Date: Sat, 9 Dec 2017 04:04:30 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51269 - in head/share/security: advisories patches/SA-17:12 Message-ID: <201712090404.vB944Uuf000782@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src,ports committer) Date: Sat Dec 9 04:04:30 2017 New Revision: 51269 URL: https://svnweb.freebsd.org/changeset/doc/51269 Log: Add FreeBSD-SA-17:12.openssl. Added: head/share/security/advisories/FreeBSD-SA-17:12.openssl.asc (contents, props changed) head/share/security/patches/SA-17:12/ head/share/security/patches/SA-17:12/openssl-10.patch (contents, props changed) head/share/security/patches/SA-17:12/openssl-10.patch.asc (contents, props changed) head/share/security/patches/SA-17:12/openssl-11.patch (contents, props changed) head/share/security/patches/SA-17:12/openssl-11.patch.asc (contents, props changed) Added: head/share/security/advisories/FreeBSD-SA-17:12.openssl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-17:12.openssl.asc Sat Dec 9 04:04:30 2017 (r51269) @@ -0,0 +1,169 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-17:12.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2017-12-09 +Affects: All supported versions of FreeBSD. +Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE) + 2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6) + 2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE) + 2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5) + 2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26) +CVE Name: CVE-2017-3737, CVE-2017-3738 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets +Layer (SSL) protocols. It is also a full-strength general purpose +cryptography library. + +II. Problem Description + +Invoking SSL_read()/SSL_write() while in an error state causes data to be +passed without being decrypted/encrypted directly from the SSL/TLS record +layer. + +In order to exploit this issue an application bug would have to be present +that resulted in a call to SSL_read()/SSL_write() being issued after having +already received a fatal error. [CVE-2017-3737] + +There is an overflow bug in the x86_64 Montgomery multiplication procedure +used in exponentiation with 1024-bit moduli. This only affects processors +that support the AVX2 but not ADX extensions like Intel Haswell (4th +generation). [CVE-2017-3738] This bug only affects FreeBSD 11.x. + +III. Impact + +Applications with incorrect error handling may inappropriately pass +unencrypted data. [CVE-2017-3737] + +Mishandling of carry propagation will produce incorrect output, and make it +easier for a remote attacker to obtain sensitive private-key information. No +EC algorithms are affected and analysis suggests that attacks against RSA and +DSA as a result of this defect would be very difficult to perform and are not +believed likely. + +Attacks against DH1024 are considered just feasible (although very difficult) +because most of the work necessary to deduce information about a private key +may be performed offline. The amount of resources required for such an +attack would be very significant and likely only accessible to a limited +number of attackers. However, for an attack on TLS to be meaningful, the +server would have to share the DH1024 private key among multiple clients, +which is no longer an option since CVE-2016-0701. [CVE-2017-3738] + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Restart all daemons that use the library, or reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all daemons that use the library, or reboot the system. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.x] +# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch +# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc +# gpg --verify openssl-10.patch.asc + +[FreeBSD 11.x] +# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch +# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc +# gpg --verify openssl-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r326721 +releng/10.3/ r326723 +releng/10.4/ r326723 +stable/11/ r326663 +releng/11.1/ r326722 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.openssl.org/news/secadv/20171207.txt>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlorX9pfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +aucRig//XLyBjQb+uqZbCWBG9TuefOrdNFeGay5QjBMXRT6TsHel+lUQbAZuMoA7 +p4Iammlir+krH9+D/iWPZqLVRhY29LMmI7eyCL9vgA0McRsoDI1bN0daJiAOypo4 +AWjzslm+Z/8vLcs93fpi0Y26yf45CY8uzGVJBspGg1D9wPJ60bqKqimCPTYMBXtS +2ZecrF89Vg9u+U2dYmsoTryBNerPR+UWLMtO5DUUgDtcdAdINKjjcQt6i6A0XPr2 +2d7fzVCN4k4eBqmOOi1YWL96uoYcfDOCmUWD4NYN3x6+1n/oHVpviYYi8CgXJNbU +1dsD6fPeAlqfBOi4e3tNKY2bwzq93/nJF9/RpzDz2JDlUxjHk2jc0EG64Dh3HSjK +hwzXhc43qWnfzTs6PRkgZRNQp+0NFEZZT8gEXEQ8mCnW+3qF0LgvQYHBFknGDYCi +EdZhnVN+DTHvaqLJpVrgE8TKt/qWCkdhsw1RRQblAovsC6CZZD3lYUS/o86jn2tp +WVjndsfmfNs2EFWeZsKcwYCb+bdQGXbhlxb8iSU7f+U+msau5ZF++0+6T/EXvuvq +hVOfwXJUD8xjO1ebZ+gtjn4HvRORLXqwi3zkoKJrSBOikK5ttlKyed445Q0cvuRk +UHpNB7+q57SrO/4syinjh9fozSVSf78tTZaI9YbTCuC3DRY5luI= +=/29R +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-17:12/openssl-10.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:12/openssl-10.patch Sat Dec 9 04:04:30 2017 (r51269) @@ -0,0 +1,11 @@ +--- crypto/openssl/ssl/ssl.h.orig ++++ crypto/openssl/ssl/ssl.h +@@ -1544,7 +1544,7 @@ + # define SSL_ST_BEFORE 0x4000 + # define SSL_ST_OK 0x03 + # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +-# define SSL_ST_ERR 0x05 ++# define SSL_ST_ERR (0x05|SSL_ST_INIT) + + # define SSL_CB_LOOP 0x01 + # define SSL_CB_EXIT 0x02 Added: head/share/security/patches/SA-17:12/openssl-10.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:12/openssl-10.patch.asc Sat Dec 9 04:04:30 2017 (r51269) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlorX9tfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +audhmhAAsuGff3b1BmmhZC05lY4RLSj7Jicg66UYDdmf9MgyFIb6yJ0fxTDpC+o/ +eGByIcusfBdaXEcHWmIP77MHVpKt1FT335bV109kzefW043Ec9oWBglbIWB6GA+y +om1xeJWJAl/ONnKBBwvjUQ9m1KYoQORm8MsZgptoDmujpRlhD85yPIO4Vp7DKxT3 +mMXmxB66XsSlSfLEJQrpr1IuhL0wpeOWxNWgX+ehwbQ7crXlKihJ/G5HzBlUEE8E +0oBAQ1cWLomd/2SMnTezr1yVVuMDQxcaO4D3t5atLZ4lQ8bzyVWFR4NodnrLUupc +uPtD3vDra9BwO4ezJeck/EoRKf0YDb110qbbMFzpoDioUfT2lDrkHedg0M98ysLo +qn/PcoD7na2LtCjSBfPEnBewvQr3ESBjBE3tEVNTMFtcadC/NBLHDgKvw4LFtK1I +7aHQbGhgiALwagbQCMOKn97A1vIGDUk6FvuLDFHI+iTXpn46rkU2pwWyVJdoUKgs +dSeQK6y77QKQEEzdFKMa6aGT/dsk8nXro3uPzwnjG/DUxsIFfxyerz3fTHugUqEh +Hs8ssJ38Y2ZnuiQJMGYxZPMJale+q4ofm9f7aEhlAIE+beD5BlMGUUt6wTTxgk0Q +hZjDvyE4Nv+KpnXetB5f/2CbrBq9rOROGCU55z/wUdFqLIIbUnY= +=Zas4 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-17:12/openssl-11.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:12/openssl-11.patch Sat Dec 9 04:04:30 2017 (r51269) @@ -0,0 +1,122 @@ +--- crypto/openssl/crypto/bn/asm/rsaz-avx2.pl.orig ++++ crypto/openssl/crypto/bn/asm/rsaz-avx2.pl +@@ -239,7 +239,7 @@ + vmovdqu 32*8-128($ap), $ACC8 + + lea 192(%rsp), $tp0 # 64+128=192 +- vpbroadcastq .Land_mask(%rip), $AND_MASK ++ vmovdqu .Land_mask(%rip), $AND_MASK + jmp .LOOP_GRANDE_SQR_1024 + + .align 32 +@@ -1070,10 +1070,10 @@ + vpmuludq 32*6-128($np),$Yi,$TEMP1 + vpaddq $TEMP1,$ACC6,$ACC6 + vpmuludq 32*7-128($np),$Yi,$TEMP2 +- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3 ++ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3 + vpaddq $TEMP2,$ACC7,$ACC7 + vpmuludq 32*8-128($np),$Yi,$TEMP0 +- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3 ++ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3 + vpaddq $TEMP0,$ACC8,$ACC8 + + mov %rbx, %rax +@@ -1086,7 +1086,9 @@ + vmovdqu -8+32*2-128($ap),$TEMP2 + + mov $r1, %rax ++ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3 + imull $n0, %eax ++ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3 + and \$0x1fffffff, %eax + + imulq 16-128($ap),%rbx +@@ -1322,15 +1324,12 @@ + # But as we underutilize resources, it's possible to correct in + # each iteration with marginal performance loss. But then, as + # we do it in each iteration, we can correct less digits, and +-# avoid performance penalties completely. Also note that we +-# correct only three digits out of four. This works because +-# most significant digit is subjected to less additions. ++# avoid performance penalties completely. + + $TEMP0 = $ACC9; + $TEMP3 = $Bi; + $TEMP4 = $Yi; + $code.=<<___; +- vpermq \$0, $AND_MASK, $AND_MASK + vpaddq (%rsp), $TEMP1, $ACC0 + + vpsrlq \$29, $ACC0, $TEMP1 +@@ -1763,7 +1762,7 @@ + + .align 64 + .Land_mask: +- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1 ++ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff + .Lscatter_permd: + .long 0,2,4,6,7,7,7,7 + .Lgather_permd: +--- crypto/openssl/ssl/ssl.h.orig ++++ crypto/openssl/ssl/ssl.h +@@ -1727,7 +1727,7 @@ + # define SSL_ST_BEFORE 0x4000 + # define SSL_ST_OK 0x03 + # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +-# define SSL_ST_ERR 0x05 ++# define SSL_ST_ERR (0x05|SSL_ST_INIT) + + # define SSL_CB_LOOP 0x01 + # define SSL_CB_EXIT 0x02 +--- secure/lib/libcrypto/amd64/rsaz-avx2.S.orig ++++ secure/lib/libcrypto/amd64/rsaz-avx2.S +@@ -68,7 +68,7 @@ + vmovdqu 256-128(%rsi),%ymm8 + + leaq 192(%rsp),%rbx +- vpbroadcastq .Land_mask(%rip),%ymm15 ++ vmovdqu .Land_mask(%rip),%ymm15 + jmp .LOOP_GRANDE_SQR_1024 + + .align 32 +@@ -801,10 +801,10 @@ + vpmuludq 192-128(%rcx),%ymm11,%ymm12 + vpaddq %ymm12,%ymm6,%ymm6 + vpmuludq 224-128(%rcx),%ymm11,%ymm13 +- vpblendd $3,%ymm14,%ymm9,%ymm9 ++ vpblendd $3,%ymm14,%ymm9,%ymm12 + vpaddq %ymm13,%ymm7,%ymm7 + vpmuludq 256-128(%rcx),%ymm11,%ymm0 +- vpaddq %ymm9,%ymm3,%ymm3 ++ vpaddq %ymm12,%ymm3,%ymm3 + vpaddq %ymm0,%ymm8,%ymm8 + + movq %rbx,%rax +@@ -817,7 +817,9 @@ + vmovdqu -8+64-128(%rsi),%ymm13 + + movq %r10,%rax ++ vpblendd $0xfc,%ymm14,%ymm9,%ymm9 + imull %r8d,%eax ++ vpaddq %ymm9,%ymm4,%ymm4 + andl $0x1fffffff,%eax + + imulq 16-128(%rsi),%rbx +@@ -1046,7 +1048,6 @@ + + decl %r14d + jnz .Loop_mul_1024 +- vpermq $0,%ymm15,%ymm15 + vpaddq (%rsp),%ymm12,%ymm0 + + vpsrlq $29,%ymm0,%ymm12 +@@ -1686,7 +1687,7 @@ + + .align 64 + .Land_mask: +-.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1 ++.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff + .Lscatter_permd: + .long 0,2,4,6,7,7,7,7 + .Lgather_permd: Added: head/share/security/patches/SA-17:12/openssl-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-17:12/openssl-11.patch.asc Sat Dec 9 04:04:30 2017 (r51269) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlorX9tfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD +RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P +audlow/+Jb44Q4QjlFqNVrj8y9HKhLtCM5u2zNwsYb0xWhgQ7bxlDoQYa+zbtqRo +kKjzpIjxoXSq/Otx61WkbUukc1RZrN6E1j+47TylWk2S0gl3mtFXvUjbI8YzM6w3 +zvxh9GIfm8u1RV8MFt+eAbjMdsCSw1s5L+Qipv4R1BmOgINsdomgKipXIdsfCSUC +KAGlY4d1KsedRIvG50rpa/lYn4RjI4EjklbDewosNb7NYOKi18QYSTEhJWl27e2L +tbhaCBfNP1SKKs5qyYptO2XPw0ToJIAR97Xtj+7Y0AWiPm26x+IE6+v8/VdFUP7L +Y8f6gtB4Q8vvSRsqsCwS+6GIUVs3tFYNqRwq5S53AFGvlFfjbOreffjYJm2VvlI6 +GIrrDiNEq/JDW3d0ueAt0fdySexfYmhvfd7WXlNnX3Opc164zthQZ4kxc5X2WL2x +xTyQIeWsWW6Om39QSCmQKmSEyhhiFHTHBfCgTQz6c+pVy7tr1cA4+h25XaloWbyM +gUBNRwD7i7er5DFL7GpPMTyW7QbmloE6EIEKMdFl20IfVARPKWBqZIWg093JtoU6 +1SmOcCncVLnzAJodecRy2Jvw0OpRK5imwYIlPpCmOiKvngPIe5X+aNZzsuqDS4Ia +2F3tklxMtvZ3jIgaDpBq6utMnJw0wOTS0TH+U1dFnik3TkCFTdA= +=4IBI +-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712090404.vB944Uuf000782>