wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream pending fix for CVE-2017-13099 ("ROBOT vulnerability"). Ref: https://github.com/wolfSSL/wolfssl/pull/1229 Ref: https://robotattack.org/ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
parent
905bbc96ef
commit
902961c148
3 changed files with 147 additions and 5 deletions
|
@ -8,12 +8,12 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=wolfssl
|
PKG_NAME:=wolfssl
|
||||||
PKG_VERSION:=3.12.0
|
PKG_VERSION:=3.12.2
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
|
||||||
PKG_SOURCE_URL:=https://www.wolfssl.com/
|
PKG_SOURCE_URL:=https://www.wolfssl.com/
|
||||||
PKG_HASH:=5bb196056ac0086efbf07ecea7d3e73b1c31722eb52a88b85879f920428a9a0f
|
PKG_HASH:=4993844c4b7919007c4511ec3f987fb06543536c3fc933cb53491bffe9150e49
|
||||||
|
|
||||||
PKG_FIXUP:=libtool
|
PKG_FIXUP:=libtool
|
||||||
PKG_INSTALL:=1
|
PKG_INSTALL:=1
|
||||||
|
|
144
package/libs/wolfssl/patches/001-CVE-2017-13099.patch
Normal file
144
package/libs/wolfssl/patches/001-CVE-2017-13099.patch
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
From fd455d5a5e9fef24c208e7ac7d3a4bc58834cbf1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Garske <david@wolfssl.com>
|
||||||
|
Date: Tue, 14 Nov 2017 14:05:50 -0800
|
||||||
|
Subject: [PATCH] Fix for handling of static RSA PKCS formatting failures so
|
||||||
|
they are indistinguishable from from correctly formatted RSA blocks (per
|
||||||
|
RFC5246 section 7.4.7.1). Adjusted the static RSA preMasterSecret RNG
|
||||||
|
creation for consistency in client case. Removed obsolete
|
||||||
|
`PMS_VERSION_ERROR`.
|
||||||
|
|
||||||
|
---
|
||||||
|
src/internal.c | 70 +++++++++++++++++++++++++++++++++++++++++++++--------
|
||||||
|
wolfssl/error-ssl.h | 2 +-
|
||||||
|
2 files changed, 61 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
--- a/src/internal.c
|
||||||
|
+++ b/src/internal.c
|
||||||
|
@@ -14190,9 +14190,6 @@ const char* wolfSSL_ERR_reason_error_str
|
||||||
|
case NOT_READY_ERROR :
|
||||||
|
return "handshake layer not ready yet, complete first";
|
||||||
|
|
||||||
|
- case PMS_VERSION_ERROR :
|
||||||
|
- return "premaster secret version mismatch error";
|
||||||
|
-
|
||||||
|
case VERSION_ERROR :
|
||||||
|
return "record layer version error";
|
||||||
|
|
||||||
|
@@ -18758,8 +18755,10 @@ int SendClientKeyExchange(WOLFSSL* ssl)
|
||||||
|
#ifndef NO_RSA
|
||||||
|
case rsa_kea:
|
||||||
|
{
|
||||||
|
+ /* build PreMasterSecret with RNG data */
|
||||||
|
ret = wc_RNG_GenerateBlock(ssl->rng,
|
||||||
|
- ssl->arrays->preMasterSecret, SECRET_LEN);
|
||||||
|
+ &ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||||
|
+ SECRET_LEN - VERSION_SZ);
|
||||||
|
if (ret != 0) {
|
||||||
|
goto exit_scke;
|
||||||
|
}
|
||||||
|
@@ -23545,6 +23544,9 @@ static int DoSessionTicket(WOLFSSL* ssl,
|
||||||
|
word32 idx;
|
||||||
|
word32 begin;
|
||||||
|
word32 sigSz;
|
||||||
|
+ #ifndef NO_RSA
|
||||||
|
+ int lastErr;
|
||||||
|
+ #endif
|
||||||
|
} DckeArgs;
|
||||||
|
|
||||||
|
static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs)
|
||||||
|
@@ -23770,6 +23772,14 @@ static int DoSessionTicket(WOLFSSL* ssl,
|
||||||
|
ERROR_OUT(BUFFER_ERROR, exit_dcke);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* pre-load PreMasterSecret with RNG data */
|
||||||
|
+ ret = wc_RNG_GenerateBlock(ssl->rng,
|
||||||
|
+ &ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||||
|
+ SECRET_LEN - VERSION_SZ);
|
||||||
|
+ if (ret != 0) {
|
||||||
|
+ goto exit_dcke;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
args->output = NULL;
|
||||||
|
break;
|
||||||
|
} /* rsa_kea */
|
||||||
|
@@ -24234,6 +24244,20 @@ static int DoSessionTicket(WOLFSSL* ssl,
|
||||||
|
NULL, 0, NULL
|
||||||
|
#endif
|
||||||
|
);
|
||||||
|
+
|
||||||
|
+ /* Errors that can occur here that should be
|
||||||
|
+ * indistinguishable:
|
||||||
|
+ * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR
|
||||||
|
+ */
|
||||||
|
+ if (ret < 0 && ret != BAD_FUNC_ARG) {
|
||||||
|
+ #ifdef WOLFSSL_ASYNC_CRYPT
|
||||||
|
+ if (ret == WC_PENDING_E)
|
||||||
|
+ goto exit_dcke;
|
||||||
|
+ #endif
|
||||||
|
+ /* store error code for handling below */
|
||||||
|
+ args->lastErr = ret;
|
||||||
|
+ ret = 0;
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
} /* rsa_kea */
|
||||||
|
#endif /* !NO_RSA */
|
||||||
|
@@ -24380,16 +24404,42 @@ static int DoSessionTicket(WOLFSSL* ssl,
|
||||||
|
/* Add the signature length to idx */
|
||||||
|
args->idx += args->length;
|
||||||
|
|
||||||
|
- if (args->sigSz == SECRET_LEN && args->output != NULL) {
|
||||||
|
- XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN);
|
||||||
|
- if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||
|
||||||
|
- ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {
|
||||||
|
- ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);
|
||||||
|
+ #ifdef DEBUG_WOLFSSL
|
||||||
|
+ /* check version (debug warning message only) */
|
||||||
|
+ if (args->output != NULL) {
|
||||||
|
+ if (args->output[0] != ssl->chVersion.major ||
|
||||||
|
+ args->output[1] != ssl->chVersion.minor) {
|
||||||
|
+ WOLFSSL_MSG("preMasterSecret version mismatch");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ #endif
|
||||||
|
+
|
||||||
|
+ /* RFC5246 7.4.7.1:
|
||||||
|
+ * Treat incorrectly formatted message blocks and/or
|
||||||
|
+ * mismatched version numbers in a manner
|
||||||
|
+ * indistinguishable from correctly formatted RSA blocks
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ ret = args->lastErr;
|
||||||
|
+ args->lastErr = 0; /* reset */
|
||||||
|
+
|
||||||
|
+ /* build PreMasterSecret */
|
||||||
|
+ ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
|
||||||
|
+ ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
|
||||||
|
+ if (ret == 0 && args->sigSz == SECRET_LEN &&
|
||||||
|
+ args->output != NULL) {
|
||||||
|
+ XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ],
|
||||||
|
+ &args->output[VERSION_SZ],
|
||||||
|
+ SECRET_LEN - VERSION_SZ);
|
||||||
|
+ }
|
||||||
|
else {
|
||||||
|
- ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
|
||||||
|
+ /* preMasterSecret has RNG and version set */
|
||||||
|
+ /* return proper length and ignore error */
|
||||||
|
+ /* error will be caught as decryption error */
|
||||||
|
+ args->sigSz = SECRET_LEN;
|
||||||
|
+ ret = 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
break;
|
||||||
|
} /* rsa_kea */
|
||||||
|
#endif /* !NO_RSA */
|
||||||
|
--- a/wolfssl/error-ssl.h
|
||||||
|
+++ b/wolfssl/error-ssl.h
|
||||||
|
@@ -57,7 +57,7 @@ enum wolfSSL_ErrorCodes {
|
||||||
|
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
|
||||||
|
WANT_READ = -323, /* want read, call again */
|
||||||
|
NOT_READY_ERROR = -324, /* handshake layer not ready */
|
||||||
|
- PMS_VERSION_ERROR = -325, /* pre m secret version error */
|
||||||
|
+
|
||||||
|
VERSION_ERROR = -326, /* record layer version error */
|
||||||
|
WANT_WRITE = -327, /* want write, call again */
|
||||||
|
BUFFER_ERROR = -328, /* malformed buffer input */
|
|
@ -1,8 +1,6 @@
|
||||||
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
|
|
||||||
index 039c238..73537e0 100644
|
|
||||||
--- a/wolfssl/wolfcrypt/settings.h
|
--- a/wolfssl/wolfcrypt/settings.h
|
||||||
+++ b/wolfssl/wolfcrypt/settings.h
|
+++ b/wolfssl/wolfcrypt/settings.h
|
||||||
@@ -1633,7 +1633,7 @@ extern void uITRON4_free(void *p) ;
|
@@ -1553,7 +1553,7 @@ extern void uITRON4_free(void *p) ;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* warning for not using harden build options (default with ./configure) */
|
/* warning for not using harden build options (default with ./configure) */
|
||||||
|
|
Loading…
Reference in a new issue