* [PATCH v5][morty] openssl: CVE: CVE-2017-3731
@ 2017-02-07 11:48 Alexandru Moise
2017-02-14 9:40 ` Sona Sarmadi
0 siblings, 1 reply; 4+ messages in thread
From: Alexandru Moise @ 2017-02-07 11:48 UTC (permalink / raw)
To: openembedded-core
If an SSL/TLS server or client is running on a 32-bit host, and a
specific cipher is being used, then a truncated packet can cause that
server or client to perform an out-of-bounds read, usually resulting
in a crash.
Backported from:
https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d
https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051
* CVE: CVE-2017-3731
Upstream-status: Backport
Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
---
.../openssl/openssl/0001-CVE-2017-3731.patch | 46 +++++++++++++++++++
.../openssl/openssl/0002-CVE-2017-3731.patch | 53 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.2j.bb | 2 +
3 files changed, 101 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
new file mode 100644
index 0000000..b378c5e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
@@ -0,0 +1,46 @@
+From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:13:19 +0200
+Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory (or bogus
+MAC value is produced if x86 MD5 assembly module is involved). Since
+hash operation is read-only it is not considered to be exploitable
+beyond a DoS condition.
+
+Thanks to Robert Święcki for report.
+
+CVE-2017-3731
+
+Backported from upstream commit:
+8e20499629b6bcf868d0072c7011e590b5c2294d
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_rc4_hmac_md5.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
+index 5e92855..3293419 100644
+--- a/crypto/evp/e_rc4_hmac_md5.c
++++ b/crypto/evp/e_rc4_hmac_md5.c
+@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+ len = p[arg - 2] << 8 | p[arg - 1];
+
+ if (!ctx->encrypt) {
++ if (len < MD5_DIGEST_LENGTH)
++ return -1;
+ len -= MD5_DIGEST_LENGTH;
+ p[arg - 2] = len >> 8;
+ p[arg - 1] = len;
+--
+2.10.2
+
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
new file mode 100644
index 0000000..990cbfd
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
+From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise@windriver.com>
+Date: Tue, 7 Feb 2017 11:16:13 +0200
+Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory. Since hash
+operation is read-only it is not considered to be exploitable
+beyond a DoS condition. Other ciphers were hardened.
+
+Thanks to Robert Święcki for report.
+
+CVE-2017-3731
+
+Backported from upstream commit:
+2198b3a55de681e1f3c23edb0586afe13f438051
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
+---
+ crypto/evp/e_aes.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 1734a82..16dcd10 100644
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+ {
+ unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+ /* Correct length for explicit IV */
++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
++ return 0;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ /* If decrypting correct for tag too */
+- if (!c->encrypt)
++ if (!c->encrypt) {
++ if (len < EVP_GCM_TLS_TAG_LEN)
++ return 0;
+ len -= EVP_GCM_TLS_TAG_LEN;
++ }
+ c->buf[arg - 2] = len >> 8;
+ c->buf[arg - 1] = len & 0xff;
+ }
+--
+2.10.2
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
index f2aca36..9a7cded 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
@@ -41,6 +41,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
file://parallel.patch \
file://openssl-util-perlpath.pl-cwd.patch \
file://CVE-2016-7055.patch \
+ file://0001-CVE-2017-3731.patch \
+ file://0002-CVE-2017-3731.patch \
"
SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
--
2.10.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v5][morty] openssl: CVE: CVE-2017-3731
2017-02-07 11:48 [PATCH v5][morty] openssl: CVE: CVE-2017-3731 Alexandru Moise
@ 2017-02-14 9:40 ` Sona Sarmadi
2017-02-14 10:18 ` Burton, Ross
0 siblings, 1 reply; 4+ messages in thread
From: Sona Sarmadi @ 2017-02-14 9:40 UTC (permalink / raw)
To: Alexandru Moise; +Cc: openembedded-core
Hi Alexandru,
Shouldn't CVE-2017-3731 in the patch files have CVE: tag?
i.e. CVE-2017-3731 in 0001-CVE-2017-3731.patch & 0002-CVE-2017-3731.patch
should be:
CVE: CVE-2017-3731
You have this tag in the meta patch, we add this normally inside the patch.
> * CVE: CVE-2017-3731
>
> Upstream-status: Backport
I am just curious if this is ok, or should we always put the CVE: tag inside the patch?
Thanks
//Sona
> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On
> Behalf Of Alexandru Moise
> Sent: den 7 februari 2017 12:49
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH v5][morty] openssl: CVE: CVE-2017-3731
>
> If an SSL/TLS server or client is running on a 32-bit host, and a specific
> cipher is being used, then a truncated packet can cause that server or
> client to perform an out-of-bounds read, usually resulting in a crash.
>
> Backported from:
> https://github.com/openssl/openssl/commit/8e20499629b6bcf868d007
> 2c7011e590b5c2294d
> https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23e
> db0586afe13f438051
>
> * CVE: CVE-2017-3731
>
> Upstream-status: Backport
>
> Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
> ---
> .../openssl/openssl/0001-CVE-2017-3731.patch | 46
> +++++++++++++++++++
> .../openssl/openssl/0002-CVE-2017-3731.patch | 53
> ++++++++++++++++++++++
> .../recipes-connectivity/openssl/openssl_1.0.2j.bb | 2 +
> 3 files changed, 101 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-
> CVE-2017-3731.patch
> create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-
> CVE-2017-3731.patch
>
> diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-
> 3731.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-
> 2017-3731.patch
> new file mode 100644
> index 0000000..b378c5e
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-
> 3731.patch
> @@ -0,0 +1,46 @@
> +From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17
> 00:00:00 2001
> +From: Alexandru Moise <alexandru.moise@windriver.com>
> +Date: Tue, 7 Feb 2017 11:13:19 +0200
> +Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Originally a crash in 32-bit build was reported CHACHA20-POLY1305
> +cipher. The crash is triggered by truncated packet and is result of
> +excessive hashing to the edge of accessible memory (or bogus MAC
> value
> +is produced if x86 MD5 assembly module is involved). Since hash
> +operation is read-only it is not considered to be exploitable beyond a
> +DoS condition.
> +
> +Thanks to Robert Święcki for report.
> +
> +CVE-2017-3731
> +
> +Backported from upstream commit:
> +8e20499629b6bcf868d0072c7011e590b5c2294d
> +
> +Upstream-Status: Backport
> +
> +Reviewed-by: Rich Salz <rsalz@openssl.org>
> +Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
> +---
> + crypto/evp/e_rc4_hmac_md5.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/crypto/evp/e_rc4_hmac_md5.c
> b/crypto/evp/e_rc4_hmac_md5.c
> +index 5e92855..3293419 100644
> +--- a/crypto/evp/e_rc4_hmac_md5.c
> ++++ b/crypto/evp/e_rc4_hmac_md5.c
> +@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX
> *ctx, int type, int arg,
> + len = p[arg - 2] << 8 | p[arg - 1];
> +
> + if (!ctx->encrypt) {
> ++ if (len < MD5_DIGEST_LENGTH)
> ++ return -1;
> + len -= MD5_DIGEST_LENGTH;
> + p[arg - 2] = len >> 8;
> + p[arg - 1] = len;
> +--
> +2.10.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-
> 3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-
> 2017-3731.patch
> new file mode 100644
> index 0000000..990cbfd
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-
> 3731.patch
> @@ -0,0 +1,53 @@
> +From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17
> 00:00:00 2001
> +From: Alexandru Moise <alexandru.moise@windriver.com>
> +Date: Tue, 7 Feb 2017 11:16:13 +0200
> +Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Originally a crash in 32-bit build was reported CHACHA20-POLY1305
> +cipher. The crash is triggered by truncated packet and is result of
> +excessive hashing to the edge of accessible memory. Since hash
> +operation is read-only it is not considered to be exploitable beyond a
> +DoS condition. Other ciphers were hardened.
> +
> +Thanks to Robert Święcki for report.
> +
> +CVE-2017-3731
> +
> +Backported from upstream commit:
> +2198b3a55de681e1f3c23edb0586afe13f438051
> +
> +Upstream-Status: Backport
> +
> +Reviewed-by: Rich Salz <rsalz@openssl.org>
> +Signed-off-by: Alexandru Moise <alexandru.moise@windriver.com>
> +---
> + crypto/evp/e_aes.c | 7 ++++++-
> + 1 file changed, 6 insertions(+), 1 deletion(-)
> +
> +diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index
> +1734a82..16dcd10 100644
> +--- a/crypto/evp/e_aes.c
> ++++ b/crypto/evp/e_aes.c
> +@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX
> *c, int type, int arg, void *ptr)
> + {
> + unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
> + /* Correct length for explicit IV */
> ++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
> + /* If decrypting correct for tag too */
> +- if (!c->encrypt)
> ++ if (!c->encrypt) {
> ++ if (len < EVP_GCM_TLS_TAG_LEN)
> ++ return 0;
> + len -= EVP_GCM_TLS_TAG_LEN;
> ++ }
> + c->buf[arg - 2] = len >> 8;
> + c->buf[arg - 1] = len & 0xff;
> + }
> +--
> +2.10.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
> b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
> index f2aca36..9a7cded 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
> @@ -41,6 +41,8 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \
> file://parallel.patch \
> file://openssl-util-perlpath.pl-cwd.patch \
> file://CVE-2016-7055.patch \
> + file://0001-CVE-2017-3731.patch \
> + file://0002-CVE-2017-3731.patch \
> "
> SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
> SRC_URI[sha256sum] =
> "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256
> c431"
> --
> 2.10.2
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v5][morty] openssl: CVE: CVE-2017-3731
2017-02-14 9:40 ` Sona Sarmadi
@ 2017-02-14 10:18 ` Burton, Ross
2017-02-14 10:41 ` Sona Sarmadi
0 siblings, 1 reply; 4+ messages in thread
From: Burton, Ross @ 2017-02-14 10:18 UTC (permalink / raw)
To: Sona Sarmadi; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 229 bytes --]
On 14 February 2017 at 09:40, Sona Sarmadi <sona.sarmadi@enea.com> wrote:
> I am just curious if this is ok, or should we always put the CVE: tag
> inside the patch?
>
The tag should always be in the patch file.
Ross
[-- Attachment #2: Type: text/html, Size: 634 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v5][morty] openssl: CVE: CVE-2017-3731
2017-02-14 10:18 ` Burton, Ross
@ 2017-02-14 10:41 ` Sona Sarmadi
0 siblings, 0 replies; 4+ messages in thread
From: Sona Sarmadi @ 2017-02-14 10:41 UTC (permalink / raw)
To: Burton, Ross; +Cc: openembedded-core
>> I am just curious if this is ok, or should we always put the CVE: tag inside the patch?
> The tag should always be in the patch file.
>
> Ross
So I guess this needs to be fixed:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=morty&id=8ba5b9eae34bbab537954ccee1726c7ee7a82750
//S
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-02-14 10:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-07 11:48 [PATCH v5][morty] openssl: CVE: CVE-2017-3731 Alexandru Moise
2017-02-14 9:40 ` Sona Sarmadi
2017-02-14 10:18 ` Burton, Ross
2017-02-14 10:41 ` Sona Sarmadi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.