* [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch
@ 2014-06-09 15:51 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 1/5] openssl: fix CVE-2014-0195 Paul Eggleton
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
NOTE: These patches needs to be applied *after* the OpenSSL
CVE-2010-5298 patch fix in Saul's pending daisy series (which is in
the branch for this pull request or it would not work otherwise.)
The following changes since commit:
openssl: add openssl-CVE-2010-5298.patch SRC_URI (2014-06-09 14:11:54 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib paule/openssl-daisy
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/openssl-daisy
Paul Eggleton (5):
openssl: fix CVE-2014-0195
openssl: use upstream fix for CVE-2014-0198
openssl: fix CVE-2014-0221
openssl: fix CVE-2014-0224
openssl: fix CVE-2014-3470
.../openssl/openssl-1.0.1e-cve-2014-0195.patch | 40 ++++++++
.../openssl/openssl-1.0.1e-cve-2014-0198.patch | 38 ++++++++
.../openssl/openssl-1.0.1e-cve-2014-0221.patch | 38 ++++++++
.../openssl/openssl-1.0.1e-cve-2014-0224.patch | 103 +++++++++++++++++++++
.../openssl/openssl-1.0.1e-cve-2014-3470.patch | 31 +++++++
.../openssl/openssl-CVE-2014-0198-fix.patch | 23 -----
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 6 +-
7 files changed, 255 insertions(+), 24 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [daisy][PATCH 1/5] openssl: fix CVE-2014-0195
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
@ 2014-06-09 15:51 ` Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 2/5] openssl: use upstream fix for CVE-2014-0198 Paul Eggleton
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e-cve-2014-0195.patch | 40 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch
new file mode 100644
index 0000000..0c43919
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0195.patch
@@ -0,0 +1,40 @@
+commit 208d54db20d58c9a5e45e856a0650caadd7d9612
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Tue May 13 18:48:31 2014 +0100
+
+ Fix for CVE-2014-0195
+
+ A buffer overrun attack can be triggered by sending invalid DTLS fragments
+ to an OpenSSL DTLS client or server. This is potentially exploitable to
+ run arbitrary code on a vulnerable client or server.
+
+ Fixed by adding consistency check for DTLS fragments.
+
+ Thanks to Jüri Aedla for reporting this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 2e8cf68..07f67f8 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+ frag->msg_header.frag_off = 0;
+ }
+ else
++ {
+ frag = (hm_fragment*) item->data;
++ if (frag->msg_header.msg_len != msg_hdr->msg_len)
++ {
++ item = NULL;
++ frag = NULL;
++ goto err;
++ }
++ }
++
+
+ /* If message is already reassembled, this must be a
+ * retransmit and can be dropped.
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index 579cf03..d4fc91d 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -35,6 +35,7 @@ SRC_URI += "file://configure-targets.patch \
file://find.pl \
file://openssl-fix-des.pod-error.patch \
file://openssl-CVE-2014-0198-fix.patch \
+ file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-CVE-2010-5298.patch \
"
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [daisy][PATCH 2/5] openssl: use upstream fix for CVE-2014-0198
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 1/5] openssl: fix CVE-2014-0195 Paul Eggleton
@ 2014-06-09 15:51 ` Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 3/5] openssl: fix CVE-2014-0221 Paul Eggleton
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e-cve-2014-0198.patch | 38 ++++++++++++++++++++++
.../openssl/openssl-CVE-2014-0198-fix.patch | 23 -------------
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 2 +-
3 files changed, 39 insertions(+), 24 deletions(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch
delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch
new file mode 100644
index 0000000..12dcfb7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0198.patch
@@ -0,0 +1,38 @@
+From: Matt Caswell <matt@openssl.org>
+Date: Sun, 11 May 2014 23:38:37 +0000 (+0100)
+Subject: Fixed NULL pointer dereference. See PR#3321
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586
+
+Fixed NULL pointer dereference. See PR#3321
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+---
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ SSL3_BUFFER *wb=&(s->s3->wbuf);
+ SSL_SESSION *sess;
+
+- if (wb->buf == NULL)
+- if (!ssl3_setup_write_buffer(s))
+- return -1;
+
+ /* first check if there is a SSL3_BUFFER still being written
+ * out. This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ /* if it went, fall through and send more stuff */
+ }
+
++ if (wb->buf == NULL)
++ if (!ssl3_setup_write_buffer(s))
++ return -1;
++
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
deleted file mode 100644
index 4c51d74..0000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Backport
-
-Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837
-
-CVE-2014-0198: An attacker can trigger generation of an SSL
-alert which could cause a null pointer dereference.
-
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
----
-diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
---- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200
-@@ -657,6 +657,10 @@
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
-+ /* we may have released our buffer, so get it again */
-+ if (wb->buf == NULL)
-+ if (!ssl3_setup_write_buffer(s))
-+ return -1;
- }
-
- if (len == 0 && !create_empty_fragment)
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index d4fc91d..18f0baf 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -34,8 +34,8 @@ SRC_URI += "file://configure-targets.patch \
file://initial-aarch64-bits.patch \
file://find.pl \
file://openssl-fix-des.pod-error.patch \
- file://openssl-CVE-2014-0198-fix.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
+ file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-CVE-2010-5298.patch \
"
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [daisy][PATCH 3/5] openssl: fix CVE-2014-0221
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 1/5] openssl: fix CVE-2014-0195 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 2/5] openssl: use upstream fix for CVE-2014-0198 Paul Eggleton
@ 2014-06-09 15:51 ` Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 4/5] openssl: fix CVE-2014-0224 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 5/5] openssl: fix CVE-2014-3470 Paul Eggleton
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e-cve-2014-0221.patch | 38 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch
new file mode 100644
index 0000000..bf730a8
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0221.patch
@@ -0,0 +1,38 @@
+commit d30e582446b027868cdabd0994681643682045a4
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Fri May 16 13:00:45 2014 +0100
+
+ Fix CVE-2014-0221
+
+ Unnecessary recursion when receiving a DTLS hello request can be used to
+ crash a DTLS client. Fixed by handling DTLS hello request without recursion.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 07f67f8..4c2fd03 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ int i,al;
+ struct hm_header_st msg_hdr;
+
++ redo:
+ /* see if we have the required fragment already */
+ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
+ {
+@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+ s->msg_callback_arg);
+
+ s->init_num = 0;
+- return dtls1_get_message_fragment(s, st1, stn,
+- max, ok);
++ goto redo;
+ }
+ else /* Incorrectly formated Hello request */
+ {
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index 18f0baf..d4084de 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -36,6 +36,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-fix-des.pod-error.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
+ file://openssl-1.0.1e-cve-2014-0221.patch \
file://openssl-CVE-2010-5298.patch \
"
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [daisy][PATCH 4/5] openssl: fix CVE-2014-0224
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
` (2 preceding siblings ...)
2014-06-09 15:51 ` [daisy][PATCH 3/5] openssl: fix CVE-2014-0221 Paul Eggleton
@ 2014-06-09 15:51 ` Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 5/5] openssl: fix CVE-2014-3470 Paul Eggleton
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e-cve-2014-0224.patch | 103 +++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch
new file mode 100644
index 0000000..0ed1d12
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-0224.patch
@@ -0,0 +1,103 @@
+Fix for CVE-2014-0224
+
+Only accept change cipher spec when it is expected instead of at any
+time. This prevents premature setting of session keys before the master
+secret is determined which an attacker could use as a MITM attack.
+
+Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
+and providing the initial fix this patch is based on.
+
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h
+--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200
++++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200
+@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
+ #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+ #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
+ #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
++#define SSL3_FLAGS_CCS_OK 0x0080
+
+ /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c
+--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200
+@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
+ SSL3_ST_CR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ goto f_err;
+ }
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit=1;
+ }
+ else /* a miss or crap from the other end */
+diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c
+--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200
++++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200
+@@ -1298,6 +1298,15 @@ start:
+ goto f_err;
+ }
+
++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
++ {
++ al=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
++ goto f_err;
++ }
++
++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
++
+ rr->length=0;
+
+ if (s->msg_callback)
+@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+
+ if (s->s3->tmp.key_block == NULL)
+ {
+- if (s->session == NULL)
++ if (s->session == NULL || s->session->master_key_length == 0)
+ {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c
+--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200
++++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200
+@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
+ case SSL3_ST_SR_CERT_VRFY_A:
+ case SSL3_ST_SR_CERT_VRFY_B:
+
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /* we should decide if we expected this one */
+ ret=ssl3_get_cert_verify(s);
+ if (ret <= 0) goto end;
+@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
+
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0) goto end;
+@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #else
+ if (s->s3->next_proto_neg_seen)
++ {
++ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++ }
+ else
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+ #endif
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index d4084de..64e8f82 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.1e-cve-2014-0195.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
+ file://openssl-1.0.1e-cve-2014-0224.patch \
file://openssl-CVE-2010-5298.patch \
"
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [daisy][PATCH 5/5] openssl: fix CVE-2014-3470
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
` (3 preceding siblings ...)
2014-06-09 15:51 ` [daisy][PATCH 4/5] openssl: fix CVE-2014-0224 Paul Eggleton
@ 2014-06-09 15:51 ` Paul Eggleton
4 siblings, 0 replies; 6+ messages in thread
From: Paul Eggleton @ 2014-06-09 15:51 UTC (permalink / raw)
To: openembedded-core
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
.../openssl/openssl-1.0.1e-cve-2014-3470.patch | 31 ++++++++++++++++++++++
.../recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 +
2 files changed, 32 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch
new file mode 100644
index 0000000..025727f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.1e-cve-2014-3470.patch
@@ -0,0 +1,31 @@
+commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86
+Author: Dr. Stephen Henson <steve@openssl.org>
+Date: Thu May 29 15:00:05 2014 +0100
+
+ Fix CVE-2014-3470
+
+ Check session_cert is not NULL before dereferencing it.
+
+Patch borrowed from Fedora
+Upstream-Status: Backport
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index d35376d..4324f8d 100644
+--- a/ssl/s3_clnt.c
++++ b/ssl/s3_clnt.c
+@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s)
+ int ecdh_clnt_cert = 0;
+ int field_size = 0;
+
++ if (s->session->sess_cert == NULL)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
++ goto err;
++ }
++
+ /* Did we send out the client's
+ * ECDH share for use in premaster
+ * computation as part of client certificate?
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
index 64e8f82..274c69d 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
@@ -38,6 +38,7 @@ SRC_URI += "file://configure-targets.patch \
file://openssl-1.0.1e-cve-2014-0198.patch \
file://openssl-1.0.1e-cve-2014-0221.patch \
file://openssl-1.0.1e-cve-2014-0224.patch \
+ file://openssl-1.0.1e-cve-2014-3470.patch \
file://openssl-CVE-2010-5298.patch \
"
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-09 15:51 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-09 15:51 [daisy][PATCH 0/5] OpenSSL CVE fixes for the daisy branch Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 1/5] openssl: fix CVE-2014-0195 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 2/5] openssl: use upstream fix for CVE-2014-0198 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 3/5] openssl: fix CVE-2014-0221 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 4/5] openssl: fix CVE-2014-0224 Paul Eggleton
2014-06-09 15:51 ` [daisy][PATCH 5/5] openssl: fix CVE-2014-3470 Paul Eggleton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.