Re: svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
In message <201611020709.ua279wm3070...@repo.freebsd.org>, Xin LI writes:
> Author: delphij
> Date: Wed Nov 2 07:09:31 2016
> New Revision: 308200
> URL: https://svnweb.freebsd.org/changeset/base/308200
>
> Log:
> Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:
>
> Don't allow too many consecutive warning alerts
>
> Certain warning alerts are ignored if they are received. This can mean th
> at
> no progress will be made if one peer continually sends those warning aler
> ts.
> Implement a count so that we abort the connection if we receive too many.
>
> Issue reported by Shi Lei.
>
> This is a direct commit to stable/10 and stable/9.
>
> Security: CVE-2016-8610
>
> Modified:
> stable/10/crypto/openssl/ssl/d1_pkt.c
> stable/10/crypto/openssl/ssl/s3_pkt.c
> stable/10/crypto/openssl/ssl/ssl.h
> stable/10/crypto/openssl/ssl/ssl3.h
> stable/10/crypto/openssl/ssl/ssl_locl.h
>
> Changes in other areas also in this revision:
> Modified:
> stable/9/crypto/openssl/ssl/d1_pkt.c
> stable/9/crypto/openssl/ssl/s3_pkt.c
> stable/9/crypto/openssl/ssl/ssl.h
> stable/9/crypto/openssl/ssl/ssl3.h
> stable/9/crypto/openssl/ssl/ssl_locl.h
>
> Modified: stable/10/crypto/openssl/ssl/d1_pkt.c
> =
> =
> --- stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 06:58:47 2016
> (r308199)
> +++ stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:09:31 2016
> (r308200)
> @@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u
> goto start;
> }
>
> +/*
> + * Reset the count of consecutive warning alerts if we've got a non-empt
> y
> + * record that isn't an alert.
> + */
> +if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> +s->s3->alert_count = 0;
> +
> /* we now have a packet which can be read and processed */
>
> if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> @@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u
>
> if (alert_level == SSL3_AL_WARNING) {
> s->s3->warn_alert = alert_descr;
> +
> +s->s3->alert_count++;
> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
> +al = SSL_AD_UNEXPECTED_MESSAGE;
> +SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> +goto f_err;
> +}
> +
> if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> #ifndef OPENSSL_NO_SCTP
> /*
>
> Modified: stable/10/crypto/openssl/ssl/s3_pkt.c
> =
> =
> --- stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 06:58:47 2016
> (r308199)
> +++ stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:09:31 2016
> (r308200)
> @@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un
> return (ret);
> }
>
> +/*
> + * Reset the count of consecutive warning alerts if we've got a non-empt
> y
> + * record that isn't an alert.
> + */
> +if (rr->type != SSL3_RT_ALERT && rr->length != 0)
> +s->s3->alert_count = 0;
> +
> /* we now have a packet which can be read and processed */
>
> if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
> @@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un
>
> if (alert_level == SSL3_AL_WARNING) {
> s->s3->warn_alert = alert_descr;
> +
> +s->s3->alert_count++;
> +if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
> +al = SSL_AD_UNEXPECTED_MESSAGE;
> +SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
> +goto f_err;
> +}
> +
> if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
> s->shutdown |= SSL_RECEIVED_SHUTDOWN;
> return (0);
>
> Modified: stable/10/crypto/openssl/ssl/ssl.h
> =
> =
> --- stable/10/crypto/openssl/ssl/ssl.hWed Nov 2 06:58:47 2016
> (r308199)
> +++ stable/10/crypto/openssl/ssl/ssl.hWed Nov 2 07:09:31 2016
> (r308200)
> @@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void);
> # define SSL_R_TLS_HEARTBEAT_PENDING 366
> # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
> # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
> +# define SSL_R_TOO_MANY_WARN_ALERTS 409
> # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
> # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234
> # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235
>
> Modified: stable/10/crypto/openssl/ssl/ssl3.h
> =
> =
> ---
svn commit: r308200 - in stable: 10/crypto/openssl/ssl 9/crypto/openssl/ssl
Author: delphij
Date: Wed Nov 2 07:09:31 2016
New Revision: 308200
URL: https://svnweb.freebsd.org/changeset/base/308200
Log:
Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:
Don't allow too many consecutive warning alerts
Certain warning alerts are ignored if they are received. This can mean that
no progress will be made if one peer continually sends those warning alerts.
Implement a count so that we abort the connection if we receive too many.
Issue reported by Shi Lei.
This is a direct commit to stable/10 and stable/9.
Security: CVE-2016-8610
Modified:
stable/10/crypto/openssl/ssl/d1_pkt.c
stable/10/crypto/openssl/ssl/s3_pkt.c
stable/10/crypto/openssl/ssl/ssl.h
stable/10/crypto/openssl/ssl/ssl3.h
stable/10/crypto/openssl/ssl/ssl_locl.h
Changes in other areas also in this revision:
Modified:
stable/9/crypto/openssl/ssl/d1_pkt.c
stable/9/crypto/openssl/ssl/s3_pkt.c
stable/9/crypto/openssl/ssl/ssl.h
stable/9/crypto/openssl/ssl/ssl3.h
stable/9/crypto/openssl/ssl/ssl_locl.h
Modified: stable/10/crypto/openssl/ssl/d1_pkt.c
==
--- stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 06:58:47 2016
(r308199)
+++ stable/10/crypto/openssl/ssl/d1_pkt.c Wed Nov 2 07:09:31 2016
(r308200)
@@ -924,6 +924,13 @@ int dtls1_read_bytes(SSL *s, int type, u
goto start;
}
+/*
+ * Reset the count of consecutive warning alerts if we've got a non-empty
+ * record that isn't an alert.
+ */
+if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+s->s3->alert_count = 0;
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1190,6 +1197,14 @@ int dtls1_read_bytes(SSL *s, int type, u
if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
+
+s->s3->alert_count++;
+if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+al = SSL_AD_UNEXPECTED_MESSAGE;
+SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+goto f_err;
+}
+
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
#ifndef OPENSSL_NO_SCTP
/*
Modified: stable/10/crypto/openssl/ssl/s3_pkt.c
==
--- stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 06:58:47 2016
(r308199)
+++ stable/10/crypto/openssl/ssl/s3_pkt.c Wed Nov 2 07:09:31 2016
(r308200)
@@ -1057,6 +1057,13 @@ int ssl3_read_bytes(SSL *s, int type, un
return (ret);
}
+/*
+ * Reset the count of consecutive warning alerts if we've got a non-empty
+ * record that isn't an alert.
+ */
+if (rr->type != SSL3_RT_ALERT && rr->length != 0)
+s->s3->alert_count = 0;
+
/* we now have a packet which can be read and processed */
if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1271,6 +1278,14 @@ int ssl3_read_bytes(SSL *s, int type, un
if (alert_level == SSL3_AL_WARNING) {
s->s3->warn_alert = alert_descr;
+
+s->s3->alert_count++;
+if (s->s3->alert_count == MAX_WARN_ALERT_COUNT) {
+al = SSL_AD_UNEXPECTED_MESSAGE;
+SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_TOO_MANY_WARN_ALERTS);
+goto f_err;
+}
+
if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return (0);
Modified: stable/10/crypto/openssl/ssl/ssl.h
==
--- stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 06:58:47 2016
(r308199)
+++ stable/10/crypto/openssl/ssl/ssl.h Wed Nov 2 07:09:31 2016
(r308200)
@@ -2717,6 +2717,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_TLS_HEARTBEAT_PENDING 366
# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
+# define SSL_R_TOO_MANY_WARN_ALERTS 409
# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG234
# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER235
Modified: stable/10/crypto/openssl/ssl/ssl3.h
==
--- stable/10/crypto/openssl/ssl/ssl3.h Wed Nov 2 06:58:47 2016
(r308199)
+++ stable/10/crypto/openssl/ssl/ssl3.h Wed Nov 2 07:09:31 2016
(r308200)
@@ -587,6 +587,8 @@ typedef struct ssl3_state_st {
char is_probably_safari;
# endif /* !OPENSSL_NO_EC */
# endif/* !OPENSSL_NO_TLSEXT */
+/*
