[Pkg-erlang-commits] r1995 - in erlang/branches/wheezy/debian: . patches

sgolovan at alioth.debian.org sgolovan at alioth.debian.org
Fri Dec 15 12:15:50 UTC 2017 

Author: sgolovan
Date: 2017-12-15 12:15:50 +0000 (Fri, 15 Dec 2017)
New Revision: 1995

Added:
   erlang/branches/wheezy/debian/patches/CVE-2017-1000385.patch
Modified:
   erlang/branches/wheezy/debian/changelog
   erlang/branches/wheezy/debian/patches/series
Log:
[erlang-wheezy-security]
  * Fix CVE-2017-1000385: TLS server vulnerable to Adaptive Chosen Ciphertext
    attack allowing plaintext recovery of encrypted messages or MITM attack.


Modified: erlang/branches/wheezy/debian/changelog
===================================================================
--- erlang/branches/wheezy/debian/changelog	2017-12-15 11:57:46 UTC (rev 1994)
+++ erlang/branches/wheezy/debian/changelog	2017-12-15 12:15:50 UTC (rev 1995)
@@ -1,8 +1,9 @@
-erlang (1:15.b.1-dfsg-4+deb7u2) UNRELEASED; urgency=low
+erlang (1:15.b.1-dfsg-4+deb7u2) wheezy-security; urgency=medium
 
-  * NOT RELEASED YET
+  * Fix CVE-2017-1000385: TLS server vulnerable to Adaptive Chosen Ciphertext
+    attack allowing plaintext recovery of encrypted messages or MITM attack.
 
- -- Sergei Golovan <sgolovan at debian.org>  Sun, 16 Mar 2014 10:26:07 +0400
+ -- Raphaël Hertzog <hertzog at debian.org>  Tue, 12 Dec 2017 12:16:47 +0100
 
 erlang (1:15.b.1-dfsg-4+deb7u1) stable-proposed-updates; urgency=low
 

Added: erlang/branches/wheezy/debian/patches/CVE-2017-1000385.patch
===================================================================
--- erlang/branches/wheezy/debian/patches/CVE-2017-1000385.patch	                        (rev 0)
+++ erlang/branches/wheezy/debian/patches/CVE-2017-1000385.patch	2017-12-15 12:15:50 UTC (rev 1995)
@@ -0,0 +1,54 @@
+Description: Fix CVE-2017-1000385
+ This is a backport of the upstream patch on version 18.3.4.7
+ which fixes the Adaptive Chosen Ciphertext attack allowing
+ plaintext recovery or MITM attack.
+Origin: backport, https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0
+Last-Update: 2017-12-12
+
+--- a/lib/ssl/src/ssl_connection.erl
++++ b/lib/ssl/src/ssl_connection.erl
+@@ -75,6 +75,7 @@
+ 	  session_cache,        % 
+ 	  session_cache_cb,     %
+           negotiated_version,   % tls_version()
++          client_hello_version, % tls_version()
+           supported_protocol_versions, % [atom()]
+           client_certificate_requested = false,
+ 	  key_algorithm,       % atom as defined by cipher_suite
+@@ -416,6 +417,7 @@ hello(Hello = #client_hello{client_versi
+             do_server_hello(Type, State#state{connection_states  = 
+ 					      ConnectionStates,
+ 					      negotiated_version = Version,
++					      client_hello_version = ClientVersion,
+ 					      session = Session});
+         #alert{} = Alert ->
+             handle_own_alert(Alert, ClientVersion, hello, State), 
+@@ -604,10 +606,27 @@ certify(Msg, State) ->
+ 
+ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
+ 			    #state{negotiated_version = Version,
++				   client_hello_version = {Major, Minor} = ClientVersion,
+ 				   connection_states = ConnectionStates0,
+ 				   session = Session0,
+ 				   private_key = Key} = State0) ->
+-    PremasterSecret = ssl_handshake:decrypt_premaster_secret(EncPMS, Key),
++    %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
++    %% and fail handshake later.RFC 5246 section 7.4.7.1.
++    PremasterSecret =
++        try ssl_handshake:decrypt_premaster_secret(EncPMS, Key) of
++            Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
++                case Secret of
++                    <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
++                        Secret;
++                    <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
++                        <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
++                end;
++            _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
++                make_premaster_secret(ClientVersion, rsa)
++        catch
++            #alert{description = ?DECRYPT_ERROR} ->
++                make_premaster_secret(ClientVersion, rsa)
++        end,
+     case ssl_handshake:master_secret(Version, PremasterSecret,
+ 				     ConnectionStates0, server) of
+ 	{MasterSecret, ConnectionStates} ->

Modified: erlang/branches/wheezy/debian/patches/series
===================================================================
--- erlang/branches/wheezy/debian/patches/series	2017-12-15 11:57:46 UTC (rev 1994)
+++ erlang/branches/wheezy/debian/patches/series	2017-12-15 12:15:50 UTC (rev 1995)
@@ -10,3 +10,4 @@
 hppa.patch
 powerpc.patch
 CVE-2014-1693.patch
+CVE-2017-1000385.patch

More information about the Pkg-erlang-commits mailing list