From owner-svn-src-stable-10@freebsd.org Fri Jan 27 07:45:07 2017 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1202CC317C; Fri, 27 Jan 2017 07:45:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C0144EA3; Fri, 27 Jan 2017 07:45:07 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0R7j6jW065130; Fri, 27 Jan 2017 07:45:06 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0R7j6Yk065129; Fri, 27 Jan 2017 07:45:06 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201701270745.v0R7j6Yk065129@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Fri, 27 Jan 2017 07:45:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r312863 - stable/10/crypto/openssl/crypto/evp X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2017 07:45:08 -0000 Author: delphij Date: Fri Jan 27 07:45:06 2017 New Revision: 312863 URL: https://svnweb.freebsd.org/changeset/base/312863 Log: Backport OpenSSL commit 56336b6c7a75ed28067cadedd8ac46572348bc2f: crypto/evp: harden RC4_MD5 cipher. Originally a crash in 32-bit build was reported CHACHA20-POLY1305 cipher. The crash is triggered by truncated packet and is result of excessive hashing to the edge of accessible memory (or bogus MAC value is produced if x86 MD5 assembly module is involved). Since hash operation is read-only it is not considered to be exploitable beyond a DoS condition. Thanks to Robert Święcki for report. This is a direct commit to stable/10. Security: CVE-2017-3731 Modified: stable/10/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c Modified: stable/10/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c ============================================================================== --- stable/10/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c Fri Jan 27 05:59:26 2017 (r312862) +++ stable/10/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c Fri Jan 27 07:45:06 2017 (r312863) @@ -267,6 +267,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_ len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { + if (len < MD5_DIGEST_LENGTH) + return -1; len -= MD5_DIGEST_LENGTH; p[arg - 2] = len >> 8; p[arg - 1] = len;