From a023338b5c24846a4ee15b47500ad1aeb4c67fc9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 20 2017 09:07:22 +0000 Subject: import openssl-1.0.1e-60.el7_3.1 --- diff --git a/SOURCES/openssl-1.0.1e-cve-2016-8610.patch b/SOURCES/openssl-1.0.1e-cve-2016-8610.patch new file mode 100644 index 0000000..84976ce --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2016-8610.patch @@ -0,0 +1,108 @@ +diff -up openssl-1.0.1e/ssl/d1_pkt.c.many-alerts openssl-1.0.1e/ssl/d1_pkt.c +--- openssl-1.0.1e/ssl/d1_pkt.c.many-alerts 2016-10-04 16:12:30.000000000 +0200 ++++ openssl-1.0.1e/ssl/d1_pkt.c 2016-11-01 10:48:05.270349440 +0100 +@@ -915,6 +915,13 @@ start: + goto start; + } + ++ /* ++ * Reset the count of consecutive warning alerts if we've got a non-empty ++ * record that isn't an alert. ++ */ ++ if (rr->type != SSL3_RT_ALERT && rr->length != 0) ++ s->cert->alert_count = 0; ++ + /* we now have a packet which can be read and processed */ + + if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, +@@ -1184,6 +1191,15 @@ start: + if (alert_level == 1) /* warning */ + { + s->s3->warn_alert = alert_descr; ++ ++ s->cert->alert_count++; ++ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) ++ { ++ al = SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); ++ goto f_err; ++ } ++ + if (alert_descr == SSL_AD_CLOSE_NOTIFY) + { + #ifndef OPENSSL_NO_SCTP +diff -up openssl-1.0.1e/ssl/ssl_err.c.many-alerts openssl-1.0.1e/ssl/ssl_err.c +--- openssl-1.0.1e/ssl/ssl_err.c.many-alerts 2016-10-04 16:12:30.000000000 +0200 ++++ openssl-1.0.1e/ssl/ssl_err.c 2016-11-01 10:54:04.673900027 +0100 +@@ -552,6 +552,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, + {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, + {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, ++{ERR_REASON(SSL_R_TOO_MANY_WARN_ALERTS), "too many warn alerts"}, + {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, +diff -up openssl-1.0.1e/ssl/ssl.h.many-alerts openssl-1.0.1e/ssl/ssl.h +--- openssl-1.0.1e/ssl/ssl.h.many-alerts 2016-10-04 16:12:30.000000000 +0200 ++++ openssl-1.0.1e/ssl/ssl.h 2016-11-01 10:52:48.442086392 +0100 +@@ -2474,6 +2474,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 + #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 + #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 ++#define SSL_R_TOO_MANY_WARN_ALERTS 409 + #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 + #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 + #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +diff -up openssl-1.0.1e/ssl/ssl_locl.h.many-alerts openssl-1.0.1e/ssl/ssl_locl.h +--- openssl-1.0.1e/ssl/ssl_locl.h.many-alerts 2016-10-04 16:12:30.000000000 +0200 ++++ openssl-1.0.1e/ssl/ssl_locl.h 2016-11-01 10:55:39.171148215 +0100 +@@ -485,6 +485,8 @@ typedef struct cert_pkey_st + const EVP_MD *digest; + } CERT_PKEY; + ++# define MAX_WARN_ALERT_COUNT 5 ++ + typedef struct cert_st + { + /* Current active set */ +@@ -516,6 +518,7 @@ typedef struct cert_st + CERT_PKEY pkeys[SSL_PKEY_NUM]; + + int references; /* >1 only if SSL_copy_session_id is used */ ++ unsigned int alert_count; + } CERT; + + +diff -up openssl-1.0.1e/ssl/s3_pkt.c.many-alerts openssl-1.0.1e/ssl/s3_pkt.c +--- openssl-1.0.1e/ssl/s3_pkt.c.many-alerts 2016-10-04 16:12:30.000000000 +0200 ++++ openssl-1.0.1e/ssl/s3_pkt.c 2016-11-01 10:51:21.504018044 +0100 +@@ -1009,6 +1009,13 @@ start: + if (ret <= 0) return(ret); + } + ++ /* ++ * Reset the count of consecutive warning alerts if we've got a non-empty ++ * record that isn't an alert. ++ */ ++ if (rr->type != SSL3_RT_ALERT && rr->length != 0) ++ s->cert->alert_count = 0; ++ + /* we now have a packet which can be read and processed */ + + if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, +@@ -1225,6 +1232,15 @@ start: + if (alert_level == 1) /* warning */ + { + s->s3->warn_alert = alert_descr; ++ ++ s->cert->alert_count++; ++ if (s->cert->alert_count == MAX_WARN_ALERT_COUNT) ++ { ++ al = SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS); ++ goto f_err; ++ } ++ + if (alert_descr == SSL_AD_CLOSE_NOTIFY) + { + s->shutdown |= SSL_RECEIVED_SHUTDOWN; diff --git a/SOURCES/openssl-1.0.1e-cve-2017-3731.patch b/SOURCES/openssl-1.0.1e-cve-2017-3731.patch new file mode 100644 index 0000000..2deb8b2 --- /dev/null +++ b/SOURCES/openssl-1.0.1e-cve-2017-3731.patch @@ -0,0 +1,45 @@ +diff -up openssl-1.0.1e/crypto/evp/e_aes.c.truncated openssl-1.0.1e/crypto/evp/e_aes.c +--- openssl-1.0.1e/crypto/evp/e_aes.c.truncated 2016-11-09 15:31:47.000000000 +0100 ++++ openssl-1.0.1e/crypto/evp/e_aes.c 2017-01-30 13:29:46.700570930 +0100 +@@ -796,11 +796,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * + gctx->tls_aad_len = arg; + { + unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1]; ++ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) ++ return 0; + /* Correct length for explicit IV */ + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + /* If decrypting correct for tag too */ + if (!c->encrypt) ++ { ++ if (len < EVP_GCM_TLS_TAG_LEN) ++ return 0; + len -= EVP_GCM_TLS_TAG_LEN; ++ } + c->buf[arg-2] = len>>8; + c->buf[arg-1] = len & 0xff; + } +diff -up openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c.truncated openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c +--- openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c.truncated 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c 2017-01-30 10:33:12.954714810 +0100 +@@ -257,6 +257,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_ + + if (!ctx->encrypt) + { ++ if (len < MD5_DIGEST_LENGTH) ++ return -1; + len -= MD5_DIGEST_LENGTH; + p[arg-2] = len>>8; + p[arg-1] = len; +diff -up openssl-1.0.1e/ssl/t1_enc.c.truncated openssl-1.0.1e/ssl/t1_enc.c +--- openssl-1.0.1e/ssl/t1_enc.c.truncated 2017-01-09 16:42:47.000000000 +0100 ++++ openssl-1.0.1e/ssl/t1_enc.c 2017-01-30 10:37:32.836053160 +0100 +@@ -805,6 +805,8 @@ int tls1_enc(SSL *s, int send) + buf[11]=rec->length>>8; + buf[12]=rec->length&0xff; + pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf); ++ if (pad <= 0) ++ return -1; + if (send) + { + l+=pad; diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 297ecc1..9adae69 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1e -Release: 60%{?dist} +Release: 60%{?dist}.1 Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -171,6 +171,8 @@ Patch161: openssl-1.0.1e-cve-2016-2182.patch Patch162: openssl-1.0.1e-cve-2016-6302.patch Patch163: openssl-1.0.1e-cve-2016-6304.patch Patch164: openssl-1.0.1e-cve-2016-6306.patch +Patch166: openssl-1.0.1e-cve-2016-8610.patch +Patch167: openssl-1.0.1e-cve-2017-3731.patch License: OpenSSL Group: System Environment/Libraries @@ -373,6 +375,8 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch162 -p1 -b .ticket-length %patch163 -p1 -b .ocsp-memgrowth %patch164 -p1 -b .certmsg-len +%patch166 -p1 -b .many-alerts +%patch167 -p1 -b .truncated sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -640,6 +644,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Mon Feb 6 2017 Tomáš Mráz 1.0.1e-60.1 +- fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher +- fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts + * Thu Sep 22 2016 Tomáš Mráz 1.0.1e-60 - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations