Bug#1041699: wolfssl: CVE-2023-3724

2023-10-23 Thread Bastian Germann 
On Sat, 22 Jul 2023 16:25:36 + "Jacob .."  wrote:> Started the process of 
adding a patch to wolfssl_4.6.0+p1-0+deb11u1.1.dsc.


Based on the same upstream commit, I am uploading an unstable fix as NMU
so I can forward your upload to proposed-updates.diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog
--- wolfssl-5.5.4/debian/changelog  2023-02-06 14:41:53.0 +
+++ wolfssl-5.5.4/debian/changelog  2023-10-23 17:46:16.0 +
@@ -1,3 +1,10 @@
+wolfssl (5.5.4-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2023-3724. (see #1041699)
+
+ -- Bastian Germann   Mon, 23 Oct 2023 17:46:16 +
+
 wolfssl (5.5.4-2) unstable; urgency=medium
 
   * Clarify in README.Debian and in the package descriptions that wolfssl is
diff -Nru wolfssl-5.5.4/debian/patches/cve-2023-3724.patch 
wolfssl-5.5.4/debian/patches/cve-2023-3724.patch
--- wolfssl-5.5.4/debian/patches/cve-2023-3724.patch1970-01-01 
00:00:00.0 +
+++ wolfssl-5.5.4/debian/patches/cve-2023-3724.patch2023-10-23 
17:46:16.0 +
@@ -0,0 +1,47 @@
+Origin: backport, 00f1eddee429ff51390b20caadd2eb6afe51e1aa
+From: Jacob Barthelmeh 
+Date: Mon, 15 May 2023 15:49:44 -0700
+Subject: add tls extension sanity check
+
+---
+ src/tls.c   |  3 +++
+ src/tls13.c | 10 ++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/src/tls.c b/src/tls.c
+index bced9f9b13f..9bbabfb14e2 100644
+--- a/src/tls.c
 b/src/tls.c
+@@ -8475,6 +8475,9 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, 
word16 length,
+ if (!WOLFSSL_NAMED_GROUP_IS_PQC(group))
+ #endif
+ ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
++
++if (ret == 0)
++ssl->session->namedGroup = ssl->namedGroup = group;
+ }
+ else {
+ /* Not a message type that is allowed to have this extension. */
+diff --git a/src/tls13.c b/src/tls13.c
+index e5360790b3b..0f1bbc1aad1 100644
+--- a/src/tls13.c
 b/src/tls13.c
+@@ -5236,8 +5236,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, 
word32* inOutIdx,
+ }
+ #endif
+ 
++/* sanity check on PSK / KSE */
++if (
++#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
++ssl->options.pskNegotiated == 0 &&
++#endif
++ssl->session->namedGroup == 0) {
++return EXT_MISSING;
++}
++
+ ssl->keys.encryptionOn = 1;
+ ssl->options.serverState = SERVER_HELLO_COMPLETE;
++
+ }
+ else {
+ ssl->options.tls1_3 = 1;
diff -Nru wolfssl-5.5.4/debian/patches/series 
wolfssl-5.5.4/debian/patches/series
--- wolfssl-5.5.4/debian/patches/series 2022-11-07 17:38:12.0 +
+++ wolfssl-5.5.4/debian/patches/series 2023-10-23 17:46:16.0 +
@@ -4,3 +4,4 @@
 fix-hurd-i386-flags.patch
 disable-crl-monitor.patch
 disable-jobserver.patch
+cve-2023-3724.patch

Bug#1041699:

2023-07-22 Thread Jacob .. 
Thanks Moritz,

Started the process of adding a patch to wolfssl_4.6.0+p1-0+deb11u1.1.dsc.

Sent from Mail for Windows

Bug#1041699: wolfssl: CVE-2023-3724

2023-07-22 Thread Moritz Mühlenhoff 
Source: wolfssl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for wolfssl.

CVE-2023-3724[0]:
| If a TLS 1.3 client gets neither a PSK (pre shared key) extension
| nor a KSE (key share extension) when connecting to a malicious
| server, a default predictable buffer gets used for the IKM (Input
| Keying Material) value when generating the session master secret.
| Using a potentially known IKM value when generating the session
| master secret key compromises the key generated, allowing an
| eavesdropper to reconstruct it and potentially allowing access to or
| meddling with message contents in the session. This issue does not
| affect client validation of connected servers, nor expose private
| key information, but could result in an insecure TLS 1.3 session
| when not controlling both sides of the connection. wolfSSL
| recommends that TLS 1.3 client side users update the version of
| wolfSSL used.

https://github.com/wolfSSL/wolfssl/pull/6412
https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa
 (v5.6.2-stable)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3724
https://www.cve.org/CVERecord?id=CVE-2023-3724

Please adjust the affected versions in the BTS as needed.