Add SA-17:11.

svn path=/head/; revision=51235

share/security/advisories/FreeBSD-SA-17:11.openssl.asc

@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-17:11.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL multiple vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2017-11-29
+Affects:        All supported versions of FreeBSD.
+Corrected:      2017-11-02 18:30:41 UTC (stable/11, 11.1-STABLE)
+                2017-11-29 05:59:12 UTC (releng/11.1, 11.1-RELEASE-p5)
+                2017-11-29 05:59:12 UTC (releng/11.0, 11.0-RELEASE-p16)
+                2017-11-29 05:35:28 UTC (stable/10, 10.4-STABLE)
+                2017-11-29 05:59:50 UTC (releng/10.4, 10.4-RELEASE-p4)
+                2017-11-29 05:59:50 UTC (releng/10.3, 10.3-RELEASE-p25)
+CVE Name:       CVE-2017-3735, CVE-2017-3736
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets
+Layer (SSL) protocols. It is also a full-strength general purpose
+cryptography library.
+
+II.  Problem Description
+
+If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL
+could do a one-byte buffer overread. [CVE-2017-3735]
+
+There is a carry propagating bug in the x86_64 Montgomery squaring procedure.
+This only affects processors that support the BMI1, BMI2 and ADX extensions
+like Intel Broadwell (5th generation) and later or AMD Ryzen. [CVE-2017-3736]
+This bug only affects FreeBSD 11.x.
+
+III. Impact
+
+Application using OpenSSL may display erroneous certificate in text format.
+[CVE-2017-3735]
+
+Mishandling of carry propagation will produce incorrect output, and make it
+easier for a remote attacker to obtain sensitive private-key information.
+No EC algorithms are affected, analysis suggests that attacks against RSA
+and DSA as a result of this defect would be very difficult to perform and
+are not believed likely.
+
+Attacks against DH are considered just feasible (although very difficult)
+because most of the work necessary to deduce information about a private
+key may be performed offline.  The amount of resources required for such
+an attack would be very significant and likely only accessible to a limited
+number of attackers. An attacker would additionally need online access to
+an unpatched system using the target private key in a scenario with
+persistent DH parameters and a private key that is shared between multiple
+clients. [CVE-2017-3736]
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all daemons that use the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.3]
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl-10.patch.asc
+# gpg --verify openssl-10.patch.asc
+
+[FreeBSD 11.x]
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-17:11/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r326357
+releng/10.3/                                                      r326359
+releng/10.4/                                                      r326359
+stable/11/                                                        r325337
+releng/11.0/                                                      r326358
+releng/11.1/                                                      r326358
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>
+
+<URL:https://www.openssl.org/news/secadv/20171102.txt>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeTmQACgkQ7Wfs1l3P
+aueQNRAAzUxb6H1JAgmgCRUKzN00FunkUNygvcvJRL9jK6h1TRCGvKk/jhdmakqZ
+r/x7zjWSWBh3oBg6V3egTRIMcpSDmjKIkf/H/q9eeSlQKfHR5MVadCedghy1nq3c
+XmpDlKyLp1zuy8gzkJNQCiIqn9BvxBRaUCzPJKFlpmgQwZStZvqpxUScJOX3X4ZC
+tjlF3kaBE/9IKX8p8vulWWM+vXwsDxVKRulUeFAL75eIwo9YWva1hsUBLruKo1xg
+CgWPJ4AXa9PL8WdJsYFkOA9R9wqBs1q6A+zuUQQJw5qQnQdg/rMchKsdS8I/dV7F
+01qYYfM25q109pnNFEhIZNsZ4mIbBpW0hxzTwaq6f8bd8+7JuP3mH2xFHxIfNUzp
+jrK1DSn/kOGf0Dun8mrBAsO4y+3F92GbqOHdUzPnTAtHOHwmjIY3ljsbHnTNtUxm
+44X2O+6XIGmzUxQMOFqAfe8wRkBhIGMcEpY4NTW6g8hPJBk1o0dQgtDLpg6i+Wj/
+p+jDSNgkD4aFzsMoGc1kYsIT7qVBqn8jBydIUyrY5wQMNC+15+cDoF2QwKjGIU2H
+yWEjaec2dY6YtakMiQV8U0WPRSEj18lrSs7L9uizZSS0UHquP/xY8b6yFrBPvwXQ
+gVS3ZVKLOvCgGvl9MsJzB/FAR2jdOZdz6QzWchyG0PVZQVCPjBQ=
+=9Q78
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:11/openssl-10.patch

@@ -0,0 +1,19 @@
+--- crypto/openssl/crypto/x509v3/v3_addr.c.orig
++++ crypto/openssl/crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@
+  */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+-    return ((f != NULL &&
+-             f->addressFamily != NULL && f->addressFamily->data != NULL)
+-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+-            : 0);
++    if (f == NULL
++            || f->addressFamily == NULL
++            || f->addressFamily->data == NULL
++            || f->addressFamily->length < 2)
++        return 0;
++    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+ 
+ /*

share/security/patches/SA-17:11/openssl-10.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeToEACgkQ7Wfs1l3P
+aufSLA//X4kKoir7fhdlprg9oTE54WmueGfgE5qYj8ZOelJJ6zR1c7stXDZ6BY4D
+2aYlkL8C3j0iPPuN7pPq+g1zM3TybllcQH91coBpF/r8QnWAID9ZIARWmck11K/3
+9a3oMtMXC5Zsy5e3cXCWQvKwjZy3/83/WdOh1aOZKTRnB6zvHbu94PwFj2EvW4YZ
+kypD2/8MZUCDSvMDDwNHGgXqCuqXR8RTxt9Z7PyiQcms5qwn77UtdlUhIGt+SRWB
+XsdryyQnS/zGcRy606qBweitN3S6hBUhLDWAruBFN+3R3Rk+Tcf1EV3mqcUGqPj1
+KpD8LLgVnriwm0pZjn2bX+uXv38RvosrFRutOq3G3gFfsa4zzAzSjdRLzczDQcor
+r7yBxqQs8Xm/OiHmXD5Ch2ly7mTwwbnqIgDYkVlDKZFIVcJkqgQlIx4m+z3WDixM
+FjN+HoXWF9AfgWoS7Ka287uqWE/3Yzgi8d8t9YGyjqYaSVzN864JmpULqDBF74dU
+4X7OGZqyeD7SrjZZwxktcTvNLtrR2ftTBWvRoosPq1qs+5kQv97TtdDvhtTsrfgP
+TOHOc72aEqjERKFaXzwn+RCrDZ7ljTEhrcHa1nYfoKSX9jwIxAFK26fQ/6nyIiqx
+vqLrYYY1bx2YMHyDAskMXVrXPNC8doG3CazHF8L5fiThDRaMEC8=
+=QvsH
+-----END PGP SIGNATURE-----

share/security/patches/SA-17:11/openssl.patch

@@ -0,0 +1,67 @@
+--- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl.orig
++++ crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+@@ -3090,11 +3090,19 @@
+ 
+ .align	32
+ .Lsqrx8x_break:
+-	sub	16+8(%rsp),%r8		# consume last carry
++	xor	$zero,$zero
++	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
++	adcx	$zero,%r8
+ 	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
++	adcx	$zero,%r9
+ 	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
+-	xor	%ebp,%ebp		# xor	$zero,$zero
++	adc	\$0,%r10
+ 	mov	%r8,0*8($tptr)
++	adc	\$0,%r11
++	adc	\$0,%r12
++	adc	\$0,%r13
++	adc	\$0,%r14
++	adc	\$0,%r15
+ 	cmp	$carry,$tptr		# cf=0, of=0
+ 	je	.Lsqrx8x_outer_loop
+ 
+--- crypto/openssl/crypto/x509v3/v3_addr.c.orig
++++ crypto/openssl/crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@
+  */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+-    return ((f != NULL &&
+-             f->addressFamily != NULL && f->addressFamily->data != NULL)
+-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+-            : 0);
++    if (f == NULL
++            || f->addressFamily == NULL
++            || f->addressFamily->data == NULL
++            || f->addressFamily->length < 2)
++        return 0;
++    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+ 
+ /*
+--- secure/lib/libcrypto/amd64/x86_64-mont5.S.orig
++++ secure/lib/libcrypto/amd64/x86_64-mont5.S
+@@ -3077,11 +3077,19 @@
+ 
+ .align	32
+ .Lsqrx8x_break:
+-	subq	16+8(%rsp),%r8
++	xorq	%rbp,%rbp
++	subq	16+8(%rsp),%rbx
++	adcxq	%rbp,%r8
+ 	movq	24+8(%rsp),%rcx
++	adcxq	%rbp,%r9
+ 	movq	0(%rsi),%rdx
+-	xorl	%ebp,%ebp
++	adcq	$0,%r10
+ 	movq	%r8,0(%rdi)
++	adcq	$0,%r11
++	adcq	$0,%r12
++	adcq	$0,%r13
++	adcq	$0,%r14
++	adcq	$0,%r15
+ 	cmpq	%rcx,%rdi
+ 	je	.Lsqrx8x_outer_loop
+ 

share/security/patches/SA-17:11/openssl.patch.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.2.3 (FreeBSD)
+
+iQIzBAABCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAloeToIACgkQ7Wfs1l3P
+aueWcg//RlFQI3WV/Tp0/Rr97YHQz1UD4rdqGLq+Thl3alcW3Qv/78SdAGe8uH+D
+gNsz75tNH5GAR1jrxawXQfrYttasfJgL+gmJxFZWx5NeVW0XbP2i9XIcc6cwgN5x
+hRWRbaBrnmGDwP/DFhqPr/Dc4bT8UpfEKSOKt51F5XiZMSNcNFoh3rbBCf4Vr631
+0NroVSCKNJAOKl0ZXF//tm3tbMmWgrI8SMlJjfDa9sqd0e3iJoouHe+z+kYDpbQ1
+tx78U1PaUV651T+gMc9ynyG4+V9TBFS+5pEjEw+IKBSQ4EW8rsEOzin80CdgcwJo
+uFmnCXyr/xOy9pNNWipug9qo0f1beQ5txo1LQb55eR5U4N58Pp90+OoMc7noAfBd
+kHJUJQkbqoi+CNivK0W7zLOcWw0iBWEhiI3FIEDXnXI86r7evVTHozPPJhcp276c
+k1KTJPxcs7YOEpKJYIXL5Ec3SXzXgGPwhUvq64sKrSSmB0nUb/vbH/SlDrT6Q99d
+ifFgpZ2gZmGVkQM0eIDeChQCD19xu1BLbw9mvlw8RqA1NIbqWlBdxmlLGY00iPy2
+TxiHJWaOdF0OnhS/LHe6BtKmhcpllpERMvCrDtlnG37DR07VPs5hM6mSFDwYZN7/
+0/MdsoODCQIOdsXMUo/d74F36/cPL/1QgPYpO3OdVpIovzl3MRQ=
+=CiUu
+-----END PGP SIGNATURE-----

share/xml/advisories.xml

@@ -10,6 +10,14 @@
     <month>
       <name>11</name>
 
+      <day>
+        <name>29</name>
+
+        <advisory>
+          <name>FreeBSD-SA-17:11.openssl</name>
+        </advisory>
+      </day>
+
       <day>
         <name>15</name>