Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: cae3ac8c30bf
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9642f121eb1a
Choose a head ref
  • 4 commits
  • 3 files changed
  • 3 contributors

Commits on Apr 22, 2020

  1. Merge release-19.09 into staging-19.09

    @FRidh
    FRidh committed Apr 22, 2020
    Copy the full SHA
    a9750db View commit details

  2. openssl: patch CVE-2020-1967 

    openssl/openssl@eb56324
openssl/openssl@64eef86
    @mweinelt
    mweinelt committed Apr 22, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f37435d View commit details

Commits on Apr 23, 2020

  1. Merge pull request #85818 from mweinelt/19.09/openssl/cve-2020-1967 

    [19.09] openssl: patch CVE-2020-1967
    @andir
    andir authored Apr 23, 2020
    Copy the full SHA
    04273c3 View commit details

  2. Merge staging-19.09 into release-19.09 

    Build security updates on release branch so *-small channel is updated as soon as possible.
    @FRidh
    FRidh committed Apr 23, 2020
    Copy the full SHA
    9642f12 View commit details
114 changes: 114 additions & 0 deletions pkgs/development/libraries/openssl/1.1/cve-2020-1967-test.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri, 10 Apr 2020 12:27:28 -0700
Subject: Add test for CVE-2020-1967

Add to test_sslsigalgs a TLSProxy test that injects a
"signature_algorithms_cert" extension that contains an unallocated
codepoint.

The test currently fails, since s_server segfaults instead of
ignoring the unrecognized value.

Since "signature_algorithms" and "signature_algorithms_cert" are very
similar, also add the analogous test for "signature_algorithms".

[bigeasy: + 2x "fixup! Add test for CVE-2020-1967"]
---
test/recipes/70-test_sslsigalgs.t | 66 +++++++++++++++++++++++++++++++++++++--
1 file changed, 64 insertions(+), 2 deletions(-)

diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t
index f805dcf221e8..9fadefdee62d 100644
--- a/test/recipes/70-test_sslsigalgs.t
+++ b/test/recipes/70-test_sslsigalgs.t
@@ -44,7 +44,9 @@ use constant {
COMPAT_SIGALGS => 6,
SIGALGS_CERT_ALL => 7,
SIGALGS_CERT_PKCS => 8,
- SIGALGS_CERT_INVALID => 9
+ SIGALGS_CERT_INVALID => 9,
+ UNRECOGNIZED_SIGALGS_CERT => 10,
+ UNRECOGNIZED_SIGALG => 11
};

#Note: Throughout this test we override the default ciphersuites where TLSv1.2
@@ -53,7 +55,7 @@ use constant {

#Test 1: Default sig algs should succeed
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 22;
+plan tests => 24;
ok(TLSProxy::Message->success, "Default sigalgs");
my $testtype;

@@ -261,6 +263,39 @@ SKIP: {
ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert");
}

+SKIP: {
+ skip "TLS 1.3 disabled", 2 if disabled("tls1_3");
+ #Test 23: Send an unrecognized signature_algorithms_cert
+ # We should be able to skip over the unrecognized value and use a
+ # valid one that appears later in the list.
+ $proxy->clear();
+ $proxy->filter(\&inject_unrecognized_sigalg);
+ $proxy->clientflags("-tls1_3");
+ # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is
+ # needed to trigger (e.g.) CVE-2020-1967
+ $proxy->serverflags("" .
+ " -xcert " . srctop_file("test", "certs", "servercert.pem") .
+ " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
+ " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
+ $testtype = UNRECOGNIZED_SIGALGS_CERT;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello");
+
+ #Test 24: Send an unrecognized signature_algorithms
+ # We should be able to skip over the unrecognized value and use a
+ # valid one that appears later in the list.
+ $proxy->clear();
+ $proxy->filter(\&inject_unrecognized_sigalg);
+ $proxy->clientflags("-tls1_3");
+ $proxy->serverflags("" .
+ " -xcert " . srctop_file("test", "certs", "servercert.pem") .
+ " -xkey " . srctop_file("test", "certs", "serverkey.pem") .
+ " -xchain " . srctop_file("test", "certs", "rootcert.pem"));
+ $testtype = UNRECOGNIZED_SIGALG;
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello");
+}
+


sub sigalgs_filter
@@ -406,3 +441,30 @@ sub modify_cert_verify_sigalg
}
}
}
+
+sub inject_unrecognized_sigalg
+{
+ my $proxy = shift;
+ my $type;
+
+ # We're only interested in the initial ClientHello
+ if ($proxy->flight != 0) {
+ return;
+ }
+ if ($testtype == UNRECOGNIZED_SIGALGS_CERT) {
+ $type = TLSProxy::Message::EXT_SIG_ALGS_CERT;
+ } elsif ($testtype == UNRECOGNIZED_SIGALG) {
+ $type = TLSProxy::Message::EXT_SIG_ALGS;
+ } else {
+ return;
+ }
+
+ my $ext = pack "C8",
+ 0x00, 0x06, #Extension length
+ 0xfe, 0x18, #private use
+ 0x04, 0x01, #rsa_pkcs1_sha256
+ 0x08, 0x04; #rsa_pss_rsae_sha256;
+ my $message = ${$proxy->message_list}[0];
+ $message->set_extension($type, $ext);
+ $message->repack;
+}
42 changes: 42 additions & 0 deletions pkgs/development/libraries/openssl/1.1/cve-2020-1967.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Fri, 10 Apr 2020 12:27:28 -0700
Subject: Fix NULL dereference in SSL_check_chain() for TLS 1.3

In the tls1_check_sig_alg() helper function, we loop through the list of
"signature_algorithms_cert" values received from the client and attempt
to look up each one in turn in our internal table that maps wire
codepoint to string-form name, digest and/or signature NID, etc., in
order to compare the signature scheme from the peer's list against what
is used to sign the certificates in the certificate chain we're
checking. Unfortunately, when the peer sends a value that we don't
support, the lookup returns NULL, but we unconditionally dereference the
lookup result for the comparison, leading to an application crash
triggerable by an unauthenticated client.

Since we will not be able to say anything about algorithms we don't
recognize, treat NULL return from lookup as "does not match".

We currently only apply the "signature_algorithm_cert" checks on TLS 1.3
connections, so previous TLS versions are unaffected. SSL_check_chain()
is not called directly from libssl, but may be used by the application
inside a callback (e.g., client_hello or cert callback) to verify that a
candidate certificate chain will be acceptable to the client.

CVE-2020-1967
---
ssl/t1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index b482019c4c17..5287d10a2d0a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2099,7 +2099,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
sigalg = use_pc_sigalgs
? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
: s->shared_sigalgs[i];
- if (sig_nid == sigalg->sigandhash)
+ if (sigalg != NULL && sig_nid == sigalg->sigandhash)
return 1;
}
return 0;
4 changes: 4 additions & 0 deletions pkgs/development/libraries/openssl/default.nix
View file
Original file line number Diff line number Diff line change
@@ -154,6 +154,10 @@ in {

./1.1/cve-2019-1551.patch
./1.1/cve-2019-1551-improve.patch

./1.1/cve-2020-1967.patch
./1.1/cve-2020-1967-test.patch

];
withDocs = true;
};