Date: Thu, 25 Mar 2021 23:56:22 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 98ec8b7512 - main - Add FreeBSD-SA-21:07.openssl. Message-ID: <202103252356.12PNuMN0016007@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by gordon (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=98ec8b7512c644be2229f079208e6698bdb09af6 commit 98ec8b7512c644be2229f079208e6698bdb09af6 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2021-03-25 23:55:47 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2021-03-25 23:56:03 +0000 Add FreeBSD-SA-21:07.openssl. Approved by: so --- website/data/security/advisories.toml | 4 + .../advisories/FreeBSD-SA-21:07.openssl.asc | 170 ++++++ .../security/patches/SA-21:07/openssl-12.patch | 281 +++++++++ .../security/patches/SA-21:07/openssl-12.patch.asc | 16 + .../security/patches/SA-21:07/openssl-13.patch | 651 +++++++++++++++++++++ .../security/patches/SA-21:07/openssl-13.patch.asc | 16 + 6 files changed, 1138 insertions(+) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index 10229d9ce6..08e22e3be7 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,10 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-21:07.openssl" +date = "2021-03-25" + [[advisories]] name = "FreeBSD-SA-21:06.xen" date = "2021-02-24" diff --git a/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc b/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc new file mode 100644 index 0000000000..af47414066 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc @@ -0,0 +1,170 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-21:07.openssl Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in OpenSSL + +Category: contrib +Module: openssl +Announced: 2021-03-25 +Affects: FreeBSD 12.2 and later +Corrected: 2021-03-25 15:45:19 UTC (stable/13, 13.0-STABLE) + 2021-03-25 16:25:06 UTC (releng/13.0, 13.0-RC3-p1) + 2021-03-25 17:14:46 UTC (stable/12, 12.2-STABLE) + 2021-03-25 23:45:45 UTC (releng/12.2, 12.2-RELEASE-p5) +CVE Name: CVE-2021-3449, CVE-2021-3450 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a +collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) protocol. It is +also a general-purpose cryptography library. + +II. Problem Description + +This advisory covers two distinct OpenSSL issues: + +The X509_V_FLAG_X509_STRICT flag enables additional security checks of the +certificates present in a certificate chain. It is not set by default. +Starting from OpenSSL version 1.1.1h a check to disallow certificates in the +chain that have explicitly encoded elliptic curve parameters was added as an +additional strict check. An error in the implementation of this check meant +that the result of a previous check to confirm that certificates in the chain +are valid CA certificates was overwritten. This effectively bypasses the +check that non-CA certificates must not be able to issue other certificates. +[CVE-2021-3450] + +A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits +the signature_algorithms extension (where it was present in the initial +ClientHello), but includes a signature_algorithms_cert extension results in a +NULL pointer dereference in the server. [CVE-2021-3449] + +III. Impact + +The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that +non-CA certificates must not be able to issue other certificates. + +The renegotiation issue can result in a crash and a denial of service attack. + +IV. Workaround + +For the X509_V_FLAG_X509_STRICT issue, no workaround is available, but +software that doesn't explicitly set the X509_V_FLAG_X509_STRICT flag is +unaffected. + +For the renegotiation issue, either turning off TLSv1.2 (as TLSv1.3 is +unaffected) or turning off renegotiation on the TLS server mitigates the +issue. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# <restart any daemons that use the library> + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.x] +# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch +# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch.asc +# gpg --verify openssl-13.patch.asc + +[FreeBSD 12.x] +# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch +# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch.asc +# gpg --verify openssl-12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/13/ b6c1fdcdf5033d20c61cc77d66f58f31cc65e2ba +releng/13.0/ 7d3f5a19f455e0e3fb17ac3f9af288e8c7fffc15 +stable/12/ r369521 +releng/12.2/ r369523 +- ------------------------------------------------------------------------- + +[FreeBSD 13.x] +To see which files were modified by a particular revision, run the following +command in a checked out git repository, replacing NNNNNN with the revision +hash: + +# git show --stat NNNNNN + +Or visit the following URL, replace NNNNNN with the revision hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +[FreeBSD 12.x] +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.openssl.org/news/secadv/20210325.txt>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmBdIi4ACgkQ05eS9J6n +5cJ3lRAAgeIfMDB04FRSVkOr4/GL5hAHwUmTfxJU2oPFJMELYD3NbVJR51fsXuuV +bHf1X9xq9jlYLyoLNpG89g1/jVYBPikZl3BraIm8/Rxp3/PeYEbkJKoaVaqdV8Lg +fQURad6z3cFSFTiZXuDaSvcXzuT5X/0U+UFncSsQJ2oF6YqWtAQzilTyti7mWxDR +/j0pS10GDmiEbHI/XVt683rNPhlzvha+npzpLhY+PFUQ4gwUQJrJVwoYHbPYEV2M +KngxHQ/P1u3jBnAtreEbfCEOfQYmhj7mNPMUl4KWRTvPsczTVohx4X96zi+rXgBw +RqNntzhLsRYsKGP4xgRmuIQjNA+udctCjrz1vDioZkG8YOYBWK9ygr7OwEyRWYar +65kykuQhKmqGqCx+r/rw7WzxwkJH+9fNKkQ+27mv7ibfqS8yD+CfELb+7aepuxGj +r8o2wLk+hfWttCV2fN3GIPhYAoU3UlvNWIMvxJXP8KL9Hf5JCte2ePKzVFLoYsQK +rdizxBhgngbWEISghZdmm2Qx4vG714z2bkmOjRn3muvZ5B2o9xP45Auj7nA3hZN1 +ET3jSWJHWutZds5wWlHfL7m4xr39D6BR/+6F1cmgmKr5O5YNSGWYEIqnh2G65KrM +ULNSgrlOfDr4oodovCXeRxXOplINMFNU4b4OpgyIQNvGysyLle0= +=+CMP +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-21:07/openssl-12.patch b/website/static/security/patches/SA-21:07/openssl-12.patch new file mode 100644 index 0000000000..70ee0e6250 --- /dev/null +++ b/website/static/security/patches/SA-21:07/openssl-12.patch @@ -0,0 +1,281 @@ +--- crypto/openssl/crypto/x509/x509_vfy.c.orig ++++ crypto/openssl/crypto/x509/x509_vfy.c +@@ -526,15 +526,19 @@ + ret = 1; + break; + } +- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { ++ if (ret > 0 ++ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + /* Check for presence of explicit elliptic curve parameters */ + ret = check_curve(x); +- if (ret < 0) ++ if (ret < 0) { + ctx->error = X509_V_ERR_UNSPECIFIED; +- else if (ret == 0) ++ ret = 0; ++ } else if (ret == 0) { + ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; ++ } + } +- if ((x->ex_flags & EXFLAG_CA) == 0 ++ if (ret > 0 ++ && (x->ex_flags & EXFLAG_CA) == 0 + && x->ex_pathlen != -1 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; +--- crypto/openssl/ssl/s3_lib.c.orig ++++ crypto/openssl/ssl/s3_lib.c +@@ -4638,6 +4638,7 @@ + + OPENSSL_clear_free(s->s3->tmp.psk, psklen); + s->s3->tmp.psk = NULL; ++ s->s3->tmp.psklen = 0; + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pskpms, pskpmslen, + &s->session->master_key_length)) { +@@ -4667,8 +4668,10 @@ + else + OPENSSL_cleanse(pms, pmslen); + } +- if (s->server == 0) ++ if (s->server == 0) { + s->s3->tmp.pms = NULL; ++ s->s3->tmp.pmslen = 0; ++ } + return ret; + } + +--- crypto/openssl/ssl/ssl_lib.c.orig ++++ crypto/openssl/ssl/ssl_lib.c +@@ -779,8 +779,10 @@ + s->ext.ecpointformats = + OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); +- if (!s->ext.ecpointformats) ++ if (!s->ext.ecpointformats) { ++ s->ext.ecpointformats_len = 0; + goto err; ++ } + s->ext.ecpointformats_len = + ctx->ext.ecpointformats_len; + } +@@ -789,8 +791,10 @@ + OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len + * sizeof(*ctx->ext.supportedgroups)); +- if (!s->ext.supportedgroups) ++ if (!s->ext.supportedgroups) { ++ s->ext.supportedgroups_len = 0; + goto err; ++ } + s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; + } + #endif +@@ -800,8 +804,10 @@ + + if (s->ctx->ext.alpn) { + s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); +- if (s->ext.alpn == NULL) ++ if (s->ext.alpn == NULL) { ++ s->ext.alpn_len = 0; + goto err; ++ } + memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); + s->ext.alpn_len = s->ctx->ext.alpn_len; + } +@@ -2834,6 +2840,7 @@ + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ctx->ext.alpn == NULL) { ++ ctx->ext.alpn_len = 0; + SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); + return 1; + } +@@ -2853,6 +2860,7 @@ + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ssl->ext.alpn == NULL) { ++ ssl->ext.alpn_len = 0; + SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); + return 1; + } +--- crypto/openssl/ssl/statem/extensions.c.orig ++++ crypto/openssl/ssl/statem/extensions.c +@@ -1136,6 +1136,7 @@ + /* Clear any signature algorithms extension received */ + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = NULL; ++ s->s3->tmp.peer_sigalgslen = 0; + + return 1; + } +@@ -1145,6 +1146,7 @@ + /* Clear any signature algorithms extension received */ + OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); + s->s3->tmp.peer_cert_sigalgs = NULL; ++ s->s3->tmp.peer_cert_sigalgslen = 0; + + return 1; + } +--- crypto/openssl/ssl/statem/extensions_clnt.c.orig ++++ crypto/openssl/ssl/statem/extensions_clnt.c +@@ -816,6 +816,7 @@ + OPENSSL_free(s->psksession_id); + s->psksession_id = OPENSSL_memdup(id, idlen); + if (s->psksession_id == NULL) { ++ s->psksession_id_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; +@@ -1375,6 +1376,7 @@ + OPENSSL_free(s->ext.peer_ecpointformats); + s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); + if (s->ext.peer_ecpointformats == NULL) { ++ s->ext.peer_ecpointformats_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); + return 0; +@@ -1492,8 +1494,13 @@ + s->ext.scts_len = (uint16_t)size; + if (size > 0) { + s->ext.scts = OPENSSL_malloc(size); +- if (s->ext.scts == NULL +- || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { ++ if (s->ext.scts == NULL) { ++ s->ext.scts_len = 0; ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, ++ ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, + ERR_R_INTERNAL_ERROR); + return 0; +@@ -1592,6 +1599,7 @@ + OPENSSL_free(s->ext.npn); + s->ext.npn = OPENSSL_malloc(selected_len); + if (s->ext.npn == NULL) { ++ s->ext.npn_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, + ERR_R_INTERNAL_ERROR); + return 0; +@@ -1632,6 +1640,7 @@ + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = OPENSSL_malloc(len); + if (s->s3->alpn_selected == NULL) { ++ s->s3->alpn_selected_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; +@@ -1663,6 +1672,7 @@ + s->session->ext.alpn_selected = + OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + if (s->session->ext.alpn_selected == NULL) { ++ s->session->ext.alpn_selected_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; +--- crypto/openssl/ssl/statem/statem_clnt.c.orig ++++ crypto/openssl/ssl/statem/statem_clnt.c +@@ -2461,6 +2461,7 @@ + s->s3->tmp.ctype_len = 0; + OPENSSL_free(s->pha_context); + s->pha_context = NULL; ++ s->pha_context_len = 0; + + if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || + !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { +@@ -2770,16 +2771,17 @@ + } + s->ext.ocsp.resp = OPENSSL_malloc(resplen); + if (s->ext.ocsp.resp == NULL) { ++ s->ext.ocsp.resp_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + ERR_R_MALLOC_FAILURE); + return 0; + } ++ s->ext.ocsp.resp_len = resplen; + if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, + SSL_R_LENGTH_MISMATCH); + return 0; + } +- s->ext.ocsp.resp_len = resplen; + + return 1; + } +@@ -3349,9 +3351,11 @@ + err: + OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); + s->s3->tmp.pms = NULL; ++ s->s3->tmp.pmslen = 0; + #ifndef OPENSSL_NO_PSK + OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); + s->s3->tmp.psk = NULL; ++ s->s3->tmp.psklen = 0; + #endif + return 0; + } +@@ -3426,6 +3430,7 @@ + err: + OPENSSL_clear_free(pms, pmslen); + s->s3->tmp.pms = NULL; ++ s->s3->tmp.pmslen = 0; + return 0; + } + +--- crypto/openssl/ssl/statem/statem_srvr.c.orig ++++ crypto/openssl/ssl/statem/statem_srvr.c +@@ -2178,6 +2178,7 @@ + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); + if (s->s3->alpn_selected == NULL) { ++ s->s3->alpn_selected_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; +@@ -2853,9 +2854,16 @@ + if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { + OPENSSL_free(s->pha_context); + s->pha_context_len = 32; +- if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL +- || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 +- || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { ++ if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { ++ s->pha_context_len = 0; ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 ++ || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, ++ s->pha_context_len)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); +@@ -2969,6 +2977,7 @@ + OPENSSL_cleanse(psk, psklen); + + if (s->s3->tmp.psk == NULL) { ++ s->s3->tmp.psklen = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); + return 0; +@@ -3508,6 +3517,7 @@ + #ifndef OPENSSL_NO_PSK + OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); + s->s3->tmp.psk = NULL; ++ s->s3->tmp.psklen = 0; + #endif + return MSG_PROCESS_ERROR; + } +@@ -4117,6 +4127,7 @@ + s->session->ext.alpn_selected = + OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + if (s->session->ext.alpn_selected == NULL) { ++ s->session->ext.alpn_selected_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); diff --git a/website/static/security/patches/SA-21:07/openssl-12.patch.asc b/website/static/security/patches/SA-21:07/openssl-12.patch.asc new file mode 100644 index 0000000000..a37ae98422 --- /dev/null +++ b/website/static/security/patches/SA-21:07/openssl-12.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmBdIjQACgkQ05eS9J6n +5cL5OQ//dm5Ga7kMttdTzTkHdEYYi7GhRae/Jhaxc1/lYu1shQcOO4PrasasOOmD +lLsLOP/ZJ5mNFzFz8aiVS5cci995MYhmgCesOStJpwoFhTjGq2Oek+TUGCjJ6vSt +W6qivOsffvMxhnpONFo1qmtDPsEgu0/BtpKkE9j9KohkptrlUoMNvE0p6e0lu02k +wZGZlQDSrNnbyTtFBYPw0q0hYMqcKTTAb/h8TSJvAdwSM3eFr2bGqiKWRu4EagV2 +fMch81jYSZUjy7/vkfm77sIl5tRgIzi3V53AAB6llZukA8ClRk4VQFR4Lng5dF3b +zh4M5GQSEDn3kx5iEEn/GduTO/ECa6fGyQNmaofXs7ObzBT7195wvk2YheuoXZgz +UuQ99cQU6zTqomGg13sf7YOxzrJAnqRyn5mhiQRhPGHsHd5yeKBdxBMhQnY8o73k +kvyYhZyYExW4GYmazuiVxPj24aA1h40XCK4cRhFh4VBgpjpAIxPyBIFOicuguNZM +ESzpTmdLKBV04n+tm0JA729qyFHXlAub9+Tsvcx8hXxiC9QytbLKmXdpiq26l+d/ +7aIcoEkzBR2b4dewP7a8UpibXRKBX0r6oNRBSUgGjctgw822Yr4XHfUruJ5nIOFj +vyZcsM3ircMyGeJ7Dmz3ljWAQMyrQZbRfC/usFahHYSRf1k8PJ4= +=m/x3 +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/SA-21:07/openssl-13.patch b/website/static/security/patches/SA-21:07/openssl-13.patch new file mode 100644 index 0000000000..07fdf17450 --- /dev/null +++ b/website/static/security/patches/SA-21:07/openssl-13.patch @@ -0,0 +1,651 @@ +--- crypto/openssl/CHANGES.orig ++++ crypto/openssl/CHANGES +@@ -7,6 +7,50 @@ + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + ++ Changes between 1.1.1j and 1.1.1k [25 Mar 2021] ++ ++ *) Fixed a problem with verifying a certificate chain when using the ++ X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks ++ of the certificates present in a certificate chain. It is not set by ++ default. ++ ++ Starting from OpenSSL version 1.1.1h a check to disallow certificates in ++ the chain that have explicitly encoded elliptic curve parameters was added ++ as an additional strict check. ++ ++ An error in the implementation of this check meant that the result of a ++ previous check to confirm that certificates in the chain are valid CA ++ certificates was overwritten. This effectively bypasses the check ++ that non-CA certificates must not be able to issue other certificates. ++ ++ If a "purpose" has been configured then there is a subsequent opportunity ++ for checks that the certificate is a valid CA. All of the named "purpose" ++ values implemented in libcrypto perform this check. Therefore, where ++ a purpose is set the certificate chain will still be rejected even when the ++ strict flag has been used. A purpose is set by default in libssl client and ++ server certificate verification routines, but it can be overridden or ++ removed by an application. ++ ++ In order to be affected, an application must explicitly set the ++ X509_V_FLAG_X509_STRICT verification flag and either not set a purpose ++ for the certificate verification or, in the case of TLS client or server ++ applications, override the default purpose. ++ (CVE-2021-3450) ++ [Tomáš Mráz] ++ ++ *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously ++ crafted renegotiation ClientHello message from a client. If a TLSv1.2 ++ renegotiation ClientHello omits the signature_algorithms extension (where ++ it was present in the initial ClientHello), but includes a ++ signature_algorithms_cert extension then a NULL pointer dereference will ++ result, leading to a crash and a denial of service attack. ++ ++ A server is only vulnerable if it has TLSv1.2 and renegotiation enabled ++ (which is the default configuration). OpenSSL TLS clients are not impacted ++ by this issue. ++ (CVE-2021-3449) ++ [Peter Kästle and Samuel Sapalski] ++ + Changes between 1.1.1i and 1.1.1j [16 Feb 2021] + + *) Fixed the X509_issuer_and_serial_hash() function. It attempts to +--- crypto/openssl/NEWS.orig ++++ crypto/openssl/NEWS +@@ -5,6 +5,14 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] ++ ++ o Fixed a problem with verifying a certificate chain when using the ++ X509_V_FLAG_X509_STRICT flag (CVE-2021-3450) ++ o Fixed an issue where an OpenSSL TLS server may crash if sent a ++ maliciously crafted renegotiation ClientHello message from a client ++ (CVE-2021-3449) ++ + Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] + + o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() +--- crypto/openssl/README.orig ++++ crypto/openssl/README +@@ -1,7 +1,7 @@ + +- OpenSSL 1.1.1j 16 Feb 2021 ++ OpenSSL 1.1.1k 25 Mar 2021 + +- Copyright (c) 1998-2020 The OpenSSL Project ++ Copyright (c) 1998-2021 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson + All rights reserved. + +--- crypto/openssl/apps/s_cb.c.orig ++++ crypto/openssl/apps/s_cb.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -934,7 +934,8 @@ + if (!SSL_build_cert_chain(ssl, 0)) + return 0; + } else if (exc->chain != NULL) { +- SSL_set1_chain(ssl, exc->chain); ++ if (!SSL_set1_chain(ssl, exc->chain)) ++ return 0; + } + } + exc = exc->prev; +--- crypto/openssl/apps/s_time.c.orig ++++ crypto/openssl/apps/s_time.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -263,7 +263,8 @@ + nConn, totalTime, ((double)nConn / totalTime), bytes_read); + printf + ("%d connections in %ld real seconds, %ld bytes read per connection\n", +- nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); ++ nConn, (long)time(NULL) - finishtime + maxtime, ++ nConn > 0 ? bytes_read / nConn : 0l); + + /* + * Now loop and time connections using the same session id over and over +--- crypto/openssl/crypto/asn1/asn1_par.c.orig ++++ crypto/openssl/crypto/asn1/asn1_par.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -325,6 +325,7 @@ + } + if (BIO_puts(bp, "]") <= 0) + goto end; ++ dump_cont = 0; + } + + if (!nl) { +--- crypto/openssl/crypto/asn1/bio_ndef.c.orig ++++ crypto/openssl/crypto/asn1/bio_ndef.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -113,6 +113,8 @@ + ndef_aux = *(NDEF_SUPPORT **)parg; + + derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); ++ if (derlen < 0) ++ return 0; + if ((p = OPENSSL_malloc(derlen)) == NULL) { + ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); + return 0; +--- crypto/openssl/crypto/engine/eng_devcrypto.c.orig ++++ crypto/openssl/crypto/engine/eng_devcrypto.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -758,8 +758,9 @@ + void engine_load_devcrypto_int() + { + ENGINE *e = NULL; ++ int fd; + +- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { ++ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { + #ifndef ENGINE_DEVCRYPTO_DEBUG + if (errno != ENOENT) + #endif +@@ -767,6 +768,18 @@ + return; + } + ++#ifdef CRIOGET ++ if (ioctl(fd, CRIOGET, &cfd) < 0) { ++ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); ++ close(fd); ++ cfd = -1; ++ return; ++ } ++ close(fd); ++#else ++ cfd = fd; ++#endif ++ + if ((e = ENGINE_new()) == NULL + || !ENGINE_set_destroy_function(e, devcrypto_unload)) { + ENGINE_free(e); +--- crypto/openssl/crypto/evp/evp_enc.c.orig ++++ crypto/openssl/crypto/evp/evp_enc.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +--- crypto/openssl/crypto/modes/cbc128.c.orig ++++ crypto/openssl/crypto/modes/cbc128.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -69,7 +69,8 @@ + in += 16; + out += 16; + } +- memcpy(ivec, iv, 16); ++ if (ivec != iv) ++ memcpy(ivec, iv, 16); + } + + void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, +@@ -114,7 +115,8 @@ + out += 16; + } + } +- memcpy(ivec, iv, 16); ++ if (ivec != iv) ++ memcpy(ivec, iv, 16); + } else { + if (STRICT_ALIGNMENT && + ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { +--- crypto/openssl/crypto/modes/gcm128.c.orig ++++ crypto/openssl/crypto/modes/gcm128.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -1385,8 +1385,8 @@ + else + ctx->Yi.d[3] = ctr; + for (i = 0; i < 16 / sizeof(size_t); ++i) { +- size_t c = in[i]; +- out[i] = c ^ ctx->EKi.t[i]; ++ size_t c = in_t[i]; ++ out_t[i] = c ^ ctx->EKi.t[i]; + ctx->Xi.t[i] ^= c; + } + GCM_MUL(ctx); +--- crypto/openssl/crypto/o_time.c.orig ++++ crypto/openssl/crypto/o_time.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -133,8 +133,8 @@ + static int julian_adj(const struct tm *tm, int off_day, long offset_sec, + long *pday, int *psec) + { +- int offset_hms, offset_day; +- long time_jd; ++ int offset_hms; ++ long offset_day, time_jd; + int time_year, time_month, time_day; + /* split offset into days and day seconds */ + offset_day = offset_sec / SECS_PER_DAY; +--- crypto/openssl/crypto/rand/rand_lib.c.orig ++++ crypto/openssl/crypto/rand/rand_lib.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -432,9 +432,13 @@ + RAND_POOL *rand_pool_new(int entropy_requested, int secure, + size_t min_len, size_t max_len) + { +- RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); ++ RAND_POOL *pool; + size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); + ++ if (!RUN_ONCE(&rand_init, do_rand_init)) ++ return NULL; ++ ++ pool = OPENSSL_zalloc(sizeof(*pool)); + if (pool == NULL) { + RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); + return NULL; +--- crypto/openssl/crypto/rsa/rsa_ssl.c.orig ++++ crypto/openssl/crypto/rsa/rsa_ssl.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +--- crypto/openssl/crypto/x509/x509_vfy.c.orig ++++ crypto/openssl/crypto/x509/x509_vfy.c +@@ -524,15 +524,19 @@ + ret = 1; + break; + } +- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { ++ if (ret > 0 ++ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + /* Check for presence of explicit elliptic curve parameters */ + ret = check_curve(x); +- if (ret < 0) ++ if (ret < 0) { + ctx->error = X509_V_ERR_UNSPECIFIED; +- else if (ret == 0) ++ ret = 0; ++ } else if (ret == 0) { + ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; ++ } + } +- if ((x->ex_flags & EXFLAG_CA) == 0 ++ if (ret > 0 ++ && (x->ex_flags & EXFLAG_CA) == 0 + && x->ex_pathlen != -1 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; +--- crypto/openssl/include/openssl/opensslv.h.orig ++++ crypto/openssl/include/openssl/opensslv.h +@@ -1,5 +1,5 @@ + /* +- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -39,8 +39,8 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x101010afL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j-freebsd 16 Feb 2021" ++# define OPENSSL_VERSION_NUMBER 0x101010bfL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 25 Mar 2021" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +--- crypto/openssl/ssl/s3_lib.c.orig ++++ crypto/openssl/ssl/s3_lib.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * +@@ -4629,6 +4629,7 @@ + + OPENSSL_clear_free(s->s3->tmp.psk, psklen); + s->s3->tmp.psk = NULL; ++ s->s3->tmp.psklen = 0; + if (!s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key, pskpms, pskpmslen, + &s->session->master_key_length)) { +@@ -4658,8 +4659,10 @@ + else + OPENSSL_cleanse(pms, pmslen); + } +- if (s->server == 0) ++ if (s->server == 0) { + s->s3->tmp.pms = NULL; ++ s->s3->tmp.pmslen = 0; ++ } + return ret; + } + +--- crypto/openssl/ssl/ssl_lib.c.orig ++++ crypto/openssl/ssl/ssl_lib.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. + * +@@ -781,8 +781,10 @@ + s->ext.ecpointformats = + OPENSSL_memdup(ctx->ext.ecpointformats, + ctx->ext.ecpointformats_len); +- if (!s->ext.ecpointformats) ++ if (!s->ext.ecpointformats) { ++ s->ext.ecpointformats_len = 0; + goto err; ++ } + s->ext.ecpointformats_len = + ctx->ext.ecpointformats_len; + } +@@ -791,8 +793,10 @@ + OPENSSL_memdup(ctx->ext.supportedgroups, + ctx->ext.supportedgroups_len + * sizeof(*ctx->ext.supportedgroups)); +- if (!s->ext.supportedgroups) ++ if (!s->ext.supportedgroups) { ++ s->ext.supportedgroups_len = 0; + goto err; ++ } + s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; + } + #endif +@@ -802,8 +806,10 @@ + + if (s->ctx->ext.alpn) { + s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); +- if (s->ext.alpn == NULL) ++ if (s->ext.alpn == NULL) { ++ s->ext.alpn_len = 0; + goto err; ++ } + memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); + s->ext.alpn_len = s->ctx->ext.alpn_len; + } +@@ -2923,6 +2929,7 @@ + OPENSSL_free(ctx->ext.alpn); + ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ctx->ext.alpn == NULL) { ++ ctx->ext.alpn_len = 0; + SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); + return 1; + } +@@ -2942,6 +2949,7 @@ + OPENSSL_free(ssl->ext.alpn); + ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); + if (ssl->ext.alpn == NULL) { ++ ssl->ext.alpn_len = 0; + SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); + return 1; + } +--- crypto/openssl/ssl/statem/extensions.c.orig ++++ crypto/openssl/ssl/statem/extensions.c +@@ -336,6 +336,8 @@ + tls_construct_stoc_key_share, tls_construct_ctos_key_share, + final_key_share + }, ++#else ++ INVALID_EXTENSION, + #endif + { + /* Must be after key_share */ +@@ -1137,6 +1139,7 @@ + /* Clear any signature algorithms extension received */ + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = NULL; ++ s->s3->tmp.peer_sigalgslen = 0; + + return 1; *** 214 LINES SKIPPED ***help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103252356.12PNuMN0016007>