Add SA-16:11.

svn path=/head/; revision=48116

share/security/advisories/FreeBSD-SA-16:11.openssl.asc

@@ -0,0 +1,159 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:11.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL SSLv2 ciphersuite downgrade vulnerability
+
+Category:       contrib
+Module:         openssl
+Announced:      2016-01-30
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-01-28 21:42:10 UTC (stable/10, 10.2-STABLE)
+                2016-01-30 06:12:03 UTC (releng/10.2, 10.2-RELEASE-p12)
+                2016-01-30 06:12:03 UTC (releng/10.1, 10.1-RELEASE-p29)
+                2016-01-30 06:09:38 UTC (stable/9, 9.3-STABLE)
+                2016-01-30 06:12:03 UTC (releng/9.3, 9.3-RELEASE-p36)
+CVE Name:       CVE-2015-3197
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+A malicious client can negotiate SSLv2 ciphers that have been disabled on
+the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+been disabled, provided that the SSLv2 protocol was not also disabled via
+SSL_OP_NO_SSLv2.
+
+III. Impact
+
+An active MITM attacker may be able to force a protocol downgrade to SSLv2,
+which is a flawed protocol and intercept the communication between client
+and server.
+
+IV.  Workaround
+
+No workaround is available, but only applications that do not explicitly
+disable SSLv2 are affected.
+
+To determine if a server have SSLv2 enabled, a system administrator can
+use the following command:
+
+% openssl s_client -ssl2 -connect <host>:<port> </dev/null 2>&1 | grep DONE
+
+which will print "DONE" if and only if SSLv2 is enabled.  Note that this
+check will not work for services that uses STARTTLS or DTLS.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all deamons using the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all deamons using the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.2]
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.2.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.2.patch.asc
+# gpg --verify openssl-10.2.patch.asc
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.1.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-10.1.patch.asc
+# gpg --verify openssl-10.1.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-9.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:11/openssl-9.3.patch.asc
+# gpg --verify openssl-9.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r295060
+releng/9.3/                                                       r295061
+stable/10/                                                        r295016
+releng/10.1/                                                      r295061
+releng/10.2/                                                      r295061
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.openssl.org/news/secadv/20160128.txt>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAEBCgAGBQJWrFhQAAoJEO1n7NZdz2rnzcwQAJJQvYkvHuVHHBHCuV576ceJ
+39Ry8ooGsNquyThUndbDYOV+Vhpj62XEnI+PXUgZPKENglnf+rRu0CWfCs1SqFQE
+EGOSsiXmBFyvJ8AMoQfiBdCoNRCBafqhY637IG8FU7WSpg8vYJO3bGCLmsgVbeoz
+V2kHmUtGUNSgksvOjo2O6ezc6rYc5jPrpB11mUZ8xFoBE9YhLNRpfttCajKAYy+9
+t7S3tuGnleWWmnLdFj0jNJXjg38h9gG18L4kr+z/mFFWKYmFNdKuoXlpseMFD7pb
+LP7RipHDh0WQqtVOQtyu0x6BuijiuIlByadcHZO1MfDNXnu1UR5OEESs0EYElh8O
+6mR/i3MZ1m9DoIoRcR1eCNQN2NiWV4tVCflSTi2pUl3TTCBpYn+THMi17c4IzTNA
+kaMR7AUeXgJVAntfmAx4mdqdjTam2EfCNRoMS3WdfVCD8cZQDewxFmEY2FbHUzix
+WUBVTUzx2BTUQO7PKJ6UdEiojetJ+OmwlaAb8WfGQTypANKUfMcyXzfmtmM4dgJg
+NjNIUxA9T3unmWUg5nh7CACJVWcykyM1ORLqFTrrxAlIz3d1gPI2kqGiMGtEMbzI
+A42xSFfHVvUJ6MzXe98Sf6cDWs98qQBTLDxHo5COpq6zV4AFDqlvdyzcJ/SQTAfq
+tsPAVgWspt40dxnRQfku
+=DN5y
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:11/openssl-10.1.patch

@@ -0,0 +1,43 @@
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 294905)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -400,7 +400,7 @@ static int get_client_master_key(SSL *s)
+ 			}
+ 
+ 		cp=ssl2_get_cipher_by_char(p);
+-		if (cp == NULL)
++		if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0)
+ 			{
+ 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+ 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+@@ -698,9 +698,12 @@ static int get_client_hello(SSL *s)
+ 		    prio = cs;
+ 		    allow = cl;
+ 		    }
+-		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
++		/* Generate list of SSLv2 ciphers shared between client and server */
++		for (z = 0; z < sk_SSL_CIPHER_num(prio); z++)
+ 			{
+-			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
++			const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
++			if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
++			    sk_SSL_CIPHER_find(allow, cp) < 0)
+ 				{
+ 				(void)sk_SSL_CIPHER_delete(prio,z);
+ 				z--;
+@@ -711,6 +714,14 @@ static int get_client_hello(SSL *s)
+ 		    sk_SSL_CIPHER_free(s->session->ciphers);
+ 		    s->session->ciphers = prio;
+ 		    }
++
++		/* Make sure we have at least one cipher in common */
++		if (sk_SSL_CIPHER_num(s->session->ciphers) == 0)
++			{
++			ssl2_return_error(s, SSL2_PE_NO_CIPHER);
++			SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
++			return -1;
++			}
+ 		/* s->session->ciphers should now have a list of
+ 		 * ciphers that are on both the client and server.
+ 		 * This list is ordered by the order the client sent

share/security/patches/SA-16:11/openssl-10.1.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJWrFhgAAoJEO1n7NZdz2rnrYUQAJcK0DBwDfvVysKdQBmryikB
+iNjcbriE3X/secGwz2DnN38LoeXS1dP9N0Zk07KWaWi516PpQq1bHLxvomlvcxhw
+m98/Vmwv/MAK6g8AxEeVoXP8A2dCYeVGu8AWmfp9wwum1Kl9vGmm4UE3McPC3a59
+9mqJ1U+icn72EasyZMGNc8WnwZleuievXYxUkFJwQ32urbMgnIk/XkNT9ULpWjiH
+omgu4C4IXKyb/zer0AW5xfQ2WbMqmxD93R4ApcM79+wxCtHFK+CxFeX7Xc8BXAXn
+SEn69KggtFCYCXnsIdAE42IK28c3iw7MoeHPSZAYUf8SJ3x99NvXvdfPairLz6X1
+kjaAbbi2ycZRJBdBWTiSqYrtW3tSPGz+LtutbctcOjB6EsZMbbOZWKZYwAD2d1vi
+httOrSpgd15Jqkhh6xYoK5qmk4rDUMe8MbaSmYH0rmjB/79VxBSneocwWnYpbsUO
+m6Zrg1EpKfoIGcXYeanRHZqobeR+0uhi3oX/dBOUmxycWEMlALxboVJ7DU/q+AXE
+Fq7+H8wkATvMXaJtlRWmKV34ShfmIqTEceNLJMDHFqb/j/yUNKrA3pjfqgkoYflf
+IHrG1v61haJNREs2hx1fTWWy315ua9pwOHrpR9eYNiOwh3b4MbKdA9QErYZLMyuM
+gt45GgReqbU50ikXipnp
+=voQ/
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:11/openssl-10.2.patch

@@ -0,0 +1,41 @@
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 294905)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
+         }
+ 
+         cp = ssl2_get_cipher_by_char(p);
+-        if (cp == NULL) {
++        if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
+             ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+             SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+             return (-1);
+@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
+             prio = cs;
+             allow = cl;
+         }
++
++        /* Generate list of SSLv2 ciphers shared between client and server */
+         for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
+-            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
++            const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
++            if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
++                sk_SSL_CIPHER_find(allow, cp) < 0) {
+                 (void)sk_SSL_CIPHER_delete(prio, z);
+                 z--;
+             }
+@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
+             sk_SSL_CIPHER_free(s->session->ciphers);
+             s->session->ciphers = prio;
+         }
++
++        /* Make sure we have at least one cipher in common */
++        if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
++            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
++            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
++            return -1;
++        }
+         /*
+          * s->session->ciphers should now have a list of ciphers that are on
+          * both the client and server. This list is ordered by the order the

share/security/patches/SA-16:11/openssl-10.2.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJWrFhgAAoJEO1n7NZdz2rn7pIP/RfM/xbLqKh6jOQKzCAs/hqK
+erl+zzNNn8cJF00c1T2kFY05pwvFExAIAdPQ09uk7S+d+qC1tfn55ioPT0rUaLsv
+qvhsRGEB2FZi+c6l8ZFK9qvePbqTzGAwYjhcmbaxw83YtosdxM5Z6Q3v9Nzfd6cG
+qvGH6X91MDlpzyKx/ZQ/vXXFkMO1gDzMgOJe6phgKkxMiNfknqBifsLaJBUq0uSZ
+WaqlfbhPDDXFu2hJ3lvizAxz2+6OQVUZeuGaw0UPtAzofBdX4H3UhUXjFPO1iECV
+D3P0jTUKnNswd1l6xR8AUNHPh78Zf3T8hE9Ihf7jBiwVpA4VX2+jyan3NfC5ESO2
+dXStOPa4weEMERJVoBra8ZcvUwl+F63/ti35mf42KQK/dMXfn4YYJg06ZOyAxdG2
++7bAJCCW6IVmIWhh+k7UdajP7KKSjyaopw/sNEAvU01iS4nB9EBnFebQ785GgRfE
+iUEm98lCjIzkWLqZU6aGwLL46S3GUYkIhylUjLuHwsVm7YjEhURU0ghhM+srZDuX
+yd4appgHar632XnotetsIiivKkzZJYK+1pt9tVf72/Q7V+ba4Zj7FCs1DEvwAfYa
+LNIFIjS02ocgBQjKKR9+UqazuXe2+o0CpOKlqB/HGeIU3Rcc25h2y3uk8q/cCYoa
+ibsADoMVD+ImHQXbKtlu
+=L3PJ
+-----END PGP SIGNATURE-----

share/security/patches/SA-16:11/openssl-9.3.patch

@@ -0,0 +1,43 @@
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 294905)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -392,7 +392,7 @@ static int get_client_master_key(SSL *s)
+ 			}
+ 
+ 		cp=ssl2_get_cipher_by_char(p);
+-		if (cp == NULL)
++		if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0)
+ 			{
+ 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+ 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+@@ -690,9 +690,12 @@ static int get_client_hello(SSL *s)
+ 		    prio = cs;
+ 		    allow = cl;
+ 		    }
+-		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
++		/* Generate list of SSLv2 ciphers shared between client and server */
++		for (z = 0; z < sk_SSL_CIPHER_num(prio); z++)
+ 			{
+-			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
++			const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
++			if ((cp->algorithms & SSL_SSLV2) == 0 ||
++			    sk_SSL_CIPHER_find(allow, cp) < 0)
+ 				{
+ 				(void)sk_SSL_CIPHER_delete(prio,z);
+ 				z--;
+@@ -703,6 +706,14 @@ static int get_client_hello(SSL *s)
+ 		    sk_SSL_CIPHER_free(s->session->ciphers);
+ 		    s->session->ciphers = prio;
+ 		    }
++
++		/* Make sure we have at least one cipher in common */
++		if (sk_SSL_CIPHER_num(s->session->ciphers) == 0)
++			{
++			ssl2_return_error(s, SSL2_PE_NO_CIPHER);
++			SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
++			return -1;
++			}
+ 		/* s->session->ciphers should now have a list of
+ 		 * ciphers that are on both the client and server.
+ 		 * This list is ordered by the order the client sent

share/security/patches/SA-16:11/openssl-9.3.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.8 (FreeBSD)
+
+iQIcBAABCgAGBQJWrFhgAAoJEO1n7NZdz2rnHfAP/0dRSsN5QEeACYvdu7fSGyvq
+/9QUsHLyGMj3wS1SUP3oFCgpXuweYfmWVtvFfA2uLqXOukuOPJLYSpJVdF0QXZrK
+dL0mlU3aaA2NLQlgl3QpnX1Gz5ItV62piljHs9Q87Is765BYnUp7i01gexVIA0PE
+kK0U5ocfYiEwGhtcRl1ndTCHFJxrAQY7quRBPgeONpB2VFoSXOmRLF2cCi8s+ebV
+cUk9sTWT+OCutzjvDFsqEFvcaVHT8jDDlXdXUuDGOzZ4sGc/OgKA6J42Wws++VKw
+LqfQjD/RP4GQNvO0mmvd/1jnr6ug+rMxJapnNRVY6nTRBOcn2qEIZjALBjjVTZdx
+xIQVc5M0CmRF4GcnKlwwJMC5vl+BPxvSbb2mKDEGY+nzXdH7z5618wwqE1EyIwj5
+U7X75vogYMv50uTTuAXazQm1WifxmpDYaaIyTRzz5pnSeXE6seeUEvkKXhmD2s+g
+OQhULV51JUPhousieaJzPVTB8/NSZAiqvma++aW7claJr7drGWL1DEOGXqRBl/Rb
+9iYDOJ6VcdqwfDUb1Hf5Ukc3oYGXkobhpswjbFnmTE96Cu/mH7Z1bKDhlG/0Zzwv
+YYHTmWn9j9/azAwL0ZTUZztDm+9ZQqSPBXJMWVEaPOskyxRUHKurgixB7uEZco9U
+RlgyGJfV0gU3oDgM9XE+
+=wEfU
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -10,6 +10,14 @@
     <month>
       <name>1</name>
 
+      <day>
+        <name>30</name>
+
+        <advisory>
+          <name>FreeBSD-SA-16:11.openssl</name>
+        </advisory>
+      </day>
+
       <day>
         <name>27</name>