCH] Add heartbeat extension bounds check.
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+preparing the fix (CVE-2014-0160)
+Patch (tweaked version of upstream fix without CHANGES change) borrowed
+from Debian.
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+---
+ ssl/d1_both.c | 26 ++++++++++++++++++--------
+ ssl/t1_lib.c  | 14 +++++++++-----
+ 3 files changed, 36 insertions(+), 13 deletions(-)
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+        unsigned int payload;
+        unsigned int padding = 16; /* Use minimum padding */
+ 
+-       /* Read type and payload length first */
+-       hbtype = *p++;
+-       n2s(p, payload);
+-       pl = p;
+-
+        if (s->msg_callback)
+                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                        &s->s3->rrec.data[0], s->s3->rrec.length,
+                        s, s->msg_callback_arg);
+ 
+       /* Read type and payload length first */
+       if (1 + 2 + 16 > s->s3->rrec.length)
+               return 0; /* silently discard */
+       hbtype = *p++;
+       n2s(p, payload);
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+       pl = p;
+
+        if (hbtype == TLS1_HB_REQUEST)
+                {
+                unsigned char *buffer, *bp;
+               unsigned int write_length = 1 /* heartbeat type */ +
+                                           2 /* heartbeat length */ +
+                                           payload + padding;
+                int r;
+ 
+               if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+                       return 0;
+
+                /* Allocate memory for the response, size is 1 byte
+                 * message type, plus 2 bytes payload length, plus
+                 * payload, plus padding
+                 */
+-               buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               buffer = OPENSSL_malloc(write_length);
+                bp = buffer;
+ 
+                /* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+                /* Random padding */
+                RAND_pseudo_bytes(bp, padding);
+ 
+-               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+ 
+                if (r >= 0 && s->msg_callback)
+                        s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+-                               buffer, 3 + payload + padding,
+                               buffer, write_length,
+                                s, s->msg_callback_arg);
+ 
+                OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+        unsigned int payload;
+        unsigned int padding = 16; /* Use minimum padding */
+ 
+-       /* Read type and payload length first */
+-       hbtype = *p++;
+-       n2s(p, payload);
+-       pl = p;
+-
+        if (s->msg_callback)
+                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                        &s->s3->rrec.data[0], s->s3->rrec.length,
+                        s, s->msg_callback_arg);
+ 
+       /* Read type and payload length first */
+       if (1 + 2 + 16 > s->s3->rrec.length)
+               return 0; /* silently discard */
+       hbtype = *p++;
+       n2s(p, payload);
+       if (1 + 2 + payload + 16 > s->s3->rrec.length)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+       pl = p;
+
+        if (hbtype == TLS1_HB_REQUEST)
+                {
+                unsigned char *buffer, *bp;
+-- 
+1.9.1
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 3313ed57f6..949f3a19e3 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
            file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
            file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
            file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
+            file://CVE-2014-0160.patch \
           "
 SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
author	Paul Eggleton <paul.eggleton@linux.intel.com>	2014-04-08 19:15:08 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-04-09 09:00:40 +0100
commit	609ae3928477294e769b9aee54b818c625723b14 (patch)
tree	82ed9293a396d5c79cf17fb6488898a3b71926de
parent	7f9dd3ff42f4016ffc93690e29d633ee41c661af (diff)
download	poky-609ae3928477294e769b9aee54b818c625723b14.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch new file mode 100644 index 0000000000..c06cd64fc6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch
@@ -0,0 +1,118 @@
		1	From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001
		2	From: "Dr. Stephen Henson" <steve@openssl.org>
		3	Date: Sun, 6 Apr 2014 00:51:06 +0100
		4	Subject: [PATCH] Add heartbeat extension bounds check.
		5
		6	A missing bounds check in the handling of the TLS heartbeat extension
		7	can be used to reveal up to 64k of memory to a connected client or
		8	server.
		9
		10	Thanks for Neel Mehta of Google Security for discovering this bug and to
		11	Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
		12	preparing the fix (CVE-2014-0160)
		13
		14	Patch (tweaked version of upstream fix without CHANGES change) borrowed
		15	from Debian.
		16
		17	Upstream-Status: Backport
		18	Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
		19
		20	---
		21	ssl/d1_both.c \| 26 ++++++++++++++++++--------
		22	ssl/t1_lib.c \| 14 +++++++++-----
		23	3 files changed, 36 insertions(+), 13 deletions(-)
		24
		25	diff --git a/ssl/d1_both.c b/ssl/d1_both.c
		26	index 7a5596a..2e8cf68 100644
		27	--- a/ssl/d1_both.c
		28	+++ b/ssl/d1_both.c
		29	@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
		30	unsigned int payload;
		31	unsigned int padding = 16; /* Use minimum padding */
		32
		33	- /* Read type and payload length first */
		34	- hbtype = *p++;
		35	- n2s(p, payload);
		36	- pl = p;
		37	-
		38	if (s->msg_callback)
		39	s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
		40	&s->s3->rrec.data[0], s->s3->rrec.length,
		41	s, s->msg_callback_arg);
		42
		43	+ /* Read type and payload length first */
		44	+ if (1 + 2 + 16 > s->s3->rrec.length)
		45	+ return 0; /* silently discard */
		46	+ hbtype = *p++;
		47	+ n2s(p, payload);
		48	+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
		49	+ return 0; /* silently discard per RFC 6520 sec. 4 */
		50	+ pl = p;
		51	+
		52	if (hbtype == TLS1_HB_REQUEST)
		53	{
		54	unsigned char buffer, bp;
		55	+ unsigned int write_length = 1 /* heartbeat type */ +
		56	+ 2 /* heartbeat length */ +
		57	+ payload + padding;
		58	int r;
		59
		60	+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
		61	+ return 0;
		62	+
		63	/* Allocate memory for the response, size is 1 byte
		64	* message type, plus 2 bytes payload length, plus
		65	* payload, plus padding
		66	*/
		67	- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
		68	+ buffer = OPENSSL_malloc(write_length);
		69	bp = buffer;
		70
		71	/* Enter response type, length and copy payload */
		72	@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
		73	/* Random padding */
		74	RAND_pseudo_bytes(bp, padding);
		75
		76	- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
		77	+ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
		78
		79	if (r >= 0 && s->msg_callback)
		80	s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
		81	- buffer, 3 + payload + padding,
		82	+ buffer, write_length,
		83	s, s->msg_callback_arg);
		84
		85	OPENSSL_free(buffer);
		86	diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
		87	index b82fada..bddffd9 100644
		88	--- a/ssl/t1_lib.c
		89	+++ b/ssl/t1_lib.c
		90	@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
		91	unsigned int payload;
		92	unsigned int padding = 16; /* Use minimum padding */
		93
		94	- /* Read type and payload length first */
		95	- hbtype = *p++;
		96	- n2s(p, payload);
		97	- pl = p;
		98	-
		99	if (s->msg_callback)
		100	s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
		101	&s->s3->rrec.data[0], s->s3->rrec.length,
		102	s, s->msg_callback_arg);
		103
		104	+ /* Read type and payload length first */
		105	+ if (1 + 2 + 16 > s->s3->rrec.length)
		106	+ return 0; /* silently discard */
		107	+ hbtype = *p++;
		108	+ n2s(p, payload);
		109	+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
		110	+ return 0; /* silently discard per RFC 6520 sec. 4 */
		111	+ pl = p;
		112	+
		113	if (hbtype == TLS1_HB_REQUEST)
		114	{
		115	unsigned char buffer, bp;
		116	--
		117	1.9.1
		118


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 3313ed57f6..949f3a19e3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
37	file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \	37	file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \
38	file://0001-Fix-DTLS-retransmission-from-previous-session.patch \	38	file://0001-Fix-DTLS-retransmission-from-previous-session.patch \
39	file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \	39	file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
		40	file://CVE-2014-0160.patch \
40	"	41	"
41		42
42	SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"	43	SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"