diff options
author | Torne (Richard Coles) <torne@google.com> | 2014-06-05 17:41:09 +0100 |
---|---|---|
committer | Bill Yi <byi@google.com> | 2014-06-17 14:19:55 -0700 |
commit | e2f305e33738dce97dd563d748ac8d8897828e05 (patch) | |
tree | 17c55b853d6d1aaab54314db057a403b5adae0f1 | |
parent | 8c5a5256a96176d9184de2c40b86b01dacdee4a8 (diff) | |
download | openssl-kitkat-mr2.2-release.tar.gz |
Cherrypick "OpenSSL: add CVE fixes from 1.0.1h"android-4.4.4_r2.0.1android-4.4.4_r2android-4.4.4_r1.0.1android-4.4.4_r1kitkat-mr2.2-releasekitkat-mr2.1-release
> This change includes the following commits from upstream:
> 8011cd56e39a433b1837465259a9bd24a38727fb
> d3152655d5319ce883c8e3ac4b99f8de4c59d846
> 006cd7083f76ed5cb0d9a914857e9231ef1bc317
> bc8923b1ec9c467755cd86f7848c50ee8812e441
> 1632ef744872edc2aa2a53d487d3e79c965a4ad3
>
> These address the following CVEs:
> CVE-2014-3470
> CVE-2014-0221
> CVE-2014-0224
> CVE-2014-0195
>
> BUG=381169
Bug: 15443154
Change-Id: I9c0204c643de1f9ba2b897b92482937fe4fdbb92
-rw-r--r-- | openssl/include/openssl/ssl3.h | 1 | ||||
-rw-r--r-- | openssl/ssl/d1_both.c | 13 | ||||
-rw-r--r-- | openssl/ssl/s3_clnt.c | 9 | ||||
-rw-r--r-- | openssl/ssl/s3_pkt.c | 11 | ||||
-rw-r--r-- | openssl/ssl/s3_srvr.c | 3 | ||||
-rw-r--r-- | openssl/ssl/ssl3.h | 1 |
6 files changed, 35 insertions, 3 deletions
diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h index 899c8a8..e99bbc2 100644 --- a/openssl/include/openssl/ssl3.h +++ b/openssl/include/openssl/ssl3.h @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c index de8bab8..9a250fd 100644 --- a/openssl/ssl/d1_both.c +++ b/openssl/ssl/d1_both.c @@ -620,7 +620,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -777,6 +786,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -835,8 +845,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 85ffd67..8b4acec 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -607,6 +607,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -988,6 +989,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2589,6 +2591,13 @@ int ssl3_send_client_key_exchange(SSL *s) int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c index 9f117d1..98d448d 100644 --- a/openssl/ssl/s3_pkt.c +++ b/openssl/ssl/s3_pkt.c @@ -1302,6 +1302,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1436,7 +1445,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c index 5c3343a..94e9b6f 100644 --- a/openssl/ssl/s3_srvr.c +++ b/openssl/ssl/s3_srvr.c @@ -669,6 +669,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -686,6 +687,7 @@ int ssl3_accept(SSL *s) # endif channel_id = s->s3->tlsext_channel_id_valid; #endif + s->s3->flags |= SSL3_FLAGS_CCS_OK; if (next_proto_neg) s->state=SSL3_ST_SR_NEXT_PROTO_A; @@ -721,6 +723,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h index 899c8a8..e99bbc2 100644 --- a/openssl/ssl/ssl3.h +++ b/openssl/ssl/ssl3.h @@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we * restart a handshake because of MS SGC and so prevents us |