Hello community,
here is the log from the commit of package openssl-1_1 for openSUSE:Leap:15.2
checked in at 2020-05-04 08:22:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/openssl-1_1 (Old)
and /work/SRC/openSUSE:Leap:15.2/.openssl-1_1.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1"
Mon May 4 08:22:19 2020 rev:35 rq:797524 version:1.1.1d
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/openssl-1_1/openssl-1_1.changes
2020-03-24 19:05:16.821440358 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.openssl-1_1.new.2738/openssl-1_1.changes
2020-05-04 08:22:19.884322595 +0200
@@ -1,0 +2,14 @@
+Mon Apr 20 14:48:22 UTC 2020 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Security fix: [bsc#1169407, CVE-2020-1967]
+ * Segmentation fault in SSL_check_chain: Server applications that
+ call the SSL_check_chain() function during or after a TLS handshake
+ may crash due to a NULL pointer dereference as a result of incorrect
+ handling of the signature_algorithms_cert TLS extension.
+- Add patches:
+ * openssl-CVE-2020-1967.patch
+ * openssl-CVE-2020-1967-test1.patch
+ * openssl-CVE-2020-1967-test2.patch
+ * openssl-CVE-2020-1967-test3.patch
+
+-------------------------------------------------------------------
New:
----
openssl-CVE-2020-1967-test1.patch
openssl-CVE-2020-1967-test2.patch
openssl-CVE-2020-1967-test3.patch
openssl-CVE-2020-1967.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-1_1.spec ++++++
--- /var/tmp/diff_new_pack.UvjxHO/_old 2020-05-04 08:22:21.100325201 +0200
+++ /var/tmp/diff_new_pack.UvjxHO/_new 2020-05-04 08:22:21.100325201 +0200
@@ -89,6 +89,11 @@
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2
(crypto)
Patch50:
openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
Patch51:
openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
+# PATCH-FIX-UPSTREAM bsc#1169407 CVE-2020-1967 Segmentation fault in
SSL_check_chain
+Patch52: openssl-CVE-2020-1967.patch
+Patch53: openssl-CVE-2020-1967-test1.patch
+Patch54: openssl-CVE-2020-1967-test2.patch
+Patch55: openssl-CVE-2020-1967-test3.patch
BuildRequires: pkgconfig
Conflicts: ssl
Provides: ssl
++++++ openssl-CVE-2020-1967-test1.patch ++++++
@@ -, +, @@
---
test/recipes/70-test_sslsigalgs.t | 66 +++++++++++++++++++++++++++++++++++++--
1 file changed, 64 insertions(+), 2 deletions(-)
Index: openssl-1.1.1d/test/recipes/70-test_sslsigalgs.t
===================================================================
--- openssl-1.1.1d.orig/test/recipes/70-test_sslsigalgs.t
+++ openssl-1.1.1d/test/recipes/70-test_sslsigalgs.t
@@ -44,7 +44,9 @@ use constant {
COMPAT_SIGALGS => 6,
SIGALGS_CERT_ALL => 7,
SIGALGS_CERT_PKCS => 8,
- SIGALGS_CERT_INVALID => 9
+ SIGALGS_CERT_INVALID => 9,
+ UNRECOGNIZED_SIGALGS_CERT => 4,
+ UNRECOGNIZED_SIGALG => 5
};
#Note: Throughout this test we override the default ciphersuites where TLSv1.2
@@ -53,7 +55,7 @@ use constant {
#Test 1: Default sig algs should succeed
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 22;
+plan tests => 24;
ok(TLSProxy::Message->success, "Default sigalgs");
my $testtype;
@@ -261,6 +263,39 @@ SKIP: {
ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
}
+SKIP: {
+ skip "TLS 1.3 disabled", 2 if disabled("tls1_3");
+ #Test 25: Send an unrecognized signature_algorithms_cert
+ # We should be able to skip over the unrecognized value and use a
+ # valid one that appears later in the list.
+ $proxy->clear();
+ $proxy->filter(\&inject_unrecognized_sigalg);
+ $proxy->clientflags("-tls1_3");
+ # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is
+ # needed to trigger (e.g.) CVE-2020-1967
+ $proxy->serverflags("" .
+ " -xcert " . srctop_file("test", "certs", "servercert.pem") .
+ " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
+ " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
+ $testtype = UNRECOGNIZED_SIGALGS_CERT;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in
ClientHello");
+
+ #Test 26: Send an unrecognized signature_algorithms
+ # We should be able to skip over the unrecognized value and use a
+ # valid one that appears later in the list.
+ $proxy->clear();
+ $proxy->filter(\&inject_unrecognized_sigalg);
+ $proxy->clientflags("-tls1_3");
+ $proxy->serverflags("" .
+ " -xcert " . srctop_file("test", "certs", "servercert.pem") .
+ " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
+ " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
+ $testtype = UNRECOGNIZED_SIGALG;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello");
+}
+
sub sigalgs_filter
@@ -406,3 +441,30 @@ sub modify_cert_verify_sigalg
}
}
}
+
+sub inject_unrecognized_sigalg
+{
+ my $proxy = shift;
+ my $type;
+
+ # We're only interested in the initial ClientHello
+ if ($proxy->flight != 0) {
+ return;
+ }
+ if ($testtype == UNRECOGNIZED_SIGALGS_CERT) {
+ $type = TLSProxy::Message::EXT_SIG_ALGS_CERT;
+ } elsif ($testtype == UNRECOGNIZED_SIGALG) {
+ $type = TLSProxy::Message::EXT_SIG_ALGS;
+ } else {
+ return;
+ }
+
+ my $ext = pack "C8",
+ 0x00, 0x06, #Extension length
+ 0x18, 0x18, #unallocated
+ 0x04, 0x01, #rsa_pkcs1_sha256
+ 0x08, 0x04; #rsa_pss_rsae_sha256;
+ my $message = ${$proxy->message_list}[0];
+ $message->set_extension($type, $ext);
+ $message->repack;
+}
++++++ openssl-CVE-2020-1967-test2.patch ++++++
@@ -, +, @@
---
test/recipes/70-test_sslsigalgs.t | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/test/recipes/70-test_sslsigalgs.t
+++ a/test/recipes/70-test_sslsigalgs.t
@@ -45,8 +45,8 @@ use constant {
SIGALGS_CERT_ALL => 7,
SIGALGS_CERT_PKCS => 8,
SIGALGS_CERT_INVALID => 9,
- UNRECOGNIZED_SIGALGS_CERT => 4,
- UNRECOGNIZED_SIGALG => 5
+ UNRECOGNIZED_SIGALGS_CERT => 10,
+ UNRECOGNIZED_SIGALG => 11
};
#Note: Throughout this test we override the default ciphersuites where TLSv1.2
--
++++++ openssl-CVE-2020-1967-test3.patch ++++++
@@ -, +, @@
---
test/recipes/70-test_sslsigalgs.t | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/test/recipes/70-test_sslsigalgs.t
+++ a/test/recipes/70-test_sslsigalgs.t
@@ -482,7 +482,7 @@ sub inject_unrecognized_sigalg
my $ext = pack "C8",
0x00, 0x06, #Extension length
- 0x18, 0x18, #unallocated
+ 0xfe, 0x18, #private use
0x04, 0x01, #rsa_pkcs1_sha256
0x08, 0x04; #rsa_pss_rsae_sha256;
my $message = ${$proxy->message_list}[0];
--
++++++ openssl-CVE-2020-1967.patch ++++++
>From fda4b40dacd47859c0760b62572af761e8e5ed74 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <ka...@mit.edu>
Date: Fri, 10 Apr 2020 12:27:28 -0700
Subject: [PATCH 2/4] Fix NULL dereference in SSL_check_chain() for TLS 1.3
In the tls1_check_sig_alg() helper function, we loop through the list of
"signature_algorithms_cert" values received from the client and attempt
to look up each one in turn in our internal table that maps wire
codepoint to string-form name, digest and/or signature NID, etc., in
order to compare the signature scheme from the peer's list against what
is used to sign the certificates in the certificate chain we're
checking. Unfortunately, when the peer sends a value that we don't
support, the lookup returns NULL, but we unconditionally dereference the
lookup result for the comparison, leading to an application crash
triggerable by an unauthenticated client.
Since we will not be able to say anything about algorithms we don't
recognize, treat NULL return from lookup as "does not match".
We currently only apply the "signature_algorithm_cert" checks on TLS 1.3
connections, so previous TLS versions are unaffected. SSL_check_chain()
is not called directly from libssl, but may be used by the application
inside a callback (e.g., client_hello or cert callback) to verify that a
candidate certificate chain will be acceptable to the client.
CVE-2020-1967
---
ssl/t1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a254fd5a05..76b4baa388 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int
default_nid)
sigalg = use_pc_sigalgs
? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
: s->shared_sigalgs[i];
- if (sig_nid == sigalg->sigandhash)
+ if (sigalg != NULL && sig_nid == sigalg->sigandhash)
return 1;
}
return 0;
--
2.16.4
