Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
openssl.28465
openssl-CVE-2017-3737.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2017-3737.patch of Package openssl.28465
From 898fb884b706aaeb283de4812340bb0bde8476dc Mon Sep 17 00:00:00 2001 From: Matt Caswell <matt@openssl.org> Date: Wed, 29 Nov 2017 14:04:01 +0000 Subject: [PATCH 2/3] Don't allow read/write after fatal error OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an attacker would have to trick an application into behaving incorrectly by issuing an SSL_read()/SSL_write() after having already received a fatal error. Thanks to David Benjamin (Google) for reporting this issue and suggesting this fix. CVE-2017-3737 Reviewed-by: Rich Salz <rsalz@openssl.org> --- ssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) From c7383fb5f21aa3451f76bb98bdd5a96b070a2c47 Mon Sep 17 00:00:00 2001 From: Matt Caswell <matt@openssl.org> Date: Wed, 29 Nov 2017 13:56:15 +0000 Subject: [PATCH 3/3] Add a test for CVE-2017-3737 Test reading/writing to an SSL object after a fatal error has been detected. Reviewed-by: Rich Salz <rsalz@openssl.org> --- ssl/Makefile | 3 +- ssl/fatalerrtest.c | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++ test/Makefile | 35 +++++++++++++++-- 3 files changed, 142 insertions(+), 5 deletions(-) create mode 100644 ssl/fatalerrtest.c Index: openssl-1.0.2j/ssl/ssl.h =================================================================== --- openssl-1.0.2j.orig/ssl/ssl.h 2017-12-08 14:42:38.902302925 +0100 +++ openssl-1.0.2j/ssl/ssl.h 2017-12-08 14:42:39.178307252 +0100 @@ -1732,7 +1732,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 Index: openssl-1.0.2j/ssl/Makefile =================================================================== --- openssl-1.0.2j.orig/ssl/Makefile 2016-09-26 11:49:46.000000000 +0200 +++ openssl-1.0.2j/ssl/Makefile 2017-12-08 14:42:39.178307252 +0100 @@ -15,7 +15,8 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c bad_dtls_test.c +TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c \ + bad_dtls_test.c fatalerrtest.c APPS= LIB=$(TOP)/libssl.a Index: openssl-1.0.2j/ssl/fatalerrtest.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.0.2j/ssl/fatalerrtest.c 2017-12-08 14:42:39.178307252 +0100 @@ -0,0 +1,109 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/ssl.h> +#include <openssl/err.h> +#include "ssltestlib.h" + +int main(int argc, char *argv[]) +{ + SSL_CTX *sctx, *cctx; + SSL *sssl, *cssl; + const char *msg = "Dummy"; + BIO *err = NULL, *wbio = NULL; + int ret = 1, len; + char buf[80]; + unsigned char dummyrec[] = { + 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' + }; + + if (argc != 3) { + printf("Incorrect number of parameters\n"); + return 1; + } + + SSL_library_init(); + SSL_load_error_strings(); + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), &sctx, &cctx, + argv[1], argv[2])) { + printf("Failed to create SSL_CTX pair\n"); + goto err; + } + + /* + * Deliberately set the cipher lists for client and server to be different + * to force a handshake failure. + */ + if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA") + || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) { + printf("Failed to set cipher lists\n"); + goto err; + } + + if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) { + printf("Failed to create SSL objectx\n"); + goto err; + } + + wbio = SSL_get_wbio(cssl); + if (wbio == NULL) { + printf("Unexpected NULL bio received\n"); + goto err; + } + + if (create_ssl_connection(sssl, cssl)) { + printf("Unexpected success creating a connection\n"); + goto err; + } + + ERR_clear_error(); + + /* Inject a plaintext record from client to server */ + if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) { + printf("Unexpected failure injecting dummy record\n"); + goto err; + } + + /* SSL_read()/SSL_write should fail because of a previous fatal error */ + if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) { + buf[len] = '\0'; + printf("Unexpected success reading data: %s\n", buf); + goto err; + } + if (SSL_write(sssl, msg, strlen(msg)) > 0) { + printf("Unexpected success writing data\n"); + goto err; + } + + ret = 0; + err: + SSL_free(sssl); + SSL_free(cssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + ERR_print_errors_fp(stderr); + + if (ret) { + printf("Fatal err test: FAILED\n"); + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + BIO_free(err); + + return ret; +} Index: openssl-1.0.2j/test/Makefile =================================================================== --- openssl-1.0.2j.orig/test/Makefile 2016-09-26 11:49:48.000000000 +0200 +++ openssl-1.0.2j/test/Makefile 2017-12-08 14:42:39.178307252 +0100 @@ -73,6 +73,7 @@ CLIENTHELLOTEST= clienthellotest BADDTLSTEST= bad_dtls_test SSLV2CONFTEST = sslv2conftest DTLSTEST = dtlstest +FATALERRTEST = fatalerrtest TESTS= alltests @@ -87,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ $(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \ - $(BADDTLSTEST)$(EXE_EXT) + $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -102,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATES $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ $(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \ - $(BADDTLSTEST).o + $(BADDTLSTEST).o $(FATALERRTEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -114,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATES $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ $(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \ - $(BADDTLSTEST).c + $(BADDTLSTEST).c $(FATALERRTEST).c EXHEADER= HEADER= testutil.h ssltestlib.h $(EXHEADER) @@ -159,7 +160,7 @@ alltests: \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \ - test_dtls test_bad_dtls + test_dtls test_bad_dtls test_fatalerr test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -372,6 +373,10 @@ test_bad_dtls: $(BADDTLSTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(BADDTLSTEST) +test_fatalerr: $(FATALERRTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem + test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(SSLV2CONFTEST) @@ -560,6 +565,9 @@ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHE $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o @target=$(BADDTLSTEST) $(BUILD_CMD) +$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) + @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o @target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -775,6 +783,25 @@ exptest.o: ../include/openssl/opensslcon exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h exptest.o: ../include/openssl/symhacks.h exptest.c +fatalerrtest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +fatalerrtest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +fatalerrtest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +fatalerrtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +fatalerrtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +fatalerrtest.o: ../include/openssl/err.h ../include/openssl/evp.h +fatalerrtest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +fatalerrtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fatalerrtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fatalerrtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fatalerrtest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +fatalerrtest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +fatalerrtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fatalerrtest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +fatalerrtest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +fatalerrtest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +fatalerrtest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +fatalerrtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fatalerrtest.o: fatalerrtest.c ssltestlib.h heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor