svn commit: r568572 - in head/security/libressl: . files

Bernard Spil brnrd at FreeBSD.org
Tue Mar 16 15:43:22 UTC 2021 

Author: brnrd
Date: Tue Mar 16 15:43:21 2021
New Revision: 568572
URL: https://svnweb.freebsd.org/changeset/ports/568572

Log:
  security/libressl: Security fix for potential use-after-free
  
  MFH:		2021Q1
  Security:	eeca52dc-866c-11eb-b8d6-d4c9ef517024

Added:
  head/security/libressl/files/
  head/security/libressl/files/patch-OpenBSD-Errata-6.8-17   (contents, props changed)
Modified:
  head/security/libressl/Makefile

Modified: head/security/libressl/Makefile
==============================================================================
--- head/security/libressl/Makefile	Tue Mar 16 15:42:00 2021	(r568571)
+++ head/security/libressl/Makefile	Tue Mar 16 15:43:21 2021	(r568572)
@@ -3,6 +3,7 @@
 
 PORTNAME=	libressl
 PORTVERSION=	3.2.4
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	OPENBSD/LibreSSL
 

Added: head/security/libressl/files/patch-OpenBSD-Errata-6.8-17
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/libressl/files/patch-OpenBSD-Errata-6.8-17	Tue Mar 16 15:43:21 2021	(r568572)
@@ -0,0 +1,74 @@
+OpenBSD 6.8 errata 017, March 12, 2021:
+
+A TLS client using session resumption may cause a use-after-free.
+
+Apply by doing:
+    signify -Vep /etc/signify/openbsd-68-base.pub -x 017_libssl.patch.sig \
+        -m - | (cd /usr/src && patch -p0)
+
+And then rebuild and install libssl and unwind:
+    cd /usr/src/lib/libssl
+    make obj
+    make
+    make install
+    cd /usr/src/sbin/unwind
+    make obj
+    make
+    make install
+
+Index: lib/libssl/s3_lib.c
+===================================================================
+RCS file: /home/cvs/src/lib/libssl/s3_lib.c,v
+retrieving revision 1.198
+diff -u -p -r1.198 s3_lib.c
+--- ssl/s3_lib.c	17 Sep 2020 15:42:14 -0000	1.198
++++ ssl/s3_lib.c	9 Mar 2021 18:50:53 -0000
+@@ -1577,6 +1577,10 @@ ssl3_free(SSL *s)
+ 
+ 	free(S3I(s)->alpn_selected);
+ 
++	/* Clear reference to sequence numbers. */
++	tls12_record_layer_clear_read_state(s->internal->rl);
++	tls12_record_layer_clear_write_state(s->internal->rl);
++
+ 	freezero(S3I(s), sizeof(*S3I(s)));
+ 	freezero(s->s3, sizeof(*s->s3));
+ 
+@@ -1648,6 +1652,11 @@ ssl3_clear(SSL *s)
+ 
+ 	s->internal->packet_length = 0;
+ 	s->version = TLS1_VERSION;
++
++	tls12_record_layer_set_read_seq_num(s->internal->rl,
++	    S3I(s)->read_sequence);
++	tls12_record_layer_set_write_seq_num(s->internal->rl,
++	    S3I(s)->write_sequence);
+ 
+ 	S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+ }
+Index: lib/libssl/ssl_lib.c
+===================================================================
+RCS file: /home/cvs/src/lib/libssl/ssl_lib.c,v
+retrieving revision 1.234.4.1
+diff -u -p -r1.234.4.1 ssl_lib.c
+--- ssl/ssl_lib.c	3 Feb 2021 07:06:13 -0000	1.234.4.1
++++ ssl/ssl_lib.c	9 Mar 2021 18:50:53 -0000
+@@ -253,6 +253,8 @@ SSL_new(SSL_CTX *ctx)
+ 		goto err;
+ 	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
+ 		goto err;
++	if ((s->internal->rl = tls12_record_layer_new()) == NULL)
++		goto err;
+ 
+ 	s->internal->min_version = ctx->internal->min_version;
+ 	s->internal->max_version = ctx->internal->max_version;
+@@ -339,9 +341,6 @@ SSL_new(SSL_CTX *ctx)
+ 	s->method = ctx->method;
+ 
+ 	if (!s->method->internal->ssl_new(s))
+-		goto err;
+-
+-	if ((s->internal->rl = tls12_record_layer_new()) == NULL)
+ 		goto err;
+ 
+ 	s->references = 1;

More information about the svn-ports-head mailing list