git: 98ec8b7512 - main - Add FreeBSD-SA-21:07.openssl.
Gordon Tetlow
gordon at FreeBSD.org
Thu Mar 25 23:56:22 UTC 2021
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=98ec8b7512c644be2229f079208e6698bdb09af6
commit 98ec8b7512c644be2229f079208e6698bdb09af6
Author: Gordon Tetlow <gordon at FreeBSD.org>
AuthorDate: 2021-03-25 23:55:47 +0000
Commit: Gordon Tetlow <gordon at FreeBSD.org>
CommitDate: 2021-03-25 23:56:03 +0000
Add FreeBSD-SA-21:07.openssl.
Approved by: so
---
website/data/security/advisories.toml | 4 +
.../advisories/FreeBSD-SA-21:07.openssl.asc | 170 ++++++
.../security/patches/SA-21:07/openssl-12.patch | 281 +++++++++
.../security/patches/SA-21:07/openssl-12.patch.asc | 16 +
.../security/patches/SA-21:07/openssl-13.patch | 651 +++++++++++++++++++++
.../security/patches/SA-21:07/openssl-13.patch.asc | 16 +
6 files changed, 1138 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 10229d9ce6..08e22e3be7 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,10 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-21:07.openssl"
+date = "2021-03-25"
+
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
diff --git a/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc b/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc
new file mode 100644
index 0000000000..af47414066
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:07.openssl.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:07.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: Multiple vulnerabilities in OpenSSL
+
+Category: contrib
+Module: openssl
+Announced: 2021-03-25
+Affects: FreeBSD 12.2 and later
+Corrected: 2021-03-25 15:45:19 UTC (stable/13, 13.0-STABLE)
+ 2021-03-25 16:25:06 UTC (releng/13.0, 13.0-RC3-p1)
+ 2021-03-25 17:14:46 UTC (stable/12, 12.2-STABLE)
+ 2021-03-25 23:45:45 UTC (releng/12.2, 12.2-RELEASE-p5)
+CVE Name: CVE-2021-3449, CVE-2021-3450
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
+collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
+also a general-purpose cryptography library.
+
+II. Problem Description
+
+This advisory covers two distinct OpenSSL issues:
+
+The X509_V_FLAG_X509_STRICT flag enables additional security checks of the
+certificates present in a certificate chain. It is not set by default.
+Starting from OpenSSL version 1.1.1h a check to disallow certificates in the
+chain that have explicitly encoded elliptic curve parameters was added as an
+additional strict check. An error in the implementation of this check meant
+that the result of a previous check to confirm that certificates in the chain
+are valid CA certificates was overwritten. This effectively bypasses the
+check that non-CA certificates must not be able to issue other certificates.
+[CVE-2021-3450]
+
+A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits
+the signature_algorithms extension (where it was present in the initial
+ClientHello), but includes a signature_algorithms_cert extension results in a
+NULL pointer dereference in the server. [CVE-2021-3449]
+
+III. Impact
+
+The X509_V_FLAG_X509_STRICT issue can result in a bypass of the check that
+non-CA certificates must not be able to issue other certificates.
+
+The renegotiation issue can result in a crash and a denial of service attack.
+
+IV. Workaround
+
+For the X509_V_FLAG_X509_STRICT issue, no workaround is available, but
+software that doesn't explicitly set the X509_V_FLAG_X509_STRICT flag is
+unaffected.
+
+For the renegotiation issue, either turning off TLSv1.2 (as TLSv1.3 is
+unaffected) or turning off renegotiation on the TLS server mitigates the
+issue.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# <restart any daemons that use the library>
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.x]
+# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-13.patch.asc
+# gpg --verify openssl-13.patch.asc
+
+[FreeBSD 12.x]
+# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:07/openssl-12.patch.asc
+# gpg --verify openssl-12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/13/ b6c1fdcdf5033d20c61cc77d66f58f31cc65e2ba
+releng/13.0/ 7d3f5a19f455e0e3fb17ac3f9af288e8c7fffc15
+stable/12/ r369521
+releng/12.2/ r369523
+- -------------------------------------------------------------------------
+
+[FreeBSD 13.x]
+To see which files were modified by a particular revision, run the following
+command in a checked out git repository, replacing NNNNNN with the revision
+hash:
+
+# git show --stat NNNNNN
+
+Or visit the following URL, replace NNNNNN with the revision hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+[FreeBSD 12.x]
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.openssl.org/news/secadv/20210325.txt>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449>
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmBdIi4ACgkQ05eS9J6n
+5cJ3lRAAgeIfMDB04FRSVkOr4/GL5hAHwUmTfxJU2oPFJMELYD3NbVJR51fsXuuV
+bHf1X9xq9jlYLyoLNpG89g1/jVYBPikZl3BraIm8/Rxp3/PeYEbkJKoaVaqdV8Lg
+fQURad6z3cFSFTiZXuDaSvcXzuT5X/0U+UFncSsQJ2oF6YqWtAQzilTyti7mWxDR
+/j0pS10GDmiEbHI/XVt683rNPhlzvha+npzpLhY+PFUQ4gwUQJrJVwoYHbPYEV2M
+KngxHQ/P1u3jBnAtreEbfCEOfQYmhj7mNPMUl4KWRTvPsczTVohx4X96zi+rXgBw
+RqNntzhLsRYsKGP4xgRmuIQjNA+udctCjrz1vDioZkG8YOYBWK9ygr7OwEyRWYar
+65kykuQhKmqGqCx+r/rw7WzxwkJH+9fNKkQ+27mv7ibfqS8yD+CfELb+7aepuxGj
+r8o2wLk+hfWttCV2fN3GIPhYAoU3UlvNWIMvxJXP8KL9Hf5JCte2ePKzVFLoYsQK
+rdizxBhgngbWEISghZdmm2Qx4vG714z2bkmOjRn3muvZ5B2o9xP45Auj7nA3hZN1
+ET3jSWJHWutZds5wWlHfL7m4xr39D6BR/+6F1cmgmKr5O5YNSGWYEIqnh2G65KrM
+ULNSgrlOfDr4oodovCXeRxXOplINMFNU4b4OpgyIQNvGysyLle0=
+=+CMP
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:07/openssl-12.patch b/website/static/security/patches/SA-21:07/openssl-12.patch
new file mode 100644
index 0000000000..70ee0e6250
--- /dev/null
+++ b/website/static/security/patches/SA-21:07/openssl-12.patch
@@ -0,0 +1,281 @@
+--- crypto/openssl/crypto/x509/x509_vfy.c.orig
++++ crypto/openssl/crypto/x509/x509_vfy.c
+@@ -526,15 +526,19 @@
+ ret = 1;
+ break;
+ }
+- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
++ if (ret > 0
++ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+ /* Check for presence of explicit elliptic curve parameters */
+ ret = check_curve(x);
+- if (ret < 0)
++ if (ret < 0) {
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+- else if (ret == 0)
++ ret = 0;
++ } else if (ret == 0) {
+ ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
++ }
+ }
+- if ((x->ex_flags & EXFLAG_CA) == 0
++ if (ret > 0
++ && (x->ex_flags & EXFLAG_CA) == 0
+ && x->ex_pathlen != -1
+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
+--- crypto/openssl/ssl/s3_lib.c.orig
++++ crypto/openssl/ssl/s3_lib.c
+@@ -4638,6 +4638,7 @@
+
+ OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+ s->s3->tmp.psk = NULL;
++ s->s3->tmp.psklen = 0;
+ if (!s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key, pskpms, pskpmslen,
+ &s->session->master_key_length)) {
+@@ -4667,8 +4668,10 @@
+ else
+ OPENSSL_cleanse(pms, pmslen);
+ }
+- if (s->server == 0)
++ if (s->server == 0) {
+ s->s3->tmp.pms = NULL;
++ s->s3->tmp.pmslen = 0;
++ }
+ return ret;
+ }
+
+--- crypto/openssl/ssl/ssl_lib.c.orig
++++ crypto/openssl/ssl/ssl_lib.c
+@@ -779,8 +779,10 @@
+ s->ext.ecpointformats =
+ OPENSSL_memdup(ctx->ext.ecpointformats,
+ ctx->ext.ecpointformats_len);
+- if (!s->ext.ecpointformats)
++ if (!s->ext.ecpointformats) {
++ s->ext.ecpointformats_len = 0;
+ goto err;
++ }
+ s->ext.ecpointformats_len =
+ ctx->ext.ecpointformats_len;
+ }
+@@ -789,8 +791,10 @@
+ OPENSSL_memdup(ctx->ext.supportedgroups,
+ ctx->ext.supportedgroups_len
+ * sizeof(*ctx->ext.supportedgroups));
+- if (!s->ext.supportedgroups)
++ if (!s->ext.supportedgroups) {
++ s->ext.supportedgroups_len = 0;
+ goto err;
++ }
+ s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
+ }
+ #endif
+@@ -800,8 +804,10 @@
+
+ if (s->ctx->ext.alpn) {
+ s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+- if (s->ext.alpn == NULL)
++ if (s->ext.alpn == NULL) {
++ s->ext.alpn_len = 0;
+ goto err;
++ }
+ memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+ s->ext.alpn_len = s->ctx->ext.alpn_len;
+ }
+@@ -2834,6 +2840,7 @@
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ctx->ext.alpn == NULL) {
++ ctx->ext.alpn_len = 0;
+ SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+@@ -2853,6 +2860,7 @@
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ssl->ext.alpn == NULL) {
++ ssl->ext.alpn_len = 0;
+ SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+--- crypto/openssl/ssl/statem/extensions.c.orig
++++ crypto/openssl/ssl/statem/extensions.c
+@@ -1136,6 +1136,7 @@
+ /* Clear any signature algorithms extension received */
+ OPENSSL_free(s->s3->tmp.peer_sigalgs);
+ s->s3->tmp.peer_sigalgs = NULL;
++ s->s3->tmp.peer_sigalgslen = 0;
+
+ return 1;
+ }
+@@ -1145,6 +1146,7 @@
+ /* Clear any signature algorithms extension received */
+ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+ s->s3->tmp.peer_cert_sigalgs = NULL;
++ s->s3->tmp.peer_cert_sigalgslen = 0;
+
+ return 1;
+ }
+--- crypto/openssl/ssl/statem/extensions_clnt.c.orig
++++ crypto/openssl/ssl/statem/extensions_clnt.c
+@@ -816,6 +816,7 @@
+ OPENSSL_free(s->psksession_id);
+ s->psksession_id = OPENSSL_memdup(id, idlen);
+ if (s->psksession_id == NULL) {
++ s->psksession_id_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+@@ -1375,6 +1376,7 @@
+ OPENSSL_free(s->ext.peer_ecpointformats);
+ s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
+ if (s->ext.peer_ecpointformats == NULL) {
++ s->ext.peer_ecpointformats_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+ return 0;
+@@ -1492,8 +1494,13 @@
+ s->ext.scts_len = (uint16_t)size;
+ if (size > 0) {
+ s->ext.scts = OPENSSL_malloc(size);
+- if (s->ext.scts == NULL
+- || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
++ if (s->ext.scts == NULL) {
++ s->ext.scts_len = 0;
++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
++ ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++ if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+@@ -1592,6 +1599,7 @@
+ OPENSSL_free(s->ext.npn);
+ s->ext.npn = OPENSSL_malloc(selected_len);
+ if (s->ext.npn == NULL) {
++ s->ext.npn_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+@@ -1632,6 +1640,7 @@
+ OPENSSL_free(s->s3->alpn_selected);
+ s->s3->alpn_selected = OPENSSL_malloc(len);
+ if (s->s3->alpn_selected == NULL) {
++ s->s3->alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+@@ -1663,6 +1672,7 @@
+ s->session->ext.alpn_selected =
+ OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
++ s->session->ext.alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+--- crypto/openssl/ssl/statem/statem_clnt.c.orig
++++ crypto/openssl/ssl/statem/statem_clnt.c
+@@ -2461,6 +2461,7 @@
+ s->s3->tmp.ctype_len = 0;
+ OPENSSL_free(s->pha_context);
+ s->pha_context = NULL;
++ s->pha_context_len = 0;
+
+ if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
+ !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
+@@ -2770,16 +2771,17 @@
+ }
+ s->ext.ocsp.resp = OPENSSL_malloc(resplen);
+ if (s->ext.ocsp.resp == NULL) {
++ s->ext.ocsp.resp_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
++ s->ext.ocsp.resp_len = resplen;
+ if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+ SSL_R_LENGTH_MISMATCH);
+ return 0;
+ }
+- s->ext.ocsp.resp_len = resplen;
+
+ return 1;
+ }
+@@ -3349,9 +3351,11 @@
+ err:
+ OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+ s->s3->tmp.pms = NULL;
++ s->s3->tmp.pmslen = 0;
+ #ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
++ s->s3->tmp.psklen = 0;
+ #endif
+ return 0;
+ }
+@@ -3426,6 +3430,7 @@
+ err:
+ OPENSSL_clear_free(pms, pmslen);
+ s->s3->tmp.pms = NULL;
++ s->s3->tmp.pmslen = 0;
+ return 0;
+ }
+
+--- crypto/openssl/ssl/statem/statem_srvr.c.orig
++++ crypto/openssl/ssl/statem/statem_srvr.c
+@@ -2178,6 +2178,7 @@
+ OPENSSL_free(s->s3->alpn_selected);
+ s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+ if (s->s3->alpn_selected == NULL) {
++ s->s3->alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+@@ -2853,9 +2854,16 @@
+ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+ OPENSSL_free(s->pha_context);
+ s->pha_context_len = 32;
+- if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
+- || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+- || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
++ if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
++ s->pha_context_len = 0;
++ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
++ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
++ ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
++ || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
++ s->pha_context_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+@@ -2969,6 +2977,7 @@
+ OPENSSL_cleanse(psk, psklen);
+
+ if (s->s3->tmp.psk == NULL) {
++ s->s3->tmp.psklen = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+ return 0;
+@@ -3508,6 +3517,7 @@
+ #ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
++ s->s3->tmp.psklen = 0;
+ #endif
+ return MSG_PROCESS_ERROR;
+ }
+@@ -4117,6 +4127,7 @@
+ s->session->ext.alpn_selected =
+ OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
++ s->session->ext.alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_MALLOC_FAILURE);
diff --git a/website/static/security/patches/SA-21:07/openssl-12.patch.asc b/website/static/security/patches/SA-21:07/openssl-12.patch.asc
new file mode 100644
index 0000000000..a37ae98422
--- /dev/null
+++ b/website/static/security/patches/SA-21:07/openssl-12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmBdIjQACgkQ05eS9J6n
+5cL5OQ//dm5Ga7kMttdTzTkHdEYYi7GhRae/Jhaxc1/lYu1shQcOO4PrasasOOmD
+lLsLOP/ZJ5mNFzFz8aiVS5cci995MYhmgCesOStJpwoFhTjGq2Oek+TUGCjJ6vSt
+W6qivOsffvMxhnpONFo1qmtDPsEgu0/BtpKkE9j9KohkptrlUoMNvE0p6e0lu02k
+wZGZlQDSrNnbyTtFBYPw0q0hYMqcKTTAb/h8TSJvAdwSM3eFr2bGqiKWRu4EagV2
+fMch81jYSZUjy7/vkfm77sIl5tRgIzi3V53AAB6llZukA8ClRk4VQFR4Lng5dF3b
+zh4M5GQSEDn3kx5iEEn/GduTO/ECa6fGyQNmaofXs7ObzBT7195wvk2YheuoXZgz
+UuQ99cQU6zTqomGg13sf7YOxzrJAnqRyn5mhiQRhPGHsHd5yeKBdxBMhQnY8o73k
+kvyYhZyYExW4GYmazuiVxPj24aA1h40XCK4cRhFh4VBgpjpAIxPyBIFOicuguNZM
+ESzpTmdLKBV04n+tm0JA729qyFHXlAub9+Tsvcx8hXxiC9QytbLKmXdpiq26l+d/
+7aIcoEkzBR2b4dewP7a8UpibXRKBX0r6oNRBSUgGjctgw822Yr4XHfUruJ5nIOFj
+vyZcsM3ircMyGeJ7Dmz3ljWAQMyrQZbRfC/usFahHYSRf1k8PJ4=
+=m/x3
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:07/openssl-13.patch b/website/static/security/patches/SA-21:07/openssl-13.patch
new file mode 100644
index 0000000000..07fdf17450
--- /dev/null
+++ b/website/static/security/patches/SA-21:07/openssl-13.patch
@@ -0,0 +1,651 @@
+--- crypto/openssl/CHANGES.orig
++++ crypto/openssl/CHANGES
+@@ -7,6 +7,50 @@
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
++ Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
++
++ *) Fixed a problem with verifying a certificate chain when using the
++ X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
++ of the certificates present in a certificate chain. It is not set by
++ default.
++
++ Starting from OpenSSL version 1.1.1h a check to disallow certificates in
++ the chain that have explicitly encoded elliptic curve parameters was added
++ as an additional strict check.
++
++ An error in the implementation of this check meant that the result of a
++ previous check to confirm that certificates in the chain are valid CA
++ certificates was overwritten. This effectively bypasses the check
++ that non-CA certificates must not be able to issue other certificates.
++
++ If a "purpose" has been configured then there is a subsequent opportunity
++ for checks that the certificate is a valid CA. All of the named "purpose"
++ values implemented in libcrypto perform this check. Therefore, where
++ a purpose is set the certificate chain will still be rejected even when the
++ strict flag has been used. A purpose is set by default in libssl client and
++ server certificate verification routines, but it can be overridden or
++ removed by an application.
++
++ In order to be affected, an application must explicitly set the
++ X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
++ for the certificate verification or, in the case of TLS client or server
++ applications, override the default purpose.
++ (CVE-2021-3450)
++ [Tomáš Mráz]
++
++ *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
++ crafted renegotiation ClientHello message from a client. If a TLSv1.2
++ renegotiation ClientHello omits the signature_algorithms extension (where
++ it was present in the initial ClientHello), but includes a
++ signature_algorithms_cert extension then a NULL pointer dereference will
++ result, leading to a crash and a denial of service attack.
++
++ A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
++ (which is the default configuration). OpenSSL TLS clients are not impacted
++ by this issue.
++ (CVE-2021-3449)
++ [Peter Kästle and Samuel Sapalski]
++
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+--- crypto/openssl/NEWS.orig
++++ crypto/openssl/NEWS
+@@ -5,6 +5,14 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
++ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
++
++ o Fixed a problem with verifying a certificate chain when using the
++ X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
++ o Fixed an issue where an OpenSSL TLS server may crash if sent a
++ maliciously crafted renegotiation ClientHello message from a client
++ (CVE-2021-3449)
++
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+--- crypto/openssl/README.orig
++++ crypto/openssl/README
+@@ -1,7 +1,7 @@
+
+- OpenSSL 1.1.1j 16 Feb 2021
++ OpenSSL 1.1.1k 25 Mar 2021
+
+- Copyright (c) 1998-2020 The OpenSSL Project
++ Copyright (c) 1998-2021 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+--- crypto/openssl/apps/s_cb.c.orig
++++ crypto/openssl/apps/s_cb.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -934,7 +934,8 @@
+ if (!SSL_build_cert_chain(ssl, 0))
+ return 0;
+ } else if (exc->chain != NULL) {
+- SSL_set1_chain(ssl, exc->chain);
++ if (!SSL_set1_chain(ssl, exc->chain))
++ return 0;
+ }
+ }
+ exc = exc->prev;
+--- crypto/openssl/apps/s_time.c.orig
++++ crypto/openssl/apps/s_time.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -263,7 +263,8 @@
+ nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+ printf
+ ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+- nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
++ nConn, (long)time(NULL) - finishtime + maxtime,
++ nConn > 0 ? bytes_read / nConn : 0l);
+
+ /*
+ * Now loop and time connections using the same session id over and over
+--- crypto/openssl/crypto/asn1/asn1_par.c.orig
++++ crypto/openssl/crypto/asn1/asn1_par.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -325,6 +325,7 @@
+ }
+ if (BIO_puts(bp, "]") <= 0)
+ goto end;
++ dump_cont = 0;
+ }
+
+ if (!nl) {
+--- crypto/openssl/crypto/asn1/bio_ndef.c.orig
++++ crypto/openssl/crypto/asn1/bio_ndef.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -113,6 +113,8 @@
+ ndef_aux = *(NDEF_SUPPORT **)parg;
+
+ derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
++ if (derlen < 0)
++ return 0;
+ if ((p = OPENSSL_malloc(derlen)) == NULL) {
+ ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
+ return 0;
+--- crypto/openssl/crypto/engine/eng_devcrypto.c.orig
++++ crypto/openssl/crypto/engine/eng_devcrypto.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -758,8 +758,9 @@
+ void engine_load_devcrypto_int()
+ {
+ ENGINE *e = NULL;
++ int fd;
+
+- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
++ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ #ifndef ENGINE_DEVCRYPTO_DEBUG
+ if (errno != ENOENT)
+ #endif
+@@ -767,6 +768,18 @@
+ return;
+ }
+
++#ifdef CRIOGET
++ if (ioctl(fd, CRIOGET, &cfd) < 0) {
++ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
++ close(fd);
++ cfd = -1;
++ return;
++ }
++ close(fd);
++#else
++ cfd = fd;
++#endif
++
+ if ((e = ENGINE_new()) == NULL
+ || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+ ENGINE_free(e);
+--- crypto/openssl/crypto/evp/evp_enc.c.orig
++++ crypto/openssl/crypto/evp/evp_enc.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+--- crypto/openssl/crypto/modes/cbc128.c.orig
++++ crypto/openssl/crypto/modes/cbc128.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -69,7 +69,8 @@
+ in += 16;
+ out += 16;
+ }
+- memcpy(ivec, iv, 16);
++ if (ivec != iv)
++ memcpy(ivec, iv, 16);
+ }
+
+ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+@@ -114,7 +115,8 @@
+ out += 16;
+ }
+ }
+- memcpy(ivec, iv, 16);
++ if (ivec != iv)
++ memcpy(ivec, iv, 16);
+ } else {
+ if (STRICT_ALIGNMENT &&
+ ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+--- crypto/openssl/crypto/modes/gcm128.c.orig
++++ crypto/openssl/crypto/modes/gcm128.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -1385,8 +1385,8 @@
+ else
+ ctx->Yi.d[3] = ctr;
+ for (i = 0; i < 16 / sizeof(size_t); ++i) {
+- size_t c = in[i];
+- out[i] = c ^ ctx->EKi.t[i];
++ size_t c = in_t[i];
++ out_t[i] = c ^ ctx->EKi.t[i];
+ ctx->Xi.t[i] ^= c;
+ }
+ GCM_MUL(ctx);
+--- crypto/openssl/crypto/o_time.c.orig
++++ crypto/openssl/crypto/o_time.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -133,8 +133,8 @@
+ static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+ long *pday, int *psec)
+ {
+- int offset_hms, offset_day;
+- long time_jd;
++ int offset_hms;
++ long offset_day, time_jd;
+ int time_year, time_month, time_day;
+ /* split offset into days and day seconds */
+ offset_day = offset_sec / SECS_PER_DAY;
+--- crypto/openssl/crypto/rand/rand_lib.c.orig
++++ crypto/openssl/crypto/rand/rand_lib.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -432,9 +432,13 @@
+ RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+ size_t min_len, size_t max_len)
+ {
+- RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
++ RAND_POOL *pool;
+ size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
+
++ if (!RUN_ONCE(&rand_init, do_rand_init))
++ return NULL;
++
++ pool = OPENSSL_zalloc(sizeof(*pool));
+ if (pool == NULL) {
+ RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+--- crypto/openssl/crypto/rsa/rsa_ssl.c.orig
++++ crypto/openssl/crypto/rsa/rsa_ssl.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+--- crypto/openssl/crypto/x509/x509_vfy.c.orig
++++ crypto/openssl/crypto/x509/x509_vfy.c
+@@ -524,15 +524,19 @@
+ ret = 1;
+ break;
+ }
+- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
++ if (ret > 0
++ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+ /* Check for presence of explicit elliptic curve parameters */
+ ret = check_curve(x);
+- if (ret < 0)
++ if (ret < 0) {
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+- else if (ret == 0)
++ ret = 0;
++ } else if (ret == 0) {
+ ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
++ }
+ }
+- if ((x->ex_flags & EXFLAG_CA) == 0
++ if (ret > 0
++ && (x->ex_flags & EXFLAG_CA) == 0
+ && x->ex_pathlen != -1
+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
+--- crypto/openssl/include/openssl/opensslv.h.orig
++++ crypto/openssl/include/openssl/opensslv.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+@@ -39,8 +39,8 @@
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+-# define OPENSSL_VERSION_NUMBER 0x101010afL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j-freebsd 16 Feb 2021"
++# define OPENSSL_VERSION_NUMBER 0x101010bfL
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 25 Mar 2021"
+
+ /*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+--- crypto/openssl/ssl/s3_lib.c.orig
++++ crypto/openssl/ssl/s3_lib.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+@@ -4629,6 +4629,7 @@
+
+ OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+ s->s3->tmp.psk = NULL;
++ s->s3->tmp.psklen = 0;
+ if (!s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key, pskpms, pskpmslen,
+ &s->session->master_key_length)) {
+@@ -4658,8 +4659,10 @@
+ else
+ OPENSSL_cleanse(pms, pmslen);
+ }
+- if (s->server == 0)
++ if (s->server == 0) {
+ s->s3->tmp.pms = NULL;
++ s->s3->tmp.pmslen = 0;
++ }
+ return ret;
+ }
+
+--- crypto/openssl/ssl/ssl_lib.c.orig
++++ crypto/openssl/ssl/ssl_lib.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+@@ -781,8 +781,10 @@
+ s->ext.ecpointformats =
+ OPENSSL_memdup(ctx->ext.ecpointformats,
+ ctx->ext.ecpointformats_len);
+- if (!s->ext.ecpointformats)
++ if (!s->ext.ecpointformats) {
++ s->ext.ecpointformats_len = 0;
+ goto err;
++ }
+ s->ext.ecpointformats_len =
+ ctx->ext.ecpointformats_len;
+ }
+@@ -791,8 +793,10 @@
+ OPENSSL_memdup(ctx->ext.supportedgroups,
+ ctx->ext.supportedgroups_len
+ * sizeof(*ctx->ext.supportedgroups));
+- if (!s->ext.supportedgroups)
++ if (!s->ext.supportedgroups) {
++ s->ext.supportedgroups_len = 0;
+ goto err;
++ }
+ s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
+ }
+ #endif
+@@ -802,8 +806,10 @@
+
+ if (s->ctx->ext.alpn) {
+ s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+- if (s->ext.alpn == NULL)
++ if (s->ext.alpn == NULL) {
++ s->ext.alpn_len = 0;
+ goto err;
++ }
+ memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+ s->ext.alpn_len = s->ctx->ext.alpn_len;
+ }
+@@ -2923,6 +2929,7 @@
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ctx->ext.alpn == NULL) {
++ ctx->ext.alpn_len = 0;
+ SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+@@ -2942,6 +2949,7 @@
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+ if (ssl->ext.alpn == NULL) {
++ ssl->ext.alpn_len = 0;
+ SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+--- crypto/openssl/ssl/statem/extensions.c.orig
++++ crypto/openssl/ssl/statem/extensions.c
+@@ -336,6 +336,8 @@
+ tls_construct_stoc_key_share, tls_construct_ctos_key_share,
+ final_key_share
+ },
++#else
++ INVALID_EXTENSION,
+ #endif
+ {
+ /* Must be after key_share */
+@@ -1137,6 +1139,7 @@
+ /* Clear any signature algorithms extension received */
+ OPENSSL_free(s->s3->tmp.peer_sigalgs);
+ s->s3->tmp.peer_sigalgs = NULL;
++ s->s3->tmp.peer_sigalgslen = 0;
+
+ return 1;
*** 214 LINES SKIPPED ***
More information about the dev-commits-doc-all
mailing list