[Pkg-erlang-commits] r1985 - in erlang/branches/stretch/debian: . patches

Thu Dec 7 08:07:59 UTC 2017

Author: sgolovan
Date: 2017-12-07 08:07:59 +0000 (Thu, 07 Dec 2017)
New Revision: 1985

Added:
   erlang/branches/stretch/debian/patches/cve-2017-1000385.patch
Modified:
   erlang/branches/stretch/debian/changelog
   erlang/branches/stretch/debian/patches/series
Log:
[erlang-stretch]
  * Applied a patch from the upstream which fixes CVE-2017-1000385
    vulnerability (TLS server vunlerable to Adaptive Chosen Ciphertext attack
    allowing plaintext recovery ot MITM attack).


Modified: erlang/branches/stretch/debian/changelog
===================================================================

--- erlang/branches/stretch/debian/changelog	2017-12-06 04:41:54 UTC (rev 1984)
+++ erlang/branches/stretch/debian/changelog	2017-12-07 08:07:59 UTC (rev 1985)
@@ -1,3 +1,11 @@
+erlang (1:19.2.1+dfsg-2+deb9u1) stretch-security; urgency=high
+
+  * Applied a patch from the upstream which fixes CVE-2017-1000385
+    vulnerability (TLS server vunlerable to Adaptive Chosen Ciphertext attack
+    allowing plaintext recovery ot MITM attack).
+
+ -- Sergei Golovan <sgolovan at debian.org>  Wed, 22 Mar 2017 15:31:29 +0300
+
 erlang (1:19.2.1+dfsg-2) unstable; urgency=high
 
   * Applied a patch from the PCRE upstream which fixes CVE-2016-10253

Added: erlang/branches/stretch/debian/patches/cve-2017-1000385.patch
===================================================================
--- erlang/branches/stretch/debian/patches/cve-2017-1000385.patch	                        (rev 0)
+++ erlang/branches/stretch/debian/patches/cve-2017-1000385.patch	2017-12-07 08:07:59 UTC (rev 1985)
@@ -0,0 +1,65 @@
+From 3b4386dd19b7e669f557c95ace8d7ba228291927 Mon Sep 17 00:00:00 2001
+From: Ingela Anderton Andin <ingela at erlang.org>
+Date: Tue, 7 Nov 2017 18:34:34 +0100
+Subject: [PATCH] ssl: Countermeasurements for Bleichenbacher attack
+
+--- a/lib/ssl/src/dtls_connection.erl
++++ b/lib/ssl/src/dtls_connection.erl
+@@ -583,6 +583,7 @@
+ 
+ 	    State = prepare_flight(State0#state{connection_states = ConnectionStates,
+ 						negotiated_version = Version,
++                                                client_hello_version = ClientVersion,
+ 						hashsign_algorithm = HashSign,
+ 						session = Session,
+ 						negotiated_protocol = Protocol}),
+--- a/lib/ssl/src/ssl_connection.erl
++++ b/lib/ssl/src/ssl_connection.erl
+@@ -1356,8 +1356,25 @@
+     request_client_cert(State2, Connection).
+ 
+ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
+-			    #state{private_key = Key} = State, Connection) ->
+-    PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key),
++			    #state{private_key = Key, client_hello_version = {Major, Minor} = Version} = State, Connection) ->
++
++    %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
++    %% and fail handshake later.RFC 5246 section 7.4.7.1.
++    PremasterSecret =
++        try ssl_handshake:premaster_secret(EncPMS, Key) of
++            Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
++                case Secret of
++                    <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
++                        Secret;
++                    <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
++                        <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
++                end;
++            _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
++                make_premaster_secret(Version, rsa)
++        catch 
++            #alert{description = ?DECRYPT_ERROR} ->
++                make_premaster_secret(Version, rsa)     
++        end,        
+     calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
+ 
+ certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
+--- a/lib/ssl/src/ssl_connection.hrl
++++ b/lib/ssl/src/ssl_connection.hrl
+@@ -57,6 +57,7 @@
+ 	  session_cache_cb      :: atom(),
+ 	  crl_db                :: term(), 
+           negotiated_version    :: ssl_record:ssl_version() | 'undefined',
++          client_hello_version  :: ssl_record:ssl_version() | 'undefined',
+           client_certificate_requested = false :: boolean(),
+ 	  key_algorithm         :: ssl_cipher:key_algo(),
+ 	  hashsign_algorithm = {undefined, undefined},
+--- a/lib/ssl/src/tls_connection.erl
++++ b/lib/ssl/src/tls_connection.erl
+@@ -275,6 +275,7 @@
+ 	    gen_handshake(ssl_connection, hello, internal, {common_client_hello, Type, ServerHelloExt},
+ 				 State#state{connection_states  = ConnectionStates,
+ 					     negotiated_version = Version,
++                                             client_hello_version = ClientVersion,
+ 					     hashsign_algorithm = HashSign,
+ 					     session = Session,
+ 					     negotiated_protocol = Protocol})

Modified: erlang/branches/stretch/debian/patches/series
===================================================================
--- erlang/branches/stretch/debian/patches/series	2017-12-06 04:41:54 UTC (rev 1984)
+++ erlang/branches/stretch/debian/patches/series	2017-12-07 08:07:59 UTC (rev 1985)
@@ -11,3 +11,4 @@
 beamload.patch
 x32.patch
 cve-2016-10253.patch
+cve-2017-1000385.patch


