[OE-core] [jethro][PATCH 2/2] openssl: CVE: CVE-2017-3731

rebecca.swee.fun.chang at intel.com rebecca.swee.fun.chang at intel.com
Thu Feb 16 01:53:32 UTC 2017


From: Alexandru Moise <alexandru.moise at windriver.com>

If an SSL/TLS server or client is running on a 32-bit host, and a
specific cipher is being used, then a truncated packet can cause that
server or client  to perform an out-of-bounds read, usually resulting
in a crash.

Backported from:
https://github.com/openssl/openssl/commit/8e20499629b6bcf868d0072c7011e590b5c2294d
https://github.com/openssl/openssl/commit/2198b3a55de681e1f3c23edb0586afe13f438051

* CVE: CVE-2017-3731

Upstream-status: Backport

(From OE-Core rev: 1fe1cb3e6e03b4f7f0d30b2b67edc8809a18fe70)

Signed-off-by: Alexandru Moise <alexandru.moise at windriver.com>
Signed-off-by: Chang, Rebecca Swee Fun <rebecca.swee.fun.chang at intel.com>
---
 .../openssl/openssl/0001-CVE-2017-3731.patch       | 46 +++++++++++++++++++
 .../openssl/openssl/0002-CVE-2017-3731.patch       | 53 ++++++++++++++++++++++
 .../recipes-connectivity/openssl/openssl_1.0.2h.bb |  2 +
 3 files changed, 101 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
 create mode 100644 meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
new file mode 100644
index 0000000..04ef526
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-CVE-2017-3731.patch
@@ -0,0 +1,46 @@
+From 0cde9a9645c949fd0acf657dadc747676245cfaf Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise at windriver.com>
+Date: Tue, 7 Feb 2017 11:13:19 +0200
+Subject: [PATCH 1/2] crypto/evp: harden RC4_MD5 cipher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory (or bogus
+MAC value is produced if x86 MD5 assembly module is involved). Since
+hash operation is read-only it is not considered to be exploitable
+beyond a DoS condition.
+
+Thanks to Robert Święcki for report.
+
+CVE-2017-3731
+
+Backported from upstream commit:
+8e20499629b6bcf868d0072c7011e590b5c2294d
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise at windriver.com>
+---
+ crypto/evp/e_rc4_hmac_md5.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
+index 5e92855..3293419 100644
+--- a/crypto/evp/e_rc4_hmac_md5.c
++++ b/crypto/evp/e_rc4_hmac_md5.c
+@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+             len = p[arg - 2] << 8 | p[arg - 1];
+ 
+             if (!ctx->encrypt) {
++		if (len < MD5_DIGEST_LENGTH)
++                    return -1;
+                 len -= MD5_DIGEST_LENGTH;
+                 p[arg - 2] = len >> 8;
+                 p[arg - 1] = len;
+-- 
+2.10.2
+
diff --git a/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
new file mode 100644
index 0000000..b56b2d5
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0002-CVE-2017-3731.patch
@@ -0,0 +1,53 @@
+From 6427f1accc54b515bb899370f1a662bfcb1caa52 Mon Sep 17 00:00:00 2001
+From: Alexandru Moise <alexandru.moise at windriver.com>
+Date: Tue, 7 Feb 2017 11:16:13 +0200
+Subject: [PATCH 2/2] crypto/evp: harden AEAD ciphers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Originally a crash in 32-bit build was reported CHACHA20-POLY1305
+cipher. The crash is triggered by truncated packet and is result
+of excessive hashing to the edge of accessible memory. Since hash
+operation is read-only it is not considered to be exploitable
+beyond a DoS condition. Other ciphers were hardened.
+
+Thanks to Robert Święcki for report.
+
+CVE-2017-3731
+
+Backported from upstream commit:
+2198b3a55de681e1f3c23edb0586afe13f438051
+
+Upstream-Status: Backport
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+Signed-off-by: Alexandru Moise <alexandru.moise at windriver.com>
+---
+ crypto/evp/e_aes.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
+index 1734a82..16dcd10 100644
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -1235,10 +1235,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+         {
+             unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+             /* Correct length for explicit IV */
++	    if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
++	        return 0;
+             len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+             /* If decrypting correct for tag too */
+-            if (!c->encrypt)
++            if (!c->encrypt) {
++		if (len < EVP_GCM_TLS_TAG_LEN)
++		    return 0;
+                 len -= EVP_GCM_TLS_TAG_LEN;
++	    }
+             c->buf[arg - 2] = len >> 8;
+             c->buf[arg - 1] = len & 0xff;
+         }
+-- 
+2.10.2
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index fc5e3e3..e552503 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -52,6 +52,8 @@ SRC_URI += "file://configure-targets.patch \
             file://CVE-2016-2179.patch \
             file://CVE-2016-8610.patch \
             file://CVE-2016-7055.patch \
+            file://0001-CVE-2017-3731.patch \
+            file://0002-CVE-2017-3731.patch \
            "
 
 SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
-- 
2.7.4




More information about the Openembedded-core mailing list