Two security fixes
- fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1
This commit is contained in:
Tomas Mraz
parent
c5b74d70a3
commit
519fe2cc24
|
|
@ -0,0 +1,21 @@
|
|||
Fix for TLS record tampering bug. A carefully crafted invalid
|
||||
handshake could crash OpenSSL with a NULL pointer exception.
|
||||
Thanks to Anton Johansson for reporting this issues.
|
||||
(CVE-2013-4353)
|
||||
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
|
||||
index 1e5dcab..53b9390 100644
|
||||
--- a/ssl/s3_both.c
|
||||
+++ b/ssl/s3_both.c
|
||||
@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
|
||||
{
|
||||
const char *sender;
|
||||
int slen;
|
||||
-
|
||||
+ /* If no new cipher setup return immediately: other functions will
|
||||
+ * set the appropriate error.
|
||||
+ */
|
||||
+ if (s->s3->tmp.new_cipher == NULL)
|
||||
+ return;
|
||||
if (s->state & SSL_ST_CONNECT)
|
||||
{
|
||||
sender=s->method->ssl3_enc->server_finished_label;
|
||||
|
|
@ -38,6 +38,15 @@ diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
|
|||
index 804291e..c4bc4e7 100644
|
||||
--- a/ssl/s3_pkt.c
|
||||
+++ b/ssl/s3_pkt.c
|
||||
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
|
||||
if (version != s->version)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
|
||||
- if ((s->version & 0xFF00) == (version & 0xFF00))
|
||||
+ if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
|
||||
/* Send back error using their minor version number :-) */
|
||||
s->version = (unsigned short)version;
|
||||
al=SSL_AD_PROTOCOL_VERSION;
|
||||
@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
|
||||
slen=s->method->ssl3_enc->client_finished_label_len;
|
||||
}
|
||||
|
|
@ -54,6 +63,20 @@ index 804291e..c4bc4e7 100644
|
|||
|
||||
return(1);
|
||||
}
|
||||
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
|
||||
index e5a8b3f..52efed3 100644
|
||||
--- a/ssl/s3_srvr.c
|
||||
+++ b/ssl/s3_srvr.c
|
||||
@@ -958,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
|
||||
(s->version != DTLS1_VERSION && s->client_version < s->version))
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
|
||||
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
|
||||
+ if ((s->client_version>>8) == SSL3_VERSION_MAJOR &&
|
||||
+ !s->enc_write_ctx && !s->write_hash)
|
||||
{
|
||||
/* similar to ssl3_get_record, send alert using remote version number */
|
||||
s->version = s->client_version;
|
||||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
|
||||
index 809ad2e..72015f5 100644
|
||||
--- a/ssl/t1_enc.c
|
||||
|
|
|
|||
|
|
@ -0,0 +1,85 @@
|
|||
Fix DTLS retransmission from previous session.
|
||||
|
||||
For DTLS we might need to retransmit messages from the previous session
|
||||
so keep a copy of write context in DTLS retransmission buffers instead
|
||||
of replacing it after sending CCS. CVE-2013-6450.
|
||||
|
||||
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
|
||||
index 65ec001..7a5596a 100644
|
||||
--- a/ssl/d1_both.c
|
||||
+++ b/ssl/d1_both.c
|
||||
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
|
||||
static void
|
||||
dtls1_hm_fragment_free(hm_fragment *frag)
|
||||
{
|
||||
+
|
||||
+ if (frag->msg_header.is_ccs)
|
||||
+ {
|
||||
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
|
||||
+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
|
||||
+ }
|
||||
if (frag->fragment) OPENSSL_free(frag->fragment);
|
||||
if (frag->reassembly) OPENSSL_free(frag->reassembly);
|
||||
OPENSSL_free(frag);
|
||||
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
||||
index 96ce9a7..e485907 100644
|
||||
--- a/ssl/ssl_locl.h
|
||||
+++ b/ssl/ssl_locl.h
|
||||
@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
|
||||
extern SSL3_ENC_METHOD SSLv3_enc_data;
|
||||
extern SSL3_ENC_METHOD DTLSv1_enc_data;
|
||||
|
||||
+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
|
||||
+
|
||||
#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
|
||||
s_get_meth) \
|
||||
const SSL_METHOD *func_name(void) \
|
||||
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
|
||||
index 72015f5..56db834 100644
|
||||
--- a/ssl/t1_enc.c
|
||||
+++ b/ssl/t1_enc.c
|
||||
@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
|
||||
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
|
||||
else
|
||||
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
|
||||
- if (s->enc_write_ctx != NULL)
|
||||
+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
|
||||
reuse_dd = 1;
|
||||
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
|
||||
+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto err;
|
||||
- else
|
||||
- /* make sure it's intialized in case we exit later with an error */
|
||||
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
|
||||
dd= s->enc_write_ctx;
|
||||
- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
|
||||
+ if (SSL_IS_DTLS(s))
|
||||
+ {
|
||||
+ mac_ctx = EVP_MD_CTX_create();
|
||||
+ if (!mac_ctx)
|
||||
+ goto err;
|
||||
+ s->write_hash = mac_ctx;
|
||||
+ }
|
||||
+ else
|
||||
+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
if (s->compress != NULL)
|
||||
{
|
||||
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
|
||||
index 6fc469f..d14e8e4 100644
|
||||
--- a/crypto/evp/digest.c
|
||||
+++ b/crypto/evp/digest.c
|
||||
@@ -366,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
|
||||
|
||||
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
|
||||
{
|
||||
- EVP_MD_CTX_cleanup(ctx);
|
||||
- OPENSSL_free(ctx);
|
||||
+ if (ctx)
|
||||
+ {
|
||||
+ EVP_MD_CTX_cleanup(ctx);
|
||||
+ OPENSSL_free(ctx);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* This call frees resources associated with the context */
|
||||
10
openssl.spec
10
openssl.spec
|
|
@ -21,7 +21,7 @@
|
|||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1e
|
||||
Release: 36%{?dist}
|
||||
Release: 37%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
|
|
@ -85,6 +85,8 @@ Patch83: openssl-1.0.1e-bad-mac.patch
|
|||
Patch84: openssl-1.0.1e-trusted-first.patch
|
||||
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
||||
Patch86: openssl-1.0.1e-cve-2013-6449.patch
|
||||
Patch87: openssl-1.0.1e-cve-2013-6450.patch
|
||||
Patch88: openssl-1.0.1e-cve-2013-4353.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
|
|
@ -205,6 +207,8 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
|||
%patch84 -p1 -b .trusted-first
|
||||
%patch85 -p1 -b .armcap
|
||||
%patch86 -p1 -b .hash-crash
|
||||
%patch87 -p1 -b .dtls1-mitm
|
||||
%patch88 -p1 -b .handshake-crash
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
|
|
@ -468,6 +472,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Jan 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-37
|
||||
- fix CVE-2013-4353 - Invalid TLS handshake crash
|
||||
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
|
||||
|
||||
* Fri Dec 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-36
|
||||
- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
|
||||
- more FIPS validation requirement changes
|
||||
|
|
|
|||
Loading…
Reference in New Issue