src - FreeBSD source tree

diff options


context:
space:
mode:

author	Gordon Tetlow <gordon@FreeBSD.org>	2021-03-25 23:42:19 +0000
committer	Gordon Tetlow <gordon@FreeBSD.org>	2021-03-25 23:42:19 +0000
commit	af61348d61f51a88b438d41c3c91b56b2b65ed9b (patch)
tree	0c5bd237f6973f10d187e6a39f9ec741e8672a9e
parent	142f0d36d90979a983e1bb0b69d1d859338b4d90 (diff)
download	src-af61348d61f51a88b438d41c3c91b56b2b65ed9b.tar.gz src-af61348d61f51a88b438d41c3c91b56b2b65ed9b.zip

Fix multiple OpenSSL vulnerabilities. Add UPDATING and bump version.

Approved by: so Security: FreeBSD-SA-21:07.openssl Security: CVE-2021-3449 Security: CVE-2021-3450

Diffstat

-rw-r--r--

UPDATING

-rw-r--r--

crypto/openssl/crypto/x509/x509_vfy.c

-rw-r--r--

crypto/openssl/ssl/s3_lib.c

-rw-r--r--

crypto/openssl/ssl/ssl_lib.c

-rw-r--r--

crypto/openssl/ssl/statem/extensions.c

-rw-r--r--

crypto/openssl/ssl/statem/extensions_clnt.c

-rw-r--r--

crypto/openssl/ssl/statem/statem_clnt.c

-rw-r--r--

crypto/openssl/ssl/statem/statem_srvr.c

-rw-r--r--

sys/conf/newvers.sh

9 files changed, 62 insertions, 15 deletions

diff --git a/UPDATING b/UPDATING
index b33065306a1e..dcb82fbcf4a6 100644
--- a/UPDATING
+++ b/UPDATING

@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG and WITH_GCC to bootstrap to

the tip of head, and then rebuild without this option. The bootstrap process

from older version of current across the gcc/clang cutover is a bit fragile.

+20210325: p5 FreeBSD-SA-21:07.openssl

+ Fix multiple OpenSSL issues [SA-21:07.openssl]

20210223: p4 FreeBSD-SA-21:03.pam_login_access

FreeBSD-SA-21:04.jail_remove

FreeBSD-SA-21:05.jail_chdir

diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 801055f5a087..4d1f37a8212e 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c

@@ -526,15 +526,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)

ret = 1;

break;

}

- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {

+ if (ret > 0

+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {

/* Check for presence of explicit elliptic curve parameters */

ret = check_curve(x);

- if (ret < 0)

+ if (ret < 0) {

ctx->error = X509_V_ERR_UNSPECIFIED;

- else if (ret == 0)

+ ret = 0;

+ } else if (ret == 0) {

ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;

+ }

}

- if ((x->ex_flags & EXFLAG_CA) == 0

+ if (ret > 0

+ && (x->ex_flags & EXFLAG_CA) == 0

&& x->ex_pathlen != -1

&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {

ctx->error = X509_V_ERR_INVALID_EXTENSION;

diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index a987604bcd0e..d97b4310c607 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c

@@ -4638,6 +4638,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

OPENSSL_clear_free(s->s3->tmp.psk, psklen);

s->s3->tmp.psk = NULL;

+ s->s3->tmp.psklen = 0;

if (!s->method->ssl3_enc->generate_master_secret(s,

s->session->master_key, pskpms, pskpmslen,

&s->session->master_key_length)) {

@@ -4667,8 +4668,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

else

OPENSSL_cleanse(pms, pmslen);

}

- if (s->server == 0)

+ if (s->server == 0) {

s->s3->tmp.pms = NULL;

+ s->s3->tmp.pmslen = 0;

+ }

return ret;

}

diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index b1df374817c7..05f8d4dda6ce 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c

@@ -779,8 +779,10 @@ SSL *SSL_new(SSL_CTX *ctx)

s->ext.ecpointformats =

OPENSSL_memdup(ctx->ext.ecpointformats,

ctx->ext.ecpointformats_len);

- if (!s->ext.ecpointformats)

+ if (!s->ext.ecpointformats) {

+ s->ext.ecpointformats_len = 0;

goto err;

+ }

s->ext.ecpointformats_len =

ctx->ext.ecpointformats_len;

}

@@ -789,8 +791,10 @@ SSL *SSL_new(SSL_CTX *ctx)

OPENSSL_memdup(ctx->ext.supportedgroups,

ctx->ext.supportedgroups_len

* sizeof(*ctx->ext.supportedgroups));

- if (!s->ext.supportedgroups)

+ if (!s->ext.supportedgroups) {

+ s->ext.supportedgroups_len = 0;

goto err;

+ }

s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;

}

#endif

@@ -800,8 +804,10 @@ SSL *SSL_new(SSL_CTX *ctx)

if (s->ctx->ext.alpn) {

s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);

- if (s->ext.alpn == NULL)

+ if (s->ext.alpn == NULL) {

+ s->ext.alpn_len = 0;

goto err;

+ }

memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);

s->ext.alpn_len = s->ctx->ext.alpn_len;

}

@@ -2834,6 +2840,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,

OPENSSL_free(ctx->ext.alpn);

ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);

if (ctx->ext.alpn == NULL) {

+ ctx->ext.alpn_len = 0;

SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);

return 1;

}

@@ -2853,6 +2860,7 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,

OPENSSL_free(ssl->ext.alpn);

ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);

if (ssl->ext.alpn == NULL) {

+ ssl->ext.alpn_len = 0;

SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);

return 1;

}

diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c
index c785ab785d38..3f3062fe86c0 100644
--- a/crypto/openssl/ssl/statem/extensions.c
+++ b/crypto/openssl/ssl/statem/extensions.c

@@ -1136,6 +1136,7 @@ static int init_sig_algs(SSL *s, unsigned int context)

/* Clear any signature algorithms extension received */

OPENSSL_free(s->s3->tmp.peer_sigalgs);

s->s3->tmp.peer_sigalgs = NULL;

+ s->s3->tmp.peer_sigalgslen = 0;

return 1;

}

@@ -1145,6 +1146,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context)

/* Clear any signature algorithms extension received */

OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);

s->s3->tmp.peer_cert_sigalgs = NULL;

+ s->s3->tmp.peer_cert_sigalgslen = 0;

return 1;

}

diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c
index bcce0f1d9534..00a902ac79e9 100644
--- a/crypto/openssl/ssl/statem/extensions_clnt.c
+++ b/crypto/openssl/ssl/statem/extensions_clnt.c

@@ -816,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,

OPENSSL_free(s->psksession_id);

s->psksession_id = OPENSSL_memdup(id, idlen);

if (s->psksession_id == NULL) {

+ s->psksession_id_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);

return EXT_RETURN_FAIL;

@@ -1375,6 +1376,7 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,

OPENSSL_free(s->ext.peer_ecpointformats);

s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);

if (s->ext.peer_ecpointformats == NULL) {

+ s->ext.peer_ecpointformats_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);

return 0;

@@ -1492,8 +1494,13 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

s->ext.scts_len = (uint16_t)size;

if (size > 0) {

s->ext.scts = OPENSSL_malloc(size);

- if (s->ext.scts == NULL

- || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {

+ if (s->ext.scts == NULL) {

+ s->ext.scts_len = 0;

+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,

+ ERR_R_MALLOC_FAILURE);

+ return 0;

+ }

+ if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,

ERR_R_INTERNAL_ERROR);

return 0;

@@ -1592,6 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

OPENSSL_free(s->ext.npn);

s->ext.npn = OPENSSL_malloc(selected_len);

if (s->ext.npn == NULL) {

+ s->ext.npn_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,

ERR_R_INTERNAL_ERROR);

return 0;

@@ -1632,6 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

OPENSSL_free(s->s3->alpn_selected);

s->s3->alpn_selected = OPENSSL_malloc(len);

if (s->s3->alpn_selected == NULL) {

+ s->s3->alpn_selected_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,

ERR_R_INTERNAL_ERROR);

return 0;

@@ -1663,6 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

s->session->ext.alpn_selected =

OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);

if (s->session->ext.alpn_selected == NULL) {

+ s->session->ext.alpn_selected_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,

ERR_R_INTERNAL_ERROR);

return 0;

diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c
index 64e392cfbfc7..0a61aa82b187 100644
--- a/crypto/openssl/ssl/statem/statem_clnt.c
+++ b/crypto/openssl/ssl/statem/statem_clnt.c

@@ -2461,6 +2461,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)

s->s3->tmp.ctype_len = 0;

OPENSSL_free(s->pha_context);

s->pha_context = NULL;

+ s->pha_context_len = 0;

if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||

!PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {

@@ -2770,16 +2771,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt)

}

s->ext.ocsp.resp = OPENSSL_malloc(resplen);

if (s->ext.ocsp.resp == NULL) {

+ s->ext.ocsp.resp_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,

ERR_R_MALLOC_FAILURE);

return 0;

}

+ s->ext.ocsp.resp_len = resplen;

if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {

SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,

SSL_R_LENGTH_MISMATCH);

return 0;

}

- s->ext.ocsp.resp_len = resplen;

return 1;

}

@@ -3349,9 +3351,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)

err:

OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);

s->s3->tmp.pms = NULL;

+ s->s3->tmp.pmslen = 0;

#ifndef OPENSSL_NO_PSK

OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);

s->s3->tmp.psk = NULL;

+ s->s3->tmp.psklen = 0;

#endif

return 0;

}

@@ -3426,6 +3430,7 @@ int tls_client_key_exchange_post_work(SSL *s)

err:

OPENSSL_clear_free(pms, pmslen);

s->s3->tmp.pms = NULL;

+ s->s3->tmp.pmslen = 0;

return 0;

}

diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c
index 14cb27e6db01..fb26c0ba8148 100644
--- a/crypto/openssl/ssl/statem/statem_srvr.c
+++ b/crypto/openssl/ssl/statem/statem_srvr.c

@@ -2178,6 +2178,7 @@ int tls_handle_alpn(SSL *s)

OPENSSL_free(s->s3->alpn_selected);

s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);

if (s->s3->alpn_selected == NULL) {

+ s->s3->alpn_selected_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,

ERR_R_INTERNAL_ERROR);

return 0;

@@ -2853,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)

if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {

OPENSSL_free(s->pha_context);

s->pha_context_len = 32;

- if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL

- || RAND_bytes(s->pha_context, s->pha_context_len) <= 0

- || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {

+ if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {

+ s->pha_context_len = 0;

+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,

+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

+ ERR_R_INTERNAL_ERROR);

+ return 0;

+ }

+ if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0

+ || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,

+ s->pha_context_len)) {

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,

ERR_R_INTERNAL_ERROR);

@@ -2969,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)

OPENSSL_cleanse(psk, psklen);

if (s->s3->tmp.psk == NULL) {

+ s->s3->tmp.psklen = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);

return 0;

@@ -3508,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)

#ifndef OPENSSL_NO_PSK

OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);

s->s3->tmp.psk = NULL;

+ s->s3->tmp.psklen = 0;

#endif

return MSG_PROCESS_ERROR;

}

@@ -4117,6 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)

s->session->ext.alpn_selected =

OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);

if (s->session->ext.alpn_selected == NULL) {

+ s->session->ext.alpn_selected_len = 0;

SSLfatal(s, SSL_AD_INTERNAL_ERROR,

SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,

ERR_R_MALLOC_FAILURE);

diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index dfcb11bb7d5d..68ee29d30168 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh

@@ -49,7 +49,7 @@

TYPE="FreeBSD"

REVISION="12.2"

-BRANCH="RELEASE-p4"

+BRANCH="RELEASE-p5"

if [ -n "${BRANCH_OVERRIDE}" ]; then

BRANCH=${BRANCH_OVERRIDE}