Please note that we're having an issue with cvsync and some of the
mirrors at this time, so cvs up -rOPENBSD_5_5 may not be a reliable
way to update. Sorry about that. Please use the patches on ftp.
There is also a patch available for 5.4.
untrusted comment: signature from openbsd 5.5 base secret key
RWRGy8gxk9N939QYTQR4ilQz+ggyJYBEh6xvD6rJcSISM/QUbENAddngkyz+IjPEgoOTHunuFB0BDIYMvHVfBlUx5xCjibXJ8Ao=
OpenBSD 5.5 errata 8, June 5, 2014:
This patch contains fixes for the following issues:
CVE-2014-0195 - Buffer overflow with crafted DTLS fragments
CVE-2014-0221 - DTLS infinite recursion flaw with "Hello Request"s
CVE-2014-0224 - SSL/TLS MITM vulnerability (Early ChangeCipherSpec Attack)
CVE-2014-3470 - Anonymous ECDH denial of service (null session certs)
Other issues in https://www.openssl.org/news/secadv_20140605.txt
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
This issue was fixed in 004_openssl.patch.sig and subsequently in OpenSSL.
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
This issue was fixed in 005_openssl.patch.sig and subsequently in OpenSSL.
Apply patch using:
signify -Vep /etc/signify/openbsd-55-base.pub -x 008_openssl.patch.sig \
-m - | (cd /usr/src && patch -p0)
Then build and install libssl
cd /usr/src/lib/libssl/ssl
make obj
make
make install
Then restart services which depend on SSL.
Index: lib/libssl/src/ssl/d1_both.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/d1_both.c,v
retrieving revision 1.2.4.1
retrieving revision 1.2.4.3
diff -u -p -r1.2.4.1 -r1.2.4.3
--- lib/libssl/src/ssl/d1_both.c 8 Apr 2014 00:55:39 -0000 1.2.4.1
+++ lib/libssl/src/ssl/d1_both.c 5 Jun 2014 20:16:56 -0000 1.2.4.3
@@ -626,8 +626,14 @@ dtls1_reassemble_fragment(SSL *s, struct
frag->msg_header.frag_len = frag->msg_header.msg_len;
frag->msg_header.frag_off = 0;
}
- else
+ else {
frag = (hm_fragment*) item->data;
+ if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+ item = NULL;
+ frag = NULL;
+ goto err;
+ }
+ }
/* If message is already reassembled, this must be a
* retransmit and can be dropped.
@@ -784,6 +790,7 @@ dtls1_get_message_fragment(SSL *s, int s
int i,al;
struct hm_header_st msg_hdr;
+again:
/* see if we have the required fragment already */
if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
{
@@ -842,8 +849,7 @@ dtls1_get_message_fragment(SSL *s, int s
s->msg_callback_arg);
s->init_num = 0;
- return dtls1_get_message_fragment(s, st1, stn,
- max, ok);
+ goto again;
}
else /* Incorrectly formated Hello request */
{
Index: lib/libssl/src/ssl/s3_clnt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_clnt.c,v
retrieving revision 1.26
retrieving revision 1.26.8.2
diff -u -p -r1.26 -r1.26.8.2
--- lib/libssl/src/ssl/s3_clnt.c 13 Oct 2012 21:25:14 -0000 1.26
+++ lib/libssl/src/ssl/s3_clnt.c 5 Jun 2014 20:09:30 -0000 1.26.8.2
@@ -559,7 +559,7 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
-
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end;
@@ -917,6 +917,7 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
}
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit=1;
}
else /* a miss or crap from the other end */
@@ -2508,6 +2509,14 @@ int ssl3_send_client_key_exchange(SSL *s
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
int field_size = 0;
+
+ if (s->session->sess_cert == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
/* Did we send out the client's
* ECDH share for use in premaster
Index: lib/libssl/src/ssl/s3_pkt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_pkt.c,v
retrieving revision 1.20.4.2
retrieving revision 1.20.4.3
diff -u -p -r1.20.4.2 -r1.20.4.3
--- lib/libssl/src/ssl/s3_pkt.c 1 May 2014 14:16:35 -0000 1.20.4.2
+++ lib/libssl/src/ssl/s3_pkt.c 5 Jun 2014 17:05:16 -0000 1.20.4.3
@@ -1300,6 +1300,14 @@ start:
goto f_err;
}
+ /* Check that we should be receiving a Change Cipher Spec. */
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
rr->length=0;
if (s->msg_callback)
@@ -1434,7 +1442,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL)
+ if (s->session == NULL || s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
Index: lib/libssl/src/ssl/s3_srvr.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_srvr.c,v
retrieving revision 1.29
retrieving revision 1.29.8.1
diff -u -p -r1.29 -r1.29.8.1
--- lib/libssl/src/ssl/s3_srvr.c 13 Oct 2012 21:25:14 -0000 1.29
+++ lib/libssl/src/ssl/s3_srvr.c 5 Jun 2014 17:05:16 -0000 1.29.8.1
@@ -670,6 +670,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
@@ -698,6 +699,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -767,9 +769,10 @@ int ssl3_accept(SSL *s)
#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#else
- if (s->s3->next_proto_neg_seen)
+ if (s->s3->next_proto_neg_seen) {
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
- else
+ } else
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
No comments:
Post a Comment