archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2024-09-19 22:08:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
PKGBUILDs/core/openssl-cryptodev/CVE-2014-0224.patch

112 lines
3.3 KiB
Diff
Raw Blame History

commit a5852a6db4b36f91d6254b2d8757f125e6e8e5cb
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri May 16 12:55:16 2014 +0100
Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 98c36e6..59011e3 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1459,7 +1459,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
if (s->s3->tmp.key_block == NULL)
{
- if (s->session == NULL)
+ if (s->session == NULL || s->session->master_key_length == 0)
{
/* might happen if dtls1_read_bytes() calls this */
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
commit eaa71076511eab5e84ed36ddecbfc6cc20a48952
Author: Dr. Stephen Henson <steve@openssl.org>
Date: Fri May 16 12:49:48 2014 +0100
Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a6b3c01..d35376d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
if (ret <= 0) goto end;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 6bc8bf9..98c36e6 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1316,6 +1316,15 @@ start:
goto f_err;
}
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
rr->length=0;
if (s->msg_callback)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4de9d19..29f8b14 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#else
if (s->s3->next_proto_neg_seen)
+ {
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+ }
else
s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
#endif
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index cb8b249..4ac4199 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+#define SSL3_FLAGS_CCS_OK 0x0040
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
Reference in a new issue View git blame Copy permalink